> ## Documentation Index
> Fetch the complete documentation index at: https://code.storage/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# getRemoteURL()

> Generate secure Git URLs with embedded JWT authentication.

The SDK automatically creates secure Git URLs with embedded JWT authentication.

<CodeGroup>
  ```typescript TypeScript theme={null} theme={"theme":{"light":"github-light","dark":"min-dark"}}
  // Default: read/write access, 1-year TTL
  const url = await repo.getRemoteURL();

  // Read-only access with 1-hour TTL
  const readOnlyUrl = await repo.getRemoteURL({
    permissions: ['git:read'],
    ttl: 3600,
  });

  // CI/CD pipeline with extended permissions
  const ciUrl = await repo.getRemoteURL({
    permissions: ['git:read', 'git:write'],
    ttl: 86400, // 24 hours
  });

  // Disable force push on every branch
  const safePushUrl = await repo.getRemoteURL({
    refPolicies: [{ pattern: 'refs/heads/*', ops: ['no-force-push'] }],
  });
  ```

  ```python Python theme={null} theme={"theme":{"light":"github-light","dark":"min-dark"}}
  # Get URL with default permissions (git:write/git:read) and 1-year TTL
  url = await repo.get_remote_url()
  # Returns: https://t:JWT@your-name.code.storage/repo-id.git

  # Configure the Git remote
  print(f"Run: git remote add origin {url}")

  # Get URL with custom permissions and TTL
  read_only_url = await repo.get_remote_url(
      permissions=["git:read"],  # Read-only access
      ttl=3600,  # 1 hour in seconds
  )

  # Disable force push on every branch
  safe_push_url = await repo.get_remote_url(
      ref_policies=[{"pattern": "refs/heads/*", "ops": ["no-force-push"]}],
  )

  # Get ephemeral remote URL (points to the ephemeral namespace)
  ephemeral_url = await repo.get_ephemeral_remote_url()
  # Returns: https://t:JWT@your-name.code.storage/repo-id+ephemeral.git

  # Get ephemeral URL with custom permissions and TTL
  custom_ephemeral_url = await repo.get_ephemeral_remote_url(
      permissions=["git:write", "git:read"],
      ttl=3600,
  )

  # Available permissions:
  # - 'git:read'   - Read access to Git repository
  # - 'git:write'  - Write access to Git repository
  # - 'repo:write' - Create a repository
  ```

  ```go Go theme={null} theme={"theme":{"light":"github-light","dark":"min-dark"}}
  // Default: read/write access, 1-year TTL
  url, err := repo.RemoteURL(context.Background(), storage.RemoteURLOptions{})
  fmt.Printf("Run: git remote add origin %s", url)

  // Read-only access with 1-hour TTL
  readOnlyURL, err := repo.RemoteURL(context.Background(), storage.RemoteURLOptions{
  	Permissions: []storage.Permission{storage.PermissionGitRead},
  	TTL:         time.Hour,
  })

  // Disable force push on every branch
  safePushURL, err := repo.RemoteURL(context.Background(), storage.RemoteURLOptions{
  	RefPolicies: storage.RefPolicyList{
  		{Pattern: "refs/heads/*", Ops: storage.Ops{storage.OpNoForcePush}},
  	},
  })

  // Ephemeral namespace URL
  ephemeralURL, err := repo.EphemeralRemoteURL(context.Background(), storage.RemoteURLOptions{})
  ```
</CodeGroup>

## Options

<ParamField path="permissions" type="string">
  Array of permissions. Defaults to `["git:read", "git:write"]`.
</ParamField>

<ParamField path="ttl" type="string">
  Token TTL. Token TTL in seconds. Defaults to 1 year.
</ParamField>

<ParamField path="refPolicies" type="object[]">
  Ordered per-ref policy rules. Each entry is `{ pattern, ops? }`, and the first pattern that matches the target ref wins. An entry with no `ops` is an explicit allow. Patterns without a `refs/` prefix are normalized as branch names (`main` becomes `refs/heads/main`). The Python SDK names this option `ref_policies`. The Go SDK names it `RefPolicies` with type `storage.RefPolicyList`. Available operations:

  | Operation       | Constant                                                      | Description                            |
  | --------------- | ------------------------------------------------------------- | -------------------------------------- |
  | `no-force-push` | `OP_NO_FORCE_PUSH` (TypeScript/Python) / `OpNoForcePush` (Go) | Rejects non-fast-forward updates.      |
  | `no-push`       | `OP_NO_PUSH` (TypeScript/Python) / `OpNoPush` (Go)            | Rejects any update to the matched ref. |

  See the [Branch Protection guide](/guides/branch-protection) for full details.
</ParamField>

## Available Permissions

| Permission   | Description                    |
| ------------ | ------------------------------ |
| `git:read`   | Read access to Git repository  |
| `git:write`  | Write access to Git repository |
| `repo:write` | Create a repository            |

## Ephemeral Remote URL

Use `getEphemeralRemoteURL()` (TypeScript), `get_ephemeral_remote_url()` (Python), or
`EphemeralRemoteURL()` (Go) to generate URLs that point to the ephemeral namespace. This is useful
for temporary branches that shouldn't sync to upstream mirrors.

See the [Ephemeral Branches guide](/guides/ephemeral-branches) for more details.

## Import Remote URL

Use `getImportRemoteURL()` (TypeScript), `get_import_remote_url()` (Python), or `ImportRemoteURL()`
(Go) to generate URLs that point to the `+import` push namespace. Pushing to this URL triggers
immediate cold-storage archival after pack distribution.

See the [Imports guide](/guides/imports) and
[`getImportRemoteURL()` reference](/reference/sdk/get-import-remote-url) for details.

## Response

Returns a `string` containing the HTTPS Git remote URL with embedded JWT authentication:

```
https://t:{jwt}@{org}.code.storage/{repo-id}.git
```

For ephemeral URLs:

```
https://t:{jwt}@{org}.code.storage/{repo-id}+ephemeral.git
```

For import URLs:

```
https://t:{jwt}@{org}.code.storage/{repo-id}+import.git
```
