Retrieve blob Run in API Explorer

GET /v2/{name}/blobs/{digest}

Download the blob identified by digest from the registry.

Blobs include image layers and configuration objects. Clients must use the digest from the manifest to retrieve a blob.

This endpoint may return a 307 Temporary Redirect to a CDN or storage location. Clients must follow the redirect to obtain the actual blob content.

The blob content is typically a gzipped tarball (for layers) or JSON (for configs). The MIME type is usually application/octet-stream.

Headers

  • Authorization string Required

    Bearer token with pull scope

Path parameters

  • name string Required

    Repository Name

  • digest string Required

    Digest of the Blob

Responses

  • 200 application/octet-stream

    Blob content returned directly

    Hide headers attributes Show headers attributes
    • Content-Length integer

      Size of the blob in bytes

    • Content-Type string

      MIME type of the blob

    • Docker-Content-Digest string

      Digest of the returned blob
  • 307

    Temporary redirect to blob location

    Hide headers attribute Show headers attribute
    • Location string

      Redirect URL for blob download (e.g., S3 or CDN)

  • 401

    Authentication required

  • 403

    Access denied

  • 404

    Blob not found

  • 429

    Too many requests

GET /v2/{name}/blobs/{digest} 
# GET (download) a blob
curl -L \
  -H "Authorization: Bearer $TOKEN" \
  https://registry-1.docker.io/v2/library/ubuntu/blobs/sha256:abc123... \
  -o layer.tar.gz

curl \
 --request GET 'https://registry-1.docker.io/v2/library/ubuntu/blobs/sha256:abc123def456...' \
 --header "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6..."
Response examples (200) 
<binary data not shown>