Store API auth


I can query global snap details from the store API like this:

curl -H 'X-Ubuntu-Series: 16' '' 

For Brand Stores, is there an equivalent ? In other words, can I authenticate somehow as a user with the viewer role to use the above API endpoint against a snap in a Brand Store ?


Hi @jocado,

Although, I’m not sure if it is possible to query with Viewer Role (probably you need an admin permissions), there is an API to allow you to query against brand store.

Please have a look at the following documentation.

As an example, it is possible to query all snaps with the following command;

surl -p store_admin -s production -e youremail -X GET


Thanks for the reply. Yes, I’m already aware of the v2 stores API. But I am really looking for something that doesn’t require admin privs.

It will probably help if I state my end requirement a bit clearer. What I really want, is a way of leveraging the viewer role to download a snap info and related current validation assertions. So, a gating snap and it’s validate assertion.

An authenticated device is able to download this info without admin privs, so I’m thinking there must be a way with only a viewer role or similar :slight_smile:

Cheers, Just


I’m reading through the docs ( and I realized that although it is not mentioned explicitly in the documentation about X-Ubuntu-Store, I gave it a try and it worked.

curl -H 'X-Ubuntu-Series: 16' -H 'X-Ubuntu-Store: your-store-id' ''

For the new endpoint (v2), X-Ubuntu-Store and X-Ubuntu-Series are replaced by Snap-Device-Store and Snap-Device-Series.

When it comes to downloading a validation assertion, I’m not sure if that would be possible to download only a validation assertion. But, when you download a snap from your brand store which is possible with Viewer Role, it also provides you an assertion file where you can see the validation assertion as well (I hope).

I hope, this information would be enough to go forward.


Can you clarify the above a bit? do you want the metadata as returned by the /info endpoint, or the actual .snap file (which needs getting /info and the download URL from that.

I’m still also not clear why you need the validation assertion at that point. That one is relatively easy to get via, but we might be able to better help if you tell us what you want to achieve ultimately.

A device hits an entirely different API (under vs. what you as a developer (under, so the authentication mechanisms are not equivalent.

  • Daniel


Thanks for responses :slight_smile:

The end goal is actually to get the list of validation assertions for a given snap, and hence to know which snap is currently valid according to policy.

Let me explain the problem a little more.

When we build an Ubuntu Core image, it includes the snap revisions as specified by the snap channels in the model assertion. For snaps that are gated, than means the image likely contains a revision of the snap that is not asserted. So when the image bootraps itself, at some point the gated snap is then downgraded.

We want to determine the correct snap revision of a gated snap for a given UC image, download it and pass it to the image build process specifically. That should ensure we have the correct gated revision from the start, and no snap downgrade takes place.

What do you think is the best way to achieve this is ?

Cheers, Just