Uploading a Package — Import System

Phase 2 — PENDING This endpoint is specified but not yet implemented.

Import Endpoint

POST /api/installhub/packages/import
Authorization: Bearer {token}
Content-Type: multipart/form-data

--boundary
Content-Disposition: form-data; name="package"; filename="employee-onboarding-2.1.0.zip"
Content-Type: application/zip

{zip binary bytes}
--boundary
Content-Disposition: form-data; name="options"
Content-Type: application/json

{
  "targetTenantId":          "tenant-abc123",
  "defaultConflictStrategy": "Replace",
  "dryRun":                  false,
  "allowMajorVersionUpgrade": false,
  "allowSecurityWarnings":    false,
  "importedBy":              "engineer@company.com"
}
--boundary--

Alternative: URL Reference Upload

Instead of uploading the ZIP bytes directly, you can reference a previously exported package by its package ID:

POST /api/installhub/packages/import
Authorization: Bearer {token}
Content-Type: application/json

{
  "sourcePackageId": "pkg-a3f9c821-...",  // Reference an existing export
  "options": {
    "targetTenantId":          "tenant-abc123",
    "defaultConflictStrategy": "Replace",
    "dryRun":                  false
  }
}

This is useful when exporting from Tenant A and importing to Tenant B on the same BizFirstGO installation — the ZIP does not need to leave the server.

Dry Run

POST /api/installhub/packages/import?dryRun=true
// or set "dryRun": true in the options body

File Size Limits

Plan	Max Package Size	Max Artifacts
Standard	50 MB	100 artifacts
Enterprise	500 MB	1,000 artifacts

Import Response

HTTP 200 OK
{
  "importId":        "imp-f9a2c1e8-...",
  "packageId":       "pkg-a3f9c821-...",
  "packageName":     "Employee Onboarding Suite",
  "version":         "2.1.0",
  "status":          "Success",
  "artifactsInstalled": 5,
  "conflictsResolved":  1,
  "installedAt":     "2026-05-25T10:30:00Z",
  "installedBy":     "engineer@company.com",
  "installOrder":    ["ent-44", "rule-305", "form-2005", "thread-2002", "proc-1001"],
  "conflictReport":  {
    "conflicts": [
      {
        "artifactName": "EmployeeForm",
        "type":         "AtlasForm",
        "resolution":   "Replace",
        "previousVersion": "1.0.0",
        "installedVersion": "1.3.0"
      }
    ]
  },
  "securityScanResult": "PASS",
  "warnings":        []
}

Error Responses

Status	Error Code	Cause
400	`InvalidZip`	File is not a valid ZIP archive
400	`ManifestMissing`	manifest.json not found at ZIP root
400	`ChecksumMismatch`	Bundle integrity check failed
400	`MissingPackageDependency`	Required package not installed
403	`SecurityScanFailed`	Security scan returned FAIL
409	`ConflictRequiresResolution`	Conflicts found and no default strategy configured
413	`PayloadTooLarge`	ZIP exceeds the plan's file size limit

Permissions Required

installhub:import — required to import packages
installhub:import:override-security-warnings — required to use allowSecurityWarnings: true
installhub:import:override-major-version — required to use allowMajorVersionUpgrade: true

← Overview Next: Package Validation →