PyPI

PyPI JSON API

The PyPI JSON API provides metadata about individual Python packages hosted on the Python Package Index. It returns project-level information including the latest version, all available releases, download URLs, and hash digests for MD5, SHA256, and BLAKE2b-256. Developers can query endpoints like /pypi/{project}/json for the latest release metadata or /pypi/{project}/{version}/json for a specific version. Responses are cached by CDN and support ETag headers for conditional requests.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.pypi.org/api/json/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/pypi/refs/heads/main/openapi/pypi-json-api-openapi.yml

OpenAPI Specification

pypi-json-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: PyPI JSON API
  description: >-
    The PyPI JSON API provides metadata about individual Python packages hosted
    on the Python Package Index. It returns project-level information including
    the latest version, all available releases, download URLs, and hash digests
    for MD5, SHA256, and BLAKE2b-256. Responses are cached by CDN and support
    ETag headers for conditional requests.
  version: '1.0'
  contact:
    name: PyPI Support
    url: https://pypi.org/help/
  termsOfService: https://pypi.org/policy/terms-of-use/
externalDocs:
  description: PyPI JSON API Documentation
  url: https://docs.pypi.org/api/json/
servers:
  - url: https://pypi.org
    description: Production Server
tags:
  - name: Projects
    description: >-
      Retrieve metadata about Python packages hosted on PyPI, including release
      information, download URLs, and vulnerability data.
paths:
  /pypi/{project}/json:
    get:
      operationId: getProjectMetadata
      summary: Get project metadata
      description: >-
        Returns metadata about an individual project at the latest version,
        including a list of all releases for that project, project URLs,
        and known vulnerabilities. The response includes info, last_serial,
        releases, urls, and vulnerabilities fields.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/ProjectName'
      responses:
        '200':
          description: Project metadata retrieved successfully
          headers:
            ETag:
              description: >-
                Entity tag for cache validation. Use with If-None-Match header
                for conditional requests.
              schema:
                type: string
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectResponse'
        '404':
          description: Project not found
  /pypi/{project}/{version}/json:
    get:
      operationId: getProjectVersionMetadata
      summary: Get project version metadata
      description: >-
        Returns metadata about an individual release at a specific version.
        Identical to the project-level endpoint but scoped to a single version
        and excludes the releases key.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/ProjectName'
        - $ref: '#/components/parameters/VersionString'
      responses:
        '200':
          description: Version metadata retrieved successfully
          headers:
            ETag:
              description: >-
                Entity tag for cache validation. Use with If-None-Match header
                for conditional requests.
              schema:
                type: string
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VersionResponse'
        '404':
          description: Project or version not found
components:
  parameters:
    ProjectName:
      name: project
      in: path
      required: true
      description: >-
        The normalized name of the Python package on PyPI.
      schema:
        type: string
        examples:
          - requests
          - numpy
    VersionString:
      name: version
      in: path
      required: true
      description: >-
        The version string of the release to retrieve.
      schema:
        type: string
        examples:
          - '1.0.0'
          - '2.31.0'
  schemas:
    ProjectResponse:
      type: object
      description: >-
        Full project metadata response including all releases.
      properties:
        info:
          $ref: '#/components/schemas/ProjectInfo'
        last_serial:
          type: integer
          description: >-
            A monotonically increasing integer sequence that changes every time
            the project is updated.
        releases:
          type: object
          description: >-
            A mapping of version strings to arrays of release file objects.
            Deprecated in favor of the Index API.
          additionalProperties:
            type: array
            items:
              $ref: '#/components/schemas/ReleaseFile'
        urls:
          type: array
          description: >-
            A list of release file objects associated with the latest version.
          items:
            $ref: '#/components/schemas/ReleaseFile'
        vulnerabilities:
          type: array
          description: >-
            Known vulnerabilities affecting the latest release of the project.
          items:
            $ref: '#/components/schemas/Vulnerability'
    VersionResponse:
      type: object
      description: >-
        Version-specific metadata response for a single release.
      properties:
        info:
          $ref: '#/components/schemas/ProjectInfo'
        last_serial:
          type: integer
          description: >-
            A monotonically increasing integer sequence that changes every time
            the project is updated.
        urls:
          type: array
          description: >-
            A list of release file objects associated with this specific version.
          items:
            $ref: '#/components/schemas/ReleaseFile'
        vulnerabilities:
          type: array
          description: >-
            Known vulnerabilities affecting this specific release.
          items:
            $ref: '#/components/schemas/Vulnerability'
    ProjectInfo:
      type: object
      description: >-
        Core metadata about the project, sourced from the values provided at
        upload time.
      properties:
        name:
          type: string
          description: >-
            The name of the project.
        version:
          type: string
          description: >-
            The version of the latest release.
        summary:
          type: string
          description: >-
            A one-line summary of the project.
        description:
          type: string
          description: >-
            The full description of the project.
        description_content_type:
          type: string
          description: >-
            The content type of the description field, such as text/markdown or
            text/x-rst.
        author:
          type: string
          description: >-
            The name of the project author.
        author_email:
          type: string
          description: >-
            The email address of the project author.
        maintainer:
          type: string
          nullable: true
          description: >-
            The name of the project maintainer.
        maintainer_email:
          type: string
          nullable: true
          description: >-
            The email address of the project maintainer.
        license:
          type: string
          description: >-
            The license text or identifier for the project.
        license_expression:
          type: string
          nullable: true
          description: >-
            A SPDX license expression for the project.
        license_files:
          type: array
          nullable: true
          description: >-
            List of license file paths included in the distribution.
          items:
            type: string
        keywords:
          type: string
          nullable: true
          description: >-
            Comma-separated keywords for the project.
        classifiers:
          type: array
          description: >-
            A list of Trove classifiers for the project.
          items:
            type: string
        platform:
          type: string
          nullable: true
          description: >-
            The platform specification for the project.
        home_page:
          type: string
          nullable: true
          description: >-
            The URL of the project home page.
        download_url:
          type: string
          nullable: true
          description: >-
            A URL to download the project. Deprecated.
        project_url:
          type: string
          format: uri
          description: >-
            The URL of the project on PyPI.
        project_urls:
          type: object
          nullable: true
          description: >-
            A mapping of label to URL for project-related links.
          additionalProperties:
            type: string
            format: uri
        docs_url:
          type: string
          nullable: true
          description: >-
            The URL of the project documentation. Deprecated, always null.
        bugtrack_url:
          type: string
          nullable: true
          description: >-
            The URL of the project bug tracker. Deprecated, always null.
        requires_python:
          type: string
          nullable: true
          description: >-
            The Python version requirement specifier for the project.
        requires_dist:
          type: array
          nullable: true
          description: >-
            A list of PEP 508 dependency specifiers.
          items:
            type: string
        provides_extra:
          type: array
          nullable: true
          description: >-
            A list of optional extra dependency groups provided by the project.
          items:
            type: string
        dynamic:
          type: array
          nullable: true
          description: >-
            A list of metadata fields that are dynamically specified.
          items:
            type: string
        yanked:
          type: boolean
          description: >-
            Whether the release has been yanked from the index.
        yanked_reason:
          type: string
          nullable: true
          description: >-
            The reason the release was yanked, if applicable.
    ReleaseFile:
      type: object
      description: >-
        Metadata about a single distribution file within a release.
      properties:
        filename:
          type: string
          description: >-
            The name of the distribution file.
        url:
          type: string
          format: uri
          description: >-
            The URL to download the distribution file.
        size:
          type: integer
          description: >-
            The size of the file in bytes.
        packagetype:
          type: string
          description: >-
            The type of distribution, such as sdist or bdist_wheel.
          enum:
            - sdist
            - bdist_wheel
            - bdist_egg
            - bdist_wininst
            - bdist_rpm
        python_version:
          type: string
          description: >-
            The Python version this distribution targets.
        requires_python:
          type: string
          nullable: true
          description: >-
            The Python version requirement for this file.
        upload_time:
          type: string
          format: date-time
          description: >-
            The timestamp when the file was uploaded. Deprecated in favor of
            upload_time_iso_8601.
        upload_time_iso_8601:
          type: string
          format: date-time
          description: >-
            The ISO 8601 timestamp when the file was uploaded.
        comment_text:
          type: string
          nullable: true
          description: >-
            Optional comment text associated with the upload.
        digests:
          type: object
          description: >-
            Hash digests for the distribution file.
          properties:
            md5:
              type: string
              description: >-
                MD5 hash digest of the file.
            sha256:
              type: string
              description: >-
                SHA-256 hash digest of the file.
            blake2b_256:
              type: string
              description: >-
                BLAKE2b-256 hash digest of the file.
        has_sig:
          type: boolean
          description: >-
            Whether the file has a PGP signature. Deprecated, always false.
        yanked:
          type: boolean
          description: >-
            Whether this file has been yanked.
        yanked_reason:
          type: string
          nullable: true
          description: >-
            The reason the file was yanked, if applicable.
    Vulnerability:
      type: object
      description: >-
        A known security vulnerability affecting the project release.
      properties:
        id:
          type: string
          description: >-
            The unique identifier for the vulnerability.
        aliases:
          type: array
          description: >-
            Alternative identifiers for this vulnerability, such as CVE numbers.
          items:
            type: string
        summary:
          type: string
          description: >-
            A brief summary of the vulnerability.
        details:
          type: string
          description: >-
            Detailed description of the vulnerability.
        fixed_in:
          type: array
          description: >-
            List of version strings in which the vulnerability is fixed.
          items:
            type: string
        link:
          type: string
          format: uri
          description: >-
            A URL with more information about the vulnerability.