integrations.sh
← all integrations

github.com – ghes-3.7

OpenAPI apis-guru collaborationdeveloper_tools

GitHub's v3 REST API.

Homepage
https://api.apis.guru/v2/specs/github.com:ghes-3.7/1.1.4.json
Provider
github.com:ghes-3.7 / ghes-3.7
OpenAPI version
3.0.3
Spec (JSON)
https://api.apis.guru/v2/specs/github.com/ghes-3.7/1.1.4/openapi.json
Spec (YAML)
https://api.apis.guru/v2/specs/github.com/ghes-3.7/1.1.4/openapi.yaml

Tools (829)

Extracted live via the executor SDK.

  • actions.addCustomLabelsToSelfHostedRunnerForOrg

    Add custom labels to a self-hosted runner configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.addCustomLabelsToSelfHostedRunnerForRepo

    Add custom labels to a self-hosted runner configured in a repository.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.addRepoAccessToSelfHostedRunnerGroupInOrg

    Adds a repository to the list of selected repositories that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.addSelectedRepoToOrgSecret

    Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.addSelfHostedRunnerToGroupForOrg

    Adds a self-hosted runner to a runner group configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.cancelWorkflowRun

    Cancels a workflow run using its id. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.createOrUpdateEnvironmentSecret

    Creates or updates an environment secret with an encrypted value. Encrypt your secret using . You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

    Example encrypting a secret using Node.js

    Encrypt your secret using the library.

    const sodium = require('libsodium-wrappers')const secret = 'plain-text-secret' // replace with the secret you want to encryptconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
//Check if libsodium is ready and then proceed.sodium.ready.then(() => {  // Convert Secret & Base64 key to Uint8Array.  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)  let binsec = sodium.from_string(secret)
  //Encrypt the secret using LibSodium  let encBytes = sodium.crypto_box_seal(binsec, binkey)
  // Convert encrypted Uint8Array to Base64  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
  console.log(output)});

    Example encrypting a secret using Python

    Encrypt your secret using with Python 3.

    from base64 import b64encodefrom nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:  """Encrypt a Unicode string using the public key."""  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())  sealed_box = public.SealedBox(public_key)  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))  return b64encode(encrypted).decode("utf-8")

    Example encrypting a secret using C#

    Encrypt your secret using the package.

    var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

    Example encrypting a secret using Ruby

    Encrypt your secret using the gem.

    ruby
    require "rbnacl"require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secretputs Base64.strict_encode64(encrypted_secret)
  • actions.createOrUpdateOrgSecret

    Creates or updates an organization secret with an encrypted value. Encrypt your secret using . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

    Example encrypting a secret using Node.js

    Encrypt your secret using the library.

    const sodium = require('libsodium-wrappers')const secret = 'plain-text-secret' // replace with the secret you want to encryptconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
//Check if libsodium is ready and then proceed.sodium.ready.then(() => {  // Convert Secret & Base64 key to Uint8Array.  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)  let binsec = sodium.from_string(secret)
  //Encrypt the secret using LibSodium  let encBytes = sodium.crypto_box_seal(binsec, binkey)
  // Convert encrypted Uint8Array to Base64  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
  console.log(output)});

    Example encrypting a secret using Python

    Encrypt your secret using with Python 3.

    from base64 import b64encodefrom nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:  """Encrypt a Unicode string using the public key."""  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())  sealed_box = public.SealedBox(public_key)  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))  return b64encode(encrypted).decode("utf-8")

    Example encrypting a secret using C#

    Encrypt your secret using the package.

    var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

    Example encrypting a secret using Ruby

    Encrypt your secret using the gem.

    ruby
    require "rbnacl"require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secretputs Base64.strict_encode64(encrypted_secret)
  • actions.createOrUpdateRepoSecret

    Creates or updates a repository secret with an encrypted value. Encrypt your secret using . You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

    Example encrypting a secret using Node.js

    Encrypt your secret using the library.

    const sodium = require('libsodium-wrappers')const secret = 'plain-text-secret' // replace with the secret you want to encryptconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
//Check if libsodium is ready and then proceed.sodium.ready.then(() => {  // Convert Secret & Base64 key to Uint8Array.  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)  let binsec = sodium.from_string(secret)
  //Encrypt the secret using LibSodium  let encBytes = sodium.crypto_box_seal(binsec, binkey)
  // Convert encrypted Uint8Array to Base64  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
  console.log(output)});

    Example encrypting a secret using Python

    Encrypt your secret using with Python 3.

    from base64 import b64encodefrom nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:  """Encrypt a Unicode string using the public key."""  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())  sealed_box = public.SealedBox(public_key)  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))  return b64encode(encrypted).decode("utf-8")

    Example encrypting a secret using C#

    Encrypt your secret using the package.

    var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

    Example encrypting a secret using Ruby

    Encrypt your secret using the gem.

    ruby
    require "rbnacl"require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secretputs Base64.strict_encode64(encrypted_secret)
  • actions.createRegistrationTokenForOrg

    Returns a token that you can pass to the config script. The token expires after one hour.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

    Example using registration token

    Configure your self-hosted runner, replacing TOKEN with the registration token provided by this endpoint.

    ./config.sh --url https://github.com/octo-org --token TOKEN
  • actions.createRegistrationTokenForRepo

    Returns a token that you can pass to the config script. The token expires after one hour. You must authenticate using an access token with the repo scope to use this endpoint.

    Example using registration token

    Configure your self-hosted runner, replacing TOKEN with the registration token provided by this endpoint.

    ./config.sh --url https://github.com/octo-org/octo-repo-artifacts --token TOKEN
  • actions.createRemoveTokenForOrg

    Returns a token that you can pass to the config script to remove a self-hosted runner from an organization. The token expires after one hour.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

    Example using remove token

    To remove your self-hosted runner from an organization, replace TOKEN with the remove token provided by this endpoint.

    ./config.sh remove --token TOKEN
  • actions.createRemoveTokenForRepo

    Returns a token that you can pass to remove a self-hosted runner from a repository. The token expires after one hour. You must authenticate using an access token with the repo scope to use this endpoint.

    Example using remove token

    To remove your self-hosted runner from a repository, replace TOKEN with the remove token provided by this endpoint.

    ./config.sh remove --token TOKEN
  • actions.createSelfHostedRunnerGroupForOrg

    Creates a new self-hosted runner group for an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.createWorkflowDispatch

    You can use this endpoint to manually trigger a GitHub Actions workflow run. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

    You must configure your GitHub Actions workflow to run when the event occurs. The inputs are configured in the workflow file. For more information about how to configure the workflow_dispatch event in the workflow file, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint. For more information, see "."

  • actions.deleteActionsCacheById

    Deletes a GitHub Actions cache for a repository, using a cache ID.

    You must authenticate using an access token with the repo scope to use this endpoint.

    GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.deleteActionsCacheByKey

    Deletes one or more GitHub Actions caches for a repository, using a complete cache key. By default, all caches that match the provided key are deleted, but you can optionally provide a Git ref to restrict deletions to caches that match both the provided key and the Git ref.

    You must authenticate using an access token with the repo scope to use this endpoint.

    GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.deleteArtifact

    Deletes an artifact for a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.deleteEnvironmentSecret

    Deletes a secret in an environment using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.deleteOrgSecret

    Deletes a secret in an organization using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.deleteRepoSecret

    Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.deleteSelfHostedRunnerFromOrg

    Forces the removal of a self-hosted runner from an organization. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.deleteSelfHostedRunnerFromRepo

    Forces the removal of a self-hosted runner from a repository. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.deleteSelfHostedRunnerGroupFromOrg

    Deletes a self-hosted runner group for an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.deleteWorkflowRun

    Delete a specific workflow run. Anyone with write access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.deleteWorkflowRunLogs

    Deletes all logs for a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.disableSelectedRepositoryGithubActionsOrganization

    Removes a repository from the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.disableWorkflow

    Disables a workflow and sets the state of the workflow to disabled_manually. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.downloadArtifact

    Gets a redirect URL to download an archive for a repository. This URL expires after 1 minute. Look for Location: in the response header to find the URL for the download. The :archive_format must be zip. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.downloadJobLogsForWorkflowRun

    Gets a redirect URL to download a plain text file of logs for a workflow job. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.downloadWorkflowRunAttemptLogs

    Gets a redirect URL to download an archive of log files for a specific workflow run attempt. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.downloadWorkflowRunLogs

    Gets a redirect URL to download an archive of log files for a workflow run. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.enableSelectedRepositoryGithubActionsOrganization

    Adds a repository to the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.enableWorkflow

    Enables a workflow and sets the state of the workflow to active. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.getActionsCacheList

    Lists the GitHub Actions caches for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getActionsCacheUsage

    Gets GitHub Actions cache usage for a repository. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getActionsCacheUsageByRepoForOrg

    Lists repositories and their GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_admistration:read permission to use this endpoint.

  • actions.getActionsCacheUsageForEnterprise

    Gets the total GitHub Actions cache usage for an enterprise. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • actions.getActionsCacheUsageForOrg

    Gets the total GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_admistration:read permission to use this endpoint.

  • actions.getActionsCacheUsagePolicy

    Gets GitHub Actions cache usage policy for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getActionsCacheUsagePolicyForEnterprise

    Gets the GitHub Actions cache usage policy for an enterprise. You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

  • actions.getAllowedActionsOrganization

    Gets the selected actions that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see ".""

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.getAllowedActionsRepository

    Gets the settings for selected actions that are allowed in a repository. To use this endpoint, the repository policy for allowed_actions must be configured to selected. For more information, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

  • actions.getArtifact

    Gets a specific artifact for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getCustomOidcSubClaimForRepo

    Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the organization_administration:read permission to use this endpoint.

  • actions.getEnvironmentPublicKey

    Get the public key for an environment, which you need to encrypt environment secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.getEnvironmentSecret

    Gets a single environment secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.getGithubActionsDefaultWorkflowPermissionsEnterprise

    Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise, as well as whether GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

  • actions.getGithubActionsDefaultWorkflowPermissionsOrganization

    Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, as well as whether GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.getGithubActionsDefaultWorkflowPermissionsRepository

    Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, as well as if GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this API.

  • actions.getGithubActionsPermissionsOrganization

    Gets the GitHub Actions permissions policy for repositories and allowed actions in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.getGithubActionsPermissionsRepository

    Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions allowed to run in the repository.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

  • actions.getJobForWorkflowRun

    Gets a specific job in a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getOrgPublicKey

    Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.getOrgSecret

    Gets a single organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.getPendingDeploymentsForRun

    Get all deployment environments for a workflow run that are waiting for protection rules to pass.

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getRepoPublicKey

    Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.getRepoSecret

    Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.getReviewsForRun

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getSelfHostedRunnerForOrg

    Gets a specific self-hosted runner configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.getSelfHostedRunnerForRepo

    Gets a specific self-hosted runner configured in a repository.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.getSelfHostedRunnerGroupForOrg

    Gets a specific self-hosted runner group for an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.getWorkflow

    Gets a specific workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getWorkflowAccessToRepository

    Gets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to internal repositories. For more information, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this endpoint.

  • actions.getWorkflowRun

    Gets a specific workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.getWorkflowRunAttempt

    Gets a specific workflow run attempt. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.listArtifactsForRepo

    Lists all artifacts for a repository. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.listEnvironmentSecrets

    Lists all secrets available in an environment without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.listJobsForWorkflowRun

    Lists jobs for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint. You can use parameters to narrow the list of results. For more information about using parameters, see .

  • actions.listJobsForWorkflowRunAttempt

    Lists jobs for a specific workflow run attempt. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint. You can use parameters to narrow the list of results. For more information about using parameters, see .

  • actions.listLabelsForSelfHostedRunnerForOrg

    Lists all labels for a self-hosted runner configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listLabelsForSelfHostedRunnerForRepo

    Lists all labels for a self-hosted runner configured in a repository.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.listOrgSecrets

    Lists all secrets available in an organization without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.listRepoAccessToSelfHostedRunnerGroupInOrg

    Lists the repositories with access to a self-hosted runner group configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listRepoSecrets

    Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

  • actions.listRepoWorkflows

    Lists the workflows in a repository. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.listRunnerApplicationsForOrg

    Lists binaries for the runner application that you can download and run.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listRunnerApplicationsForRepo

    Lists binaries for the runner application that you can download and run.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.listSelectedReposForOrgSecret

    Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.listSelectedRepositoriesEnabledGithubActionsOrganization

    Lists the selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.listSelfHostedRunnerGroupsForOrg

    Lists all self-hosted runner groups configured in an organization and inherited from an enterprise.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listSelfHostedRunnersForOrg

    Lists all self-hosted runners configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listSelfHostedRunnersForRepo

    Lists all self-hosted runners configured in a repository. You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.listSelfHostedRunnersInGroupForOrg

    Lists self-hosted runners that are in a specific organization group.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.listWorkflowRunArtifacts

    Lists artifacts for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.listWorkflowRuns

    List all workflow runs for a workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. You can use parameters to narrow the list of results. For more information about using parameters, see .

    Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope.

  • actions.listWorkflowRunsForRepo

    Lists all workflow runs for a repository. You can use parameters to narrow the list of results. For more information about using parameters, see .

    Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • actions.removeAllCustomLabelsFromSelfHostedRunnerForOrg

    Remove all custom labels from a self-hosted runner configured in an organization. Returns the remaining read-only labels from the runner.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.removeAllCustomLabelsFromSelfHostedRunnerForRepo

    Remove all custom labels from a self-hosted runner configured in a repository. Returns the remaining read-only labels from the runner.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.removeCustomLabelFromSelfHostedRunnerForOrg

    Remove a custom label from a self-hosted runner configured in an organization. Returns the remaining labels from the runner.

    This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.removeCustomLabelFromSelfHostedRunnerForRepo

    Remove a custom label from a self-hosted runner configured in a repository. Returns the remaining labels from the runner.

    This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.removeRepoAccessToSelfHostedRunnerGroupInOrg

    Removes a repository from the list of selected repositories that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.removeSelectedRepoFromOrgSecret

    Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.removeSelfHostedRunnerFromGroupForOrg

    Removes a self-hosted runner from a group configured in an organization. The runner is then returned to the default group.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.reRunJobForWorkflowRun

    Re-run a job and its dependent jobs in a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.reRunWorkflow

    Re-runs your workflow run using its id. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.reRunWorkflowFailedJobs

    Re-run all of the failed jobs and their dependent jobs in a workflow run using the id of the workflow run. You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.reviewPendingDeploymentsForRun

    Approve or reject pending deployments that are waiting on approval by a required reviewer.

    Required reviewers with read access to the repository contents and deployments can use this endpoint. Required reviewers must authenticate using an access token with the repo scope to use this endpoint.

  • actions.setActionsCacheUsagePolicy

    Sets GitHub Actions cache usage policy for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.setActionsCacheUsagePolicyForEnterprise

    Sets the GitHub Actions cache usage policy for an enterprise. You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

  • actions.setAllowedActionsOrganization

    Sets the actions that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "."

    If the organization belongs to an enterprise that has selected actions set at the enterprise level, then you cannot override any of the enterprise's allowed actions settings.

    To use the patterns_allowed setting for private repositories, the organization must belong to an enterprise. If the organization does not belong to an enterprise, then the patterns_allowed setting only applies to public repositories in the organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.setAllowedActionsRepository

    Sets the actions that are allowed in a repository. To use this endpoint, the repository permission policy for allowed_actions must be configured to selected. For more information, see "."

    If the repository belongs to an organization or enterprise that has selected actions set at the organization or enterprise levels, then you cannot override any of the allowed actions settings.

    To use the patterns_allowed setting for private repositories, the repository must belong to an enterprise. If the repository does not belong to an enterprise, then the patterns_allowed setting only applies to public repositories.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

  • actions.setCustomLabelsForSelfHostedRunnerForOrg

    Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.setCustomLabelsForSelfHostedRunnerForRepo

    Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in a repository.

    You must authenticate using an access token with the repo scope to use this endpoint.

  • actions.setCustomOidcSubClaimForRepo

    Sets the customization template and opt-in or opt-out flag for an OpenID Connect (OIDC) subject claim for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

  • actions.setGithubActionsDefaultWorkflowPermissionsEnterprise

    Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise, and sets whether GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

  • actions.setGithubActionsDefaultWorkflowPermissionsOrganization

    Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, and sets if GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.setGithubActionsDefaultWorkflowPermissionsRepository

    Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, and sets if GitHub Actions can submit approving pull request reviews. For more information, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this API.

  • actions.setGithubActionsPermissionsOrganization

    Sets the GitHub Actions permissions policy for repositories and allowed actions in an organization.

    If the organization belongs to an enterprise that has set restrictive permissions at the enterprise level, such as allowed_actions to selected actions, then you cannot override them for the organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.setGithubActionsPermissionsRepository

    Sets the GitHub Actions permissions policy for enabling GitHub Actions and allowed actions in the repository.

    If the repository belongs to an organization or enterprise that has set restrictive permissions at the organization or enterprise levels, such as allowed_actions to selected actions, then you cannot override them for the repository.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

  • actions.setRepoAccessToSelfHostedRunnerGroupInOrg

    Replaces the list of repositories that have access to a self-hosted runner group configured in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.setSelectedReposForOrgSecret

    Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

  • actions.setSelectedRepositoriesEnabledGithubActionsOrganization

    Replaces the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

  • actions.setSelfHostedRunnersInGroupForOrg

    Replaces the list of self-hosted runners that are part of an organization runner group.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • actions.setWorkflowAccessToRepository

    Sets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to internal repositories. For more information, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this endpoint.

  • actions.updateSelfHostedRunnerGroupForOrg

    Updates the name and visibility of a self-hosted runner group in an organization.

    You must authenticate using an access token with the admin:org scope to use this endpoint.

  • activity.checkRepoIsStarredByAuthenticatedUser
  • activity.deleteRepoSubscription

    This endpoint should only be used to stop watching a repository. To control whether or not you wish to receive notifications from a repository, .

  • activity.deleteThreadSubscription

    Mutes all future notifications for a conversation until you comment on the thread or get an @mention. If you are watching the repository of the thread, you will still receive notifications. To ignore future notifications for a repository you are watching, use the endpoint and set ignore to true.

  • activity.getFeeds

    GitHub Enterprise Server provides several timeline resources in format. The Feeds API lists all the feeds available to the authenticated user:

    • Timeline: The GitHub Enterprise Server global public timeline
    • User: The public timeline for any user, using
    • Current user public: The public timeline for the authenticated user
    • Current user: The private timeline for the authenticated user
    • Current user actor: The private timeline for activity created by the authenticated user
    • Current user organizations: The private timeline for the organizations the authenticated user is a member of.
    • Security advisories: A collection of public announcements that provide information about security-related vulnerabilities in software on GitHub Enterprise Server.

    Note: Private feeds are only returned when since current feed URIs use the older, non revocable auth tokens.

  • activity.getRepoSubscription
  • activity.getThread

    Gets information about a notification thread.

  • activity.getThreadSubscriptionForAuthenticatedUser

    This checks to see if the current user is subscribed to a thread. You can also .

    Note that subscriptions are only generated if a user is participating in a conversation--for example, they've replied to the thread, were @mentioned, or manually subscribe to a thread.

  • activity.listEventsForAuthenticatedUser

    If you are authenticated as the given user, you will see your private events. Otherwise, you'll only see public events.

  • activity.listNotificationsForAuthenticatedUser

    List all notifications for the current user, sorted by most recently updated.

  • activity.listOrgEventsForAuthenticatedUser

    This is the user's organization dashboard. You must be authenticated as the user to view this.

  • activity.listPublicEvents

    We delay the public events feed by five minutes, which means the most recent event returned by the public events API actually occurred at least five minutes ago.

  • activity.listPublicEventsForRepoNetwork
  • activity.listPublicEventsForUser
  • activity.listPublicOrgEvents
  • activity.listReceivedEventsForUser

    These are events that you've received by watching repos and following users. If you are authenticated as the given user, you will see private events. Otherwise, you'll only see public events.

  • activity.listReceivedPublicEventsForUser
  • activity.listRepoEvents
  • activity.listRepoNotificationsForAuthenticatedUser

    Lists all notifications for the current user in the specified repository.

  • activity.listReposStarredByAuthenticatedUser

    Lists repositories the authenticated user has starred.

    You can also find out when stars were created by passing the following custom via the Accept header: application/vnd.github.star+json.

  • activity.listReposStarredByUser

    Lists repositories a user has starred.

    You can also find out when stars were created by passing the following custom via the Accept header: application/vnd.github.star+json.

  • activity.listReposWatchedByUser

    Lists repositories a user is watching.

  • activity.listStargazersForRepo

    Lists the people that have starred the repository.

    You can also find out when stars were created by passing the following custom via the Accept header: application/vnd.github.star+json.

  • activity.listWatchedReposForAuthenticatedUser

    Lists repositories the authenticated user is watching.

  • activity.listWatchersForRepo

    Lists the people watching the specified repository.

  • activity.markNotificationsAsRead

    Marks all notifications as "read" for the current user. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted status and GitHub Enterprise Server will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the endpoint and pass the query parameter all=false.

  • activity.markRepoNotificationsAsRead

    Marks all notifications in a repository as "read" for the current user. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted status and GitHub Enterprise Server will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the endpoint and pass the query parameter all=false.

  • activity.markThreadAsRead

    Marks a thread as "read." Marking a thread as "read" is equivalent to clicking a notification in your notification inbox on GitHub Enterprise Server: .

  • activity.setRepoSubscription

    If you would like to watch a repository, set subscribed to true. If you would like to ignore notifications made within a repository, set ignored to true. If you would like to stop watching a repository, completely.

  • activity.setThreadSubscription

    If you are watching a repository, you receive notifications for all threads by default. Use this endpoint to ignore future notifications for threads until you comment on the thread or get an @mention.

    You can also use this endpoint to subscribe to threads that you are currently not receiving notifications for or to subscribed to threads that you have previously ignored.

    Unsubscribing from a conversation in a repository that you are not watching is functionally equivalent to the endpoint.

  • activity.starRepoForAuthenticatedUser

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • activity.unstarRepoForAuthenticatedUser
  • apps.addRepoToInstallationForAuthenticatedUser

    Add a single repository to an installation. The authenticated user must have admin access to the repository.

    You must use a personal access token (which you can create via the or ) to access this endpoint.

  • apps.checkToken

    OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use to use this endpoint, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.

  • apps.createFromManifest

    Use this endpoint to complete the handshake necessary when implementing the . When you create a GitHub App with the manifest flow, you receive a temporary code used to retrieve the GitHub App's id, pem (private key), and webhook_secret.

  • apps.createInstallationAccessToken

    Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access. To restrict the access to specific repositories, you can provide the repository_ids when creating the token. When you omit repository_ids, the response does not contain the repositories key.

    You must use a to access this endpoint.

  • apps.deleteAuthorization

    OAuth application owners can revoke a grant for their OAuth application and a specific user. You must use when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on .

  • apps.deleteInstallation

    Uninstalls a GitHub App on a user, organization, or business account. If you prefer to temporarily suspend an app's access to your account's resources, then we recommend the "" endpoint.

    You must use a to access this endpoint.

  • apps.deleteToken

    OAuth application owners can revoke a single token for an OAuth application. You must use when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password.

  • apps.getAuthenticated

    Returns the GitHub App associated with the authentication credentials used. To see how many app installations are associated with this GitHub App, see the installations_count in the response. For more details about your app's installations, see the "" endpoint.

    You must use a to access this endpoint.

  • apps.getBySlug

    Note: The :app_slug is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., https://github.com/settings/apps/:app_slug).

    If the GitHub App you specify is public, you can access this endpoint without authenticating. If the GitHub App you specify is private, you must authenticate with a or an to access this endpoint.

  • apps.getInstallation

    Enables an authenticated GitHub App to find an installation's information using the installation id.

    You must use a to access this endpoint.

  • apps.getOrgInstallation

    Enables an authenticated GitHub App to find the organization's installation information.

    You must use a to access this endpoint.

  • apps.getRepoInstallation

    Enables an authenticated GitHub App to find the repository's installation information. The installation's account type will be either an organization or a user account, depending which account the repository belongs to.

    You must use a to access this endpoint.

  • apps.getUserInstallation

    Enables an authenticated GitHub App to find the user’s installation information.

    You must use a to access this endpoint.

  • apps.getWebhookConfigForApp

    Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "."

    You must use a to access this endpoint.

  • apps.getWebhookDelivery

    Returns a delivery for the webhook configured for a GitHub App.

    You must use a to access this endpoint.

  • apps.listInstallationReposForAuthenticatedUser

    List repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access for an installation.

    The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.

    You must use a , created for a user who has authorized your GitHub App, to access this endpoint.

    The access the user has to each repository is included in the hash under the permissions key.

  • apps.listInstallations

    You must use a to access this endpoint.

    The permissions the installation has are included under the permissions key.

  • apps.listInstallationsForAuthenticatedUser

    Lists installations of your GitHub App that the authenticated user has explicit permission (:read, :write, or :admin) to access.

    You must use a , created for a user who has authorized your GitHub App, to access this endpoint.

    The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.

    You can find the permissions for the installation under the permissions key.

  • apps.listReposAccessibleToInstallation

    List repositories that an app installation can access.

    You must use an to access this endpoint.

  • apps.listWebhookDeliveries

    Returns a list of webhook deliveries for the webhook configured for a GitHub App.

    You must use a to access this endpoint.

  • apps.redeliverWebhookDelivery

    Redeliver a delivery for the webhook configured for a GitHub App.

    You must use a to access this endpoint.

  • apps.removeRepoFromInstallationForAuthenticatedUser

    Remove a single repository from an installation. The authenticated user must have admin access to the repository.

    You must use a personal access token (which you can create via the or ) to access this endpoint.

  • apps.resetToken

    OAuth applications can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.

  • apps.revokeInstallationAccessToken

    Revokes the installation token you're using to authenticate as an installation and access this endpoint.

    Once an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the "" endpoint.

    You must use an to access this endpoint.

  • apps.scopeToken

    Use a non-scoped user-to-server access token to create a repository scoped and/or permission scoped user-to-server access token. You can specify which repositories the token can access and which permissions are granted to the token. You must use when accessing this endpoint, using the client_id and client_secret of the GitHub App as the username and password. Invalid tokens will return 404 NOT FOUND.

  • apps.suspendInstallation

    Suspends a GitHub App on a user, organization, or business account, which blocks the app from accessing the account's resources. When a GitHub App is suspended, the app's access to the GitHub Enterprise Server API or webhook events is blocked for that account.

    You must use a to access this endpoint.

  • apps.unsuspendInstallation

    Removes a GitHub App installation suspension.

    You must use a to access this endpoint.

  • apps.updateWebhookConfigForApp

    Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "."

    You must use a to access this endpoint.

  • billing.getGithubAdvancedSecurityBillingGhe

    Gets the GitHub Advanced Security active committers for an enterprise per repository.

    Each distinct user login across all repositories is counted as a single Advanced Security seat, so the total_advanced_security_committers is not the sum of active_users for each repository.

    The total number of repositories with committer information is tracked by the total_count field.

  • billing.getGithubAdvancedSecurityBillingOrg

    Gets the GitHub Advanced Security active committers for an organization per repository.

    Each distinct user login across all repositories is counted as a single Advanced Security seat, so the total_advanced_security_committers is not the sum of advanced_security_committers for each repository.

    If this organization defers to an enterprise for billing, the total_advanced_security_committers returned from the organization API may include some users that are in more than one organization, so they will only consume a single Advanced Security seat at the enterprise level.

    The total number of repositories with committer information is tracked by the total_count field.

  • checks.create

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

    Creates a new check run for a specific commit in a repository. Your GitHub App must have the checks:write permission to create check runs.

    In a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.

  • checks.createSuite

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.

    By default, check suites are automatically created when you create a . You only need to use this endpoint for manually creating check suites when you've disabled automatic creation using "". Your GitHub App must have the checks:write permission to create check suites.

  • checks.get

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

    Gets a single check run using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

  • checks.getSuite

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.

    Gets a single check suite using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check suites. OAuth Apps and authenticated users must have the repo scope to get check suites in a private repository.

  • checks.listAnnotations

    Lists annotations for a check run using the annotation id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get annotations for a check run. OAuth Apps and authenticated users must have the repo scope to get annotations for a check run in a private repository.

  • checks.listForRef

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

    Lists check runs for a commit ref. The ref can be a SHA, branch name, or a tag name. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

  • checks.listForSuite

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

    Lists check runs for a check suite using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

  • checks.listSuitesForRef

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.

    Lists check suites for a commit ref. The ref can be a SHA, branch name, or a tag name. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to list check suites. OAuth Apps and authenticated users must have the repo scope to get check suites in a private repository.

  • checks.rerequestRun

    Triggers GitHub to rerequest an existing check run, without pushing new code to a repository. This endpoint will trigger the event with the action rerequested. When a check run is rerequested, its status is reset to queued and the conclusion is cleared.

    To rerequest a check run, your GitHub App must have the checks:read permission on a private repository or pull access to a public repository.

  • checks.rerequestSuite

    Triggers GitHub to rerequest an existing check suite, without pushing new code to a repository. This endpoint will trigger the event with the action rerequested. When a check suite is rerequested, its status is reset to queued and the conclusion is cleared.

    To rerequest a check suite, your GitHub App must have the checks:read permission on a private repository or pull access to a public repository.

  • checks.setSuitesPreferences

    Changes the default automatic flow when creating check suites. By default, a check suite is automatically created each time code is pushed to a repository. When you disable the automatic creation of check suites, you can manually . You must have admin permissions in the repository to set preferences for check suites.

  • checks.update

    Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

    Updates a check run for a specific commit in a repository. Your GitHub App must have the checks:write permission to edit check runs.

  • codeScanning.deleteAnalysis

    Deletes a specified code scanning analysis from a repository. For private repositories, you must use an access token with the repo scope. For public repositories, you must use an access token with public_repo scope. GitHub Apps must have the security_events write permission to use this endpoint.

    You can delete one analysis at a time. To delete a series of analyses, start with the most recent analysis and work backwards. Conceptually, the process is similar to the undo function in a text editor.

    When you list the analyses for a repository, one or more will be identified as deletable in the response:

    "deletable": true

    An analysis is deletable when it's the most recent in a set of analyses. Typically, a repository will have multiple sets of analyses for each enabled code scanning tool, where a set is determined by a unique combination of analysis values:

    • ref
    • tool
    • category

    If you attempt to delete an analysis that is not the most recent in a set, you'll get a 400 response with the message:

    Analysis specified is not deletable.

    The response from a successful DELETE operation provides you with two alternative URLs for deleting the next analysis in the set: next_analysis_url and confirm_delete_url. Use the next_analysis_url URL if you want to avoid accidentally deleting the final analysis in a set. This is a useful option if you want to preserve at least one analysis for the specified tool in your repository. Use the confirm_delete_url URL if you are content to remove all analyses for a tool. When you delete the last analysis in a set, the value of next_analysis_url and confirm_delete_url in the 200 response is null.

    As an example of the deletion process, let's imagine that you added a workflow that configured a particular code scanning tool to analyze the code in a repository. This tool has added 15 analyses: 10 on the default branch, and another 5 on a topic branch. You therefore have two separate sets of analyses for this tool. You've now decided that you want to remove all of the analyses for the tool. To do this you must make 15 separate deletion requests. To start, you must find an analysis that's identified as deletable. Each set of analyses always has one that's identified as deletable. Having found the deletable analysis for one of the two sets, delete this analysis and then continue deleting the next analysis in the set until they're all deleted. Then repeat the process for the second set. The procedure therefore consists of a nested loop:

    Outer loop:

    • List the analyses for the repository, filtered by tool.

    • Parse this list to find a deletable analysis. If found:

      Inner loop:

      • Delete the identified analysis.
      • Parse the response for the value of confirm_delete_url and, if found, use this in the next iteration.

    The above process assumes that you want to remove all trace of the tool's analyses from the GitHub user interface, for the specified repository, and it therefore uses the confirm_delete_url value. Alternatively, you could use the next_analysis_url value, which would leave the last analysis in each set undeleted to avoid removing a tool's analysis entirely.

  • codeScanning.getAlert

    Gets a single code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

    Deprecation notice: The instances field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The same information can now be retrieved via a GET request to the URL specified by instances_url.

  • codeScanning.getAnalysis

    Gets a specified code scanning analysis for a repository. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

    The default JSON response contains fields that describe the analysis. This includes the Git reference and commit SHA to which the analysis relates, the datetime of the analysis, the name of the code scanning tool, and the number of alerts.

    The rules_count field in the default response give the number of rules that were run in the analysis. For very old analyses this data is not available, and 0 is returned in this field.

    If you use the Accept header application/sarif+json, the response contains the analysis data that was uploaded. This is formatted as .

  • codeScanning.getSarif

    Gets information about a SARIF upload, including the status and the URL of the analysis that was uploaded so that you can retrieve details of the analysis. For more information, see "." You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

  • codeScanning.listAlertInstances

    Lists all instances of the specified code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

  • codeScanning.listAlertsForEnterprise

    Lists code scanning alerts for the default branch for all eligible repositories in an enterprise. Eligible repositories are repositories that are owned by organizations that you own or for which you are a security manager. For more information, see "."

    To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or security_events scope.

  • codeScanning.listAlertsForOrg

    Lists code scanning alerts for the default branch for all eligible repositories in an organization. Eligible repositories are repositories that are owned by organizations that you own or for which you are a security manager. For more information, see "."

    To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo scope or security_events scope.

    For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the security_events read permission to use this endpoint.

  • codeScanning.listAlertsForRepo

    Lists code scanning alerts.

    To use this endpoint, you must use an access token with the security_events scope or, for alerts from public repositories only, an access token with the public_repo scope.

    GitHub Apps must have the security_events read permission to use this endpoint.

    The response includes a most_recent_instance object. This provides details of the most recent instance of this alert for the default branch (or for the specified Git reference if you used ref in the request).

  • codeScanning.listRecentAnalyses

    Lists the details of all code scanning analyses for a repository, starting with the most recent. The response is paginated and you can use the page and per_page parameters to list the analyses you're interested in. By default 30 analyses are listed per page.

    The rules_count field in the response give the number of rules that were run in the analysis. For very old analyses this data is not available, and 0 is returned in this field.

    You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

    Deprecation notice: The tool_name field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The tool name can now be found inside the tool field.

  • codeScanning.updateAlert

    Updates the status of a single code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have the security_events write permission to use this endpoint.

  • codeScanning.uploadSarif

    Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint for private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have the security_events write permission to use this endpoint.

    There are two places where you can upload code scanning results.

    • If you upload to a pull request, for example --ref refs/pull/42/merge or --ref refs/pull/42/head, then the results appear as alerts in a pull request check. For more information, see "."
    • If you upload to a branch, for example --ref refs/heads/my-branch, then the results appear in the Security tab for your repository. For more information, see "."

    You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:

    gzip -c analysis-data.sarif | base64 -w0

    SARIF upload supports a maximum number of entries per the following data objects, and an analysis will be rejected if any of these objects is above its maximum value. For some objects, there are additional values over which the entries will be ignored while keeping the most important entries whenever applicable. To get the most out of your analysis when it includes data above the supported limits, try to optimize the analysis configuration. For example, for the CodeQL tool, identify and remove the most noisy queries.
    SARIF dataMaximum valuesAdditional limits
    Runs per file15
    Results per run25,000Only the top 5,000 results will be included, prioritized by severity.
    Rules per run25,000
    Thread Flow Locations per result10,000Only the top 1,000 Thread Flow Locations will be included, using prioritization.
    Location per result1,000Only 100 locations will be included.

    The 202 Accepted response includes an id value. You can use this ID to check the status of the upload by using it in the /sarifs/{sarif_id} endpoint. For more information, see "."

  • codesOfConduct.getAllCodesOfConduct
  • codesOfConduct.getConductCode
  • dependabot.addSelectedRepoToOrgSecret

    Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.createOrUpdateOrgSecret

    Creates or updates an organization secret with an encrypted value. Encrypt your secret using . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

    Example encrypting a secret using Node.js

    Encrypt your secret using the library.

    const sodium = require('libsodium-wrappers')const secret = 'plain-text-secret' // replace with the secret you want to encryptconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
//Check if libsodium is ready and then proceed.sodium.ready.then(() => {  // Convert Secret & Base64 key to Uint8Array.  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)  let binsec = sodium.from_string(secret)
  //Encrypt the secret using LibSodium  let encBytes = sodium.crypto_box_seal(binsec, binkey)
  // Convert encrypted Uint8Array to Base64  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
  console.log(output)});

    Example encrypting a secret using Python

    Encrypt your secret using with Python 3.

    from base64 import b64encodefrom nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:  """Encrypt a Unicode string using the public key."""  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())  sealed_box = public.SealedBox(public_key)  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))  return b64encode(encrypted).decode("utf-8")

    Example encrypting a secret using C#

    Encrypt your secret using the package.

    var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

    Example encrypting a secret using Ruby

    Encrypt your secret using the gem.

    ruby
    require "rbnacl"require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secretputs Base64.strict_encode64(encrypted_secret)
  • dependabot.createOrUpdateRepoSecret

    Creates or updates a repository secret with an encrypted value. Encrypt your secret using . You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

    Example encrypting a secret using Node.js

    Encrypt your secret using the library.

    const sodium = require('libsodium-wrappers')const secret = 'plain-text-secret' // replace with the secret you want to encryptconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
//Check if libsodium is ready and then proceed.sodium.ready.then(() => {  // Convert Secret & Base64 key to Uint8Array.  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)  let binsec = sodium.from_string(secret)
  //Encrypt the secret using LibSodium  let encBytes = sodium.crypto_box_seal(binsec, binkey)
  // Convert encrypted Uint8Array to Base64  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
  console.log(output)});

    Example encrypting a secret using Python

    Encrypt your secret using with Python 3.

    from base64 import b64encodefrom nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:  """Encrypt a Unicode string using the public key."""  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())  sealed_box = public.SealedBox(public_key)  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))  return b64encode(encrypted).decode("utf-8")

    Example encrypting a secret using C#

    Encrypt your secret using the package.

    var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

    Example encrypting a secret using Ruby

    Encrypt your secret using the gem.

    ruby
    require "rbnacl"require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secretputs Base64.strict_encode64(encrypted_secret)
  • dependabot.deleteOrgSecret

    Deletes a secret in an organization using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.deleteRepoSecret

    Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

  • dependabot.getOrgPublicKey

    Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.getOrgSecret

    Gets a single organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.getRepoPublicKey

    Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

  • dependabot.getRepoSecret

    Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

  • dependabot.listOrgSecrets

    Lists all secrets available in an organization without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.listRepoSecrets

    Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

  • dependabot.listSelectedReposForOrgSecret

    Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.removeSelectedRepoFromOrgSecret

    Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependabot.setSelectedReposForOrgSecret

    Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you . You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

  • dependencyGraph.createRepositorySnapshot

    Create a new snapshot of a repository's dependencies. You must authenticate using an access token with the repo scope to use this endpoint for a repository that the requesting user has access to.

  • dependencyGraph.diffRange

    Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

  • emojis.get

    Lists all the emojis available to use on GitHub Enterprise Server.

  • enterpriseAdmin.addAuthorizedSshKey

    Note: The request body for this operation must be submitted as application/x-www-form-urlencoded data. You can submit a parameter value as a string, or you can use a tool such as curl to submit a parameter value as the contents of a text file. For more information, see the .

  • enterpriseAdmin.addCustomLabelsToSelfHostedRunnerForEnterprise

    Add custom labels to a self-hosted runner configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.addOrgAccessToSelfHostedRunnerGroupInEnterprise

    Adds an organization to the list of selected organizations that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see "."

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.addSelfHostedRunnerToGroupForEnterprise

    Adds a self-hosted runner to a runner group configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.createEnterpriseServerLicense

    When you boot a GitHub instance for the first time, you can use the following endpoint to upload a license.

    Note that you need to POST to to start the actual configuration process.

    When using this endpoint, your GitHub instance must have a password set. This can be accomplished two ways:

    1. If you're working directly with the API before accessing the web interface, you must pass in the password parameter to set your password.
    2. If you set up your instance via the web interface before accessing the API, your calls to this endpoint do not need the password parameter.

    Note: The request body for this operation must be submitted as multipart/form-data data. You can can reference the license file by prefixing the filename with the @ symbol using curl. For more information, see the .

  • enterpriseAdmin.createGlobalWebhook
  • enterpriseAdmin.createImpersonationOAuthToken
  • enterpriseAdmin.createOrg
  • enterpriseAdmin.createPreReceiveEnvironment
  • enterpriseAdmin.createPreReceiveHook
  • enterpriseAdmin.createRegistrationTokenForEnterprise

    Returns a token that you can pass to the config script. The token expires after one hour.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

    Example using registration token

    Configure your self-hosted runner, replacing TOKEN with the registration token provided by this endpoint.

    ./config.sh --url https://github.com/enterprises/octo-enterprise --token TOKEN
  • enterpriseAdmin.createRemoveTokenForEnterprise

    Returns a token that you can pass to the config script to remove a self-hosted runner from an enterprise. The token expires after one hour.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

    Example using remove token

    To remove your self-hosted runner from an enterprise, replace TOKEN with the remove token provided by this endpoint.

    ./config.sh remove --token TOKEN
  • enterpriseAdmin.createSelfHostedRunnerGroupForEnterprise

    Creates a new self-hosted runner group for an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.createUser

    If an external authentication mechanism is used, the login name should match the login name in the external system. If you are using LDAP authentication, you should also for the user.

    The login name will be normalized to only contain alphanumeric characters or single hyphens. For example, if you send "octo_cat" as the login, a user named "octo-cat" will be created.

    If the login name or email address is already associated with an account, the server will return a 422 response.

  • enterpriseAdmin.deleteGlobalWebhook
  • enterpriseAdmin.deleteImpersonationOAuthToken
  • enterpriseAdmin.deletePersonalAccessToken

    Deletes a personal access token. Returns a 403 - Forbidden status when a personal access token is in use. For example, if you access this endpoint with the same personal access token that you are trying to delete, you will receive this error.

  • enterpriseAdmin.deletePreReceiveEnvironment

    If you attempt to delete an environment that cannot be deleted, you will receive a 422 Unprocessable Entity response.

    The possible error messages are:

    • Cannot modify or delete the default environment
    • Cannot delete environment that has hooks
    • Cannot delete environment when download is in progress
  • enterpriseAdmin.deletePreReceiveHook
  • enterpriseAdmin.deletePublicKey
  • enterpriseAdmin.deleteScimGroupFromEnterprise

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Deletes a SCIM group from an enterprise.

  • enterpriseAdmin.deleteSelfHostedRunnerFromEnterprise

    Forces the removal of a self-hosted runner from an enterprise. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.deleteSelfHostedRunnerGroupFromEnterprise

    Deletes a self-hosted runner group for an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.deleteUser

    Deleting a user will delete all their repositories, gists, applications, and personal settings. is often a better option.

    You can delete any user account except your own.

  • enterpriseAdmin.deleteUserFromEnterprise

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Permanently suspends a SCIM user from an enterprise, removes all data for the user, obfuscates the login, email, and display name of the user, removes all external-identity SCIM attributes, and deletes the emails, avatar, PATs, SSH keys, OAuth authorizations credentials, GPG keys, and SAML mappings for the user. You will not be able to undo this action.

  • enterpriseAdmin.demoteSiteAdministrator

    You can demote any user account except your own.

  • enterpriseAdmin.disableSelectedOrganizationGithubActionsEnterprise

    Removes an organization from the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.enableOrDisableMaintenanceMode

    Note: The request body for this operation must be submitted as application/x-www-form-urlencoded data. You can submit a parameter value as a string, or you can use a tool such as curl to submit a parameter value as the contents of a text file. For more information, see the .

  • enterpriseAdmin.enableSelectedOrganizationGithubActionsEnterprise

    Adds an organization to the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.getAllAuthorizedSshKeys
  • enterpriseAdmin.getAllowedActionsEnterprise

    Gets the selected actions that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.getAllStats
  • enterpriseAdmin.getAnnouncement

    Gets the current message and expiration date of the global announcement banner in your enterprise.

  • enterpriseAdmin.getAuditLog

    Gets the audit log for an enterprise. To use this endpoint, you must be an enterprise admin, and you must use an access token with the admin:enterprise scope.

  • enterpriseAdmin.getCommentStats
  • enterpriseAdmin.getConfigurationStatus

    This endpoint allows you to check the status of the most recent configuration process:

    Note that you may need to wait several seconds after you start a process before you can check its status.

    The different statuses are:

    StatusDescription
    PENDINGThe job has not started yet
    CONFIGURINGThe job is running
    DONEThe job has finished correctly
    FAILEDThe job has finished unexpectedly
  • enterpriseAdmin.getDownloadStatusForPreReceiveEnvironment

    In addition to seeing the download status at the "" endpoint, there is also this separate endpoint for just the download status.

  • enterpriseAdmin.getGistStats
  • enterpriseAdmin.getGithubActionsPermissionsEnterprise

    Gets the GitHub Actions permissions policy for organizations and allowed actions in an enterprise.

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.getGlobalWebhook
  • enterpriseAdmin.getHooksStats

    Get hooks statistics

  • enterpriseAdmin.getIssueStats
  • enterpriseAdmin.getLicenseInformation
  • enterpriseAdmin.getMaintenanceStatus

    Check your installation's maintenance status:

  • enterpriseAdmin.getMilestoneStats
  • enterpriseAdmin.getOrgStats
  • enterpriseAdmin.getPagesStats
  • enterpriseAdmin.getPreReceiveEnvironment
  • enterpriseAdmin.getPreReceiveHook
  • enterpriseAdmin.getPreReceiveHookForOrg
  • enterpriseAdmin.getPreReceiveHookForRepo
  • enterpriseAdmin.getProvisioningInformationForEnterpriseGroup

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Gets information about a SCIM group.

  • enterpriseAdmin.getProvisioningInformationForEnterpriseUser

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Gets information about a SCIM user.

  • enterpriseAdmin.getPullRequestStats
  • enterpriseAdmin.getRepoStats

    Get repository statistics

  • enterpriseAdmin.getSelfHostedRunnerForEnterprise

    Gets a specific self-hosted runner configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.getSelfHostedRunnerGroupForEnterprise

    Gets a specific self-hosted runner group for an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.getSettings

    Gets the settings for your instance. To change settings, see the .

    Note: You cannot retrieve the management console password with the Enterprise administration API.

  • enterpriseAdmin.getUserStats
  • enterpriseAdmin.listGlobalWebhooks
  • enterpriseAdmin.listLabelsForSelfHostedRunnerForEnterprise

    Lists all labels for a self-hosted runner configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.listOrgAccessToSelfHostedRunnerGroupInEnterprise

    Lists the organizations with access to a self-hosted runner group.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.listPersonalAccessTokens

    Lists personal access tokens for all users, including admin users.

  • enterpriseAdmin.listPreReceiveEnvironments
  • enterpriseAdmin.listPreReceiveHooks
  • enterpriseAdmin.listPreReceiveHooksForOrg

    List all pre-receive hooks that are enabled or testing for this organization as well as any disabled hooks that can be configured at the organization level. Globally disabled pre-receive hooks that do not allow downstream configuration are not listed.

  • enterpriseAdmin.listPreReceiveHooksForRepo

    List all pre-receive hooks that are enabled or testing for this repository as well as any disabled hooks that are allowed to be enabled at the repository level. Pre-receive hooks that are disabled at a higher level and are not configurable will not be listed.

  • enterpriseAdmin.listProvisionedGroupsEnterprise

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Lists provisioned SCIM groups in an enterprise.

    You can improve query search time by using the excludedAttributes query parameter with a value of members to exclude members from the response.

  • enterpriseAdmin.listProvisionedIdentitiesEnterprise

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Lists provisioned SCIM enterprise members.

    When a user with a SCIM-provisioned external identity is removed from an enterprise through a patch with active flag set to false, the account's metadata is preserved to allow the user to re-join the enterprise in the future. However, the user's account will be suspended and the user will not be able to sign-in. In order to permanently suspend the users account with no ability to re-join the enterprise in the future, use the delete request. Users that were not permanently deleted will be visible in the returned results.

    You can improve query search time by using the excludedAttributes query parameter with a value of groups to exclude groups from the response.

  • enterpriseAdmin.listPublicKeys
  • enterpriseAdmin.listRunnerApplicationsForEnterprise

    Lists binaries for the runner application that you can download and run.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.listSelectedOrganizationsEnabledGithubActionsEnterprise

    Lists the organizations that are selected to have GitHub Actions enabled in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.listSelfHostedRunnerGroupsForEnterprise

    Lists all self-hosted runner groups for an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.listSelfHostedRunnersForEnterprise

    Lists all self-hosted runners configured for an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.listSelfHostedRunnersInGroupForEnterprise

    Lists the self-hosted runners that are in a specific enterprise group.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.pingGlobalWebhook

    This will trigger a to be sent to the webhook.

  • enterpriseAdmin.promoteUserToBeSiteAdministrator

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • enterpriseAdmin.provisionEnterpriseGroup

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Creates a SCIM group for an enterprise.

    If members are included as part of the group provisioning payload, they will be created as external group members. It is up to a provider to store a mapping between the externalId and id of each user.

  • enterpriseAdmin.provisionEnterpriseUser

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Creates an external identity for a new SCIM enterprise user.

    SCIM does not authenticate users, it only provisions them. The authentication of users is done by SAML. However, when SCIM is enabled, all users need to be provisioned through SCIM before a user can sign in through SAML. The matching of a user to a SCIM provisioned user is done when the SAML assertion is consumed. The user will be matched on SAML response NameID to SCIM userName.

    When converting existing enterprise to use SCIM, the user handle (userName) from the SCIM payload will be used to match the provisioned user to an already existing user in the enterprise. Since the new identity record is created for newly provisioned users the matching for those records is done using a user's handle. Currently the matching will be performed to all of the users no matter if they were SAML JIT provisioned or created as local users.

  • enterpriseAdmin.removeAllCustomLabelsFromSelfHostedRunnerForEnterprise

    Remove all custom labels from a self-hosted runner configured in an enterprise. Returns the remaining read-only labels from the runner.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.removeAnnouncement

    Removes the global announcement banner in your enterprise.

  • enterpriseAdmin.removeAuthorizedSshKey

    Note: The request body for this operation must be submitted as application/x-www-form-urlencoded data. You can submit a parameter value as a string, or you can use a tool such as curl to submit a parameter value as the contents of a text file. For more information, see the .

  • enterpriseAdmin.removeCustomLabelFromSelfHostedRunnerForEnterprise

    Remove a custom label from a self-hosted runner configured in an enterprise. Returns the remaining labels from the runner.

    This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.removeOrgAccessToSelfHostedRunnerGroupInEnterprise

    Removes an organization from the list of selected organizations that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see "."

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.removePreReceiveHookEnforcementForOrg

    Removes any overrides for this hook at the org level for this org.

  • enterpriseAdmin.removePreReceiveHookEnforcementForRepo

    Deletes any overridden enforcement on this repository for the specified hook.

    Responds with effective values inherited from owner and/or global level.

  • enterpriseAdmin.removeSelfHostedRunnerFromGroupForEnterprise

    Removes a self-hosted runner from a group configured in an enterprise. The runner is then returned to the default group.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.setAllowedActionsEnterprise

    Sets the actions that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.setAnnouncement

    Sets the message and expiration time for the global announcement banner in your enterprise.

  • enterpriseAdmin.setCustomLabelsForSelfHostedRunnerForEnterprise

    Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.setGithubActionsPermissionsEnterprise

    Sets the GitHub Actions permissions policy for organizations and allowed actions in an enterprise.

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.setInformationForProvisionedEnterpriseGroup

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Replaces an existing provisioned group’s information.

    You must provide all the information required for the group as if you were provisioning it for the first time. Any existing group information that you don't provide will be removed, including group membership. If you want to only update a specific attribute, use the endpoint instead.

  • enterpriseAdmin.setInformationForProvisionedEnterpriseUser

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Replaces an existing provisioned user's information.

    You must provide all the information required for the user as if you were provisioning them for the first time. Any existing user information that you don't provide will be removed. If you want to only update a specific attribute, use the endpoint instead.

    Warning: Setting active: false will suspend a user and obfuscate the user handle and user email. Since the implementation is a generic SCIM implementation and does not differentiate yet between different IdP providers, for Okta, the user GDPR data will not be purged and the credentials will not be removed.

  • enterpriseAdmin.setOrgAccessToSelfHostedRunnerGroupInEnterprise

    Replaces the list of organizations that have access to a self-hosted runner configured in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.setSelectedOrganizationsEnabledGithubActionsEnterprise

    Replaces the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "."

    You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

  • enterpriseAdmin.setSelfHostedRunnersInGroupForEnterprise

    Replaces the list of self-hosted runners that are part of an enterprise runner group.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.setSettings

    Applies settings on your instance. For a list of the available settings, see the .

    Notes:

    • The request body for this operation must be submitted as application/x-www-form-urlencoded data. You can submit a parameter value as a string, or you can use a tool such as curl to submit a parameter value as the contents of a text file. For more information, see the .
    • You cannot set the management console password with the Enterprise administration API. Use the ghe-set-password utility to change the management console password. For more information, see "."
  • enterpriseAdmin.startConfigurationProcess

    This endpoint allows you to start a configuration process at any time for your updated settings to take effect:

  • enterpriseAdmin.startPreReceiveEnvironmentDownload

    Triggers a new download of the environment tarball from the environment's image_url. When the download is finished, the newly downloaded tarball will overwrite the existing environment.

    If a download cannot be triggered, you will receive a 422 Unprocessable Entity response.

    The possible error messages are:

    • Cannot modify or delete the default environment
    • Can not start a new download when a download is in progress
  • enterpriseAdmin.suspendUser

    If your GitHub instance uses , Active Directory LDAP-authenticated users cannot be suspended through this API. If you attempt to suspend an Active Directory LDAP-authenticated user through this API, it will return a 403 response.

    You can suspend any user account except your own.

    Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • enterpriseAdmin.syncLdapMappingForTeam

    Note that this API call does not automatically initiate an LDAP sync. Rather, if a 201 is returned, the sync job is queued successfully, and is performed when the instance is ready.

  • enterpriseAdmin.syncLdapMappingForUser

    Note that this API call does not automatically initiate an LDAP sync. Rather, if a 201 is returned, the sync job is queued successfully, and is performed when the instance is ready.

  • enterpriseAdmin.unsuspendUser

    If your GitHub instance uses , this API is disabled and will return a 403 response. Active Directory LDAP-authenticated users cannot be unsuspended using the API.

  • enterpriseAdmin.updateAttributeForEnterpriseGroup

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Update a provisioned group’s individual attributes.

    To change a group’s values, you must provide a specific Operations JSON format that contains at least one of the add, remove, or replace operations. For examples and more information on the SCIM operations format, see the . Update can also be used to add group memberships.

    Group memberships can be sent one at a time or in batches for faster performance. Note: The memberships are referenced through a local user id, and the user will need to be created before they are referenced here.

  • enterpriseAdmin.updateAttributeForEnterpriseUser

    Note: The SCIM API endpoints for enterprise accounts are currently in private beta and are subject to change.

    Update a provisioned user's individual attributes.

    To change a user's values, you must provide a specific Operations JSON format that contains at least one of the add, remove, or replace operations. For examples and more information on the SCIM operations format, see the .

    Note: Complicated SCIM path selectors that include filters are not supported. For example, a path selector defined as "path": "emails[type eq \"work\"]" will not work.

    Warning: Setting active: false will suspend a user and obfuscate the user handle and user email. Since the implementation is a generic SCIM implementation and does not differentiate yet between different IdP providers, for Okta, the user GDPR data will not be purged and the credentials will not be removed.

    {  "Operations":[{    "op":"replace",    "value":{      "active":false    }  }]}
  • enterpriseAdmin.updateGlobalWebhook

    Parameters that are not provided will be overwritten with the default value or removed if no default exists.

  • enterpriseAdmin.updateLdapMappingForTeam

    Updates the (DN) of the LDAP entry to map to a team. must be enabled to map LDAP entries to a team. Use the endpoint to create a team with LDAP mapping.

  • enterpriseAdmin.updateLdapMappingForUser
  • enterpriseAdmin.updateOrgName
  • enterpriseAdmin.updatePreReceiveEnvironment

    You cannot modify the default environment. If you attempt to modify the default environment, you will receive a 422 Unprocessable Entity response.

  • enterpriseAdmin.updatePreReceiveHook
  • enterpriseAdmin.updatePreReceiveHookEnforcementForOrg

    For pre-receive hooks which are allowed to be configured at the org level, you can set enforcement and allow_downstream_configuration

  • enterpriseAdmin.updatePreReceiveHookEnforcementForRepo

    For pre-receive hooks which are allowed to be configured at the repo level, you can set enforcement

  • enterpriseAdmin.updateSelfHostedRunnerGroupForEnterprise

    Updates the name and visibility of a self-hosted runner group in an enterprise.

    You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

  • enterpriseAdmin.updateUsernameForUser
  • enterpriseAdmin.upgradeLicense

    This API upgrades your license and also triggers the configuration process.

    Note: The request body for this operation must be submitted as multipart/form-data data. You can can reference the license file by prefixing the filename with the @ symbol using curl. For more information, see the .

  • gists.checkIsStarred
  • gists.create

    Allows you to add a new gist with one or more files.

    Note: Don't name your files "gistfile" with a numerical suffix. This is the format of the automatic naming scheme that Gist uses internally.

  • gists.createComment
  • gists.delete
  • gists.deleteComment
  • gists.fork
  • gists.get
  • gists.getComment
  • gists.getRevision
  • gists.list

    Lists the authenticated user's gists or if called anonymously, this endpoint returns all public gists:

  • gists.listComments
  • gists.listCommits
  • gists.listForks
  • gists.listForUser

    Lists public gists for the specified user:

  • gists.listPublic

    List public gists sorted by most recently updated to least recently updated.

    Note: With , you can fetch up to 3000 gists. For example, you can fetch 100 pages with 30 gists per page or 30 pages with 100 gists per page.

  • gists.listStarred

    List the authenticated user's starred gists:

  • gists.star

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • gists.unstar
  • gists.update

    Allows you to update a gist's description and to update, delete, or rename gist files. Files from the previous version of the gist that aren't explicitly changed during an edit are unchanged.

  • gists.updateComment
  • git.createBlob
  • git.createCommit

    Creates a new Git .

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in the table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • git.createRef

    Creates a reference for your repository. You are unable to create new references for empty repositories, even if the commit SHA-1 hash used exists. Empty repositories are repositories without branches.

  • git.createTag

    Note that creating a tag object does not create the reference that makes a tag in Git. If you want to create an annotated tag in Git, you have to do this call to create the tag object, and then the refs/tags/[tag] reference. If you want to create a lightweight tag, you only have to the tag reference - this call would be unnecessary.

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • git.createTree

    The tree creation API accepts nested entries. If you specify both a tree and a nested path modifying that tree, this endpoint will overwrite the contents of the tree with the new path contents, and create a new tree structure.

    If you use this endpoint to add, delete, or modify the file contents in a tree, you will need to commit the tree and then update a branch to point to the commit. For more information see "" and "."

    Returns an error if you try to delete a file that does not exist.

  • git.deleteRef
  • git.getBlob

    The content in the response will always be Base64 encoded.

    Note: This API supports blobs up to 100 megabytes in size.

  • git.getCommit

    Gets a Git .

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in the table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • git.getRef

    Returns a single reference from your Git database. The :ref in the URL must be formatted as heads/<branch name> for branches and tags/<tag name> for tags. If the :ref doesn't match an existing ref, a 404 is returned.

    Note: You need to explicitly to trigger a test merge commit, which checks the mergeability of pull requests. For more information, see "".

  • git.getTag

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • git.getTree

    Returns a single tree using the SHA1 value for that tree.

    If truncated is true in the response then the number of items in the tree array exceeded our maximum limit. If you need to fetch more items, use the non-recursive method of fetching trees, and fetch one sub-tree at a time.

    Note: The limit for the tree array is 100,000 entries with a maximum size of 7 MB when using the recursive parameter.

  • git.listMatchingRefs

    Returns an array of references from your Git database that match the supplied name. The :ref in the URL must be formatted as heads/<branch name> for branches and tags/<tag name> for tags. If the :ref doesn't exist in the repository, but existing refs start with :ref, they will be returned as an array.

    When you use this endpoint without providing a :ref, it will return an array of all the references from your Git database, including notes and stashes if they exist on the server. Anything in the namespace is returned, not just heads and tags.

    Note: You need to explicitly to trigger a test merge commit, which checks the mergeability of pull requests. For more information, see "".

    If you request matching references for a branch named feature but the branch feature doesn't exist, the response can still include other matching head refs that start with the word feature, such as featureA and featureB.

  • git.updateRef
  • gitignore.getAllTemplates

    List all templates available to pass as an option when .

  • gitignore.getTemplate

    The API also allows fetching the source of a single template. Use the raw to get the raw contents.

  • issues.addAssignees

    Adds up to 10 assignees to an issue. Users already assigned to an issue are not replaced.

  • issues.addLabels
  • issues.checkUserCanBeAssigned

    Checks if a user has permission to be assigned to an issue in this repository.

    If the assignee can be assigned to issues in the repository, a 204 header with no content is returned.

    Otherwise a 404 status code is returned.

  • issues.checkUserCanBeAssignedToIssue

    Checks if a user has permission to be assigned to a specific issue.

    If the assignee can be assigned to this issue, a 204 status code with no content is returned.

    Otherwise a 404 status code is returned.

  • issues.create

    Any user with pull access to a repository can create an issue. If , the API returns a 410 Gone status.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • issues.createComment

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • issues.createLabel
  • issues.createMilestone
  • issues.deleteComment
  • issues.deleteLabel
  • issues.deleteMilestone
  • issues.get

    The API returns a if the issue was to another repository. If the issue was transferred to or deleted from a repository where the authenticated user lacks read access, the API returns a 404 Not Found status. If the issue was deleted from a repository where the authenticated user has read access, the API returns a 410 Gone status. To receive webhook events for transferred and deleted issues, subscribe to the webhook.

    Note: GitHub's REST API considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "" endpoint.

  • issues.getComment
  • issues.getEvent
  • issues.getLabel
  • issues.getMilestone
  • issues.list

    List issues assigned to the authenticated user across all visible repositories including owned repositories, member repositories, and organization repositories. You can use the filter query parameter to fetch issues that are not necessarily assigned to you.

    Note: GitHub's REST API considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "" endpoint.

  • issues.listAssignees

    Lists the for issues in a repository.

  • issues.listComments

    Issue Comments are ordered by ascending ID.

  • issues.listCommentsForRepo

    By default, Issue Comments are ordered by ascending ID.

  • issues.listEvents
  • issues.listEventsForRepo
  • issues.listEventsForTimeline
  • issues.listForAuthenticatedUser

    List issues across owned and member repositories assigned to the authenticated user.

    Note: GitHub's REST API considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "" endpoint.

  • issues.listForOrg

    List issues in an organization assigned to the authenticated user.

    Note: GitHub's REST API considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "" endpoint.

  • issues.listForRepo

    List issues in a repository. Only open issues will be listed.

    Note: GitHub's REST API considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "" endpoint.

  • issues.listLabelsForMilestone
  • issues.listLabelsForRepo
  • issues.listLabelsOnIssue
  • issues.listMilestones
  • issues.lock

    Users with push access can lock an issue or pull request's conversation.

    Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • issues.removeAllLabels
  • issues.removeAssignees

    Removes one or more assignees from an issue.

  • issues.removeLabel

    Removes the specified label from the issue, and returns the remaining labels on the issue. This endpoint returns a 404 Not Found status if the label does not exist.

  • issues.setLabels

    Removes any previous labels and sets the new labels for an issue.

  • issues.unlock

    Users with push access can unlock an issue's conversation.

  • issues.update

    Issue owners and users with push access can edit an issue.

  • issues.updateComment
  • issues.updateLabel
  • issues.updateMilestone
  • licenses.get
  • licenses.getAllCommonlyUsed
  • licenses.getForRepo

    This method returns the contents of the repository's license file, if one is detected.

    Similar to , this method also supports for retrieving the raw license content or rendered license HTML.

  • markdown.render
  • markdown.renderRaw

    You must send Markdown as plain text (using a Content-Type header of text/plain or text/x-markdown) to this endpoint, rather than using JSON format. In raw mode, is not supported and Markdown will be rendered in plain format like a README.md file. Markdown content must be 400 KB or less.

  • meta.get
  • meta.getOctocat

    Get the octocat as ASCII art

  • meta.getZen

    Get a random sentence from the Zen of GitHub

  • meta.root

    Get Hypermedia links to resources accessible in GitHub's REST API

  • migrations.deleteArchiveForOrg

    Deletes a previous migration archive. Migration archives are automatically deleted after seven days.

  • migrations.downloadArchiveForOrg

    Fetches the URL to a migration archive.

  • migrations.getArchiveForAuthenticatedUser

    Fetches the URL to download the migration archive as a tar.gz file. Depending on the resources your repository uses, the migration archive can contain JSON files with data for these objects:

    • attachments
    • bases
    • commit_comments
    • issue_comments
    • issue_events
    • issues
    • milestones
    • organizations
    • projects
    • protected_branches
    • pull_request_reviews
    • pull_requests
    • releases
    • repositories
    • review_comments
    • schema
    • users

    The archive will also contain an attachments directory that includes all attachment files uploaded to GitHub.com and a repositories directory that contains the repository's Git data.

  • migrations.getStatusForOrg

    Fetches the status of a migration.

    The state of a migration can be one of the following values:

    • pending, which means the migration hasn't started yet.
    • exporting, which means the migration is in progress.
    • exported, which means the migration finished successfully.
    • failed, which means the migration failed.
  • migrations.listForAuthenticatedUser

    Lists all migrations a user has started.

  • migrations.listForOrg

    Lists the most recent migrations, including both exports (which can be started through the REST API) and imports (which cannot be started using the REST API).

    A list of repositories is only returned for export migrations.

  • migrations.listReposForAuthenticatedUser

    Lists all the repositories for this user migration.

  • migrations.listReposForOrg

    List all the repositories for this organization migration.

  • migrations.startForAuthenticatedUser

    Initiates the generation of a user migration archive.

  • migrations.startForOrg

    Initiates the generation of a migration archive.

  • migrations.unlockRepoForOrg

    Unlocks a repository that was locked for migration. You should unlock each migrated repository and when the migration is complete and you no longer need the source data.

  • oauthAuthorizations.createAuthorization

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    Warning: Apps must use the to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the .

    Creates OAuth tokens using . If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "."

    To create tokens for a particular OAuth application using this endpoint, you must authenticate as the user you want to create an authorization for and provide the app's client ID and secret, found on your OAuth application's settings page. If your OAuth application intends to create multiple tokens for one user, use fingerprint to differentiate between them.

    You can also create tokens on GitHub Enterprise Server from the page. Read more about these tokens in .

    Organizations that enforce SAML SSO require personal access tokens to be allowed. Read more about allowing tokens in .

  • oauthAuthorizations.deleteAuthorization

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

  • oauthAuthorizations.deleteGrant

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for your user. Once deleted, the application has no access to your account and is no longer listed on .

  • oauthAuthorizations.getAuthorization

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

  • oauthAuthorizations.getGrant

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

  • oauthAuthorizations.getOrCreateAuthorizationForApp

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    Warning: Apps must use the to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the .

    Creates a new authorization for the specified OAuth application, only if an authorization for that application doesn't already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

    If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "."

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

  • oauthAuthorizations.getOrCreateAuthorizationForAppAndFingerprint

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    Warning: Apps must use the to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the .

    This method will create a new authorization for the specified OAuth application, only if an authorization for that application and fingerprint do not already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. fingerprint is a unique string to distinguish an authorization from others created for the same client ID and user. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

    If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "."

  • oauthAuthorizations.listAuthorizations

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

  • oauthAuthorizations.listGrants

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    You can use this API to list the set of OAuth applications that have been granted access to your account. Unlike the API, this API does not manage individual tokens. This API will return one entry for each OAuth application that has been granted access to your account, regardless of the number of tokens an application has generated for your user. The list of OAuth applications returned matches what is shown on . The scopes returned are the union of scopes authorized for the application. For example, if an application has one token with repo scope and another token with user scope, the grant will return ["repo", "user"].

  • oauthAuthorizations.updateAuthorization

    Deprecation Notice: GitHub Enterprise Server will discontinue the , which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our . The will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the .

    If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "."

    You can only send one of these scope keys at a time.

  • oidc.getOidcCustomSubTemplateForOrg

    Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_administration:write permission to use this endpoint.

  • oidc.updateOidcCustomSubTemplateForOrg

    Creates or updates the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the write:org scope to use this endpoint. GitHub Apps must have the admin:org permission to use this endpoint.

  • orgs.addSecurityManagerTeam

    Adds a team as a security manager for an organization. For more information, see " for an organization."

    To use this endpoint, you must be an administrator for the organization, and you must use an access token with the write:org scope.

    GitHub Apps must have the administration organization read-write permission to use this endpoint.

  • orgs.checkMembershipForUser

    Check if a user is, publicly or privately, a member of the organization.

  • orgs.checkPublicMembershipForUser
  • orgs.convertMemberToOutsideCollaborator

    When an organization member is converted to an outside collaborator, they'll only have access to the repositories that their current team membership allows. The user will no longer be a member of the organization. For more information, see "". Converting an organization member to an outside collaborator may be restricted by enterprise administrators. For more information, see "."

  • orgs.createWebhook

    Here's how you can create a hook that posts payloads in JSON format:

  • orgs.deleteWebhook
  • orgs.enableOrDisableSecurityProductOnAllOrgRepos

    Enables or disables the specified security feature for all repositories in an organization.

    To use this endpoint, you must be an organization owner or be member of a team with the security manager role. A token with the 'write:org' scope is also required.

    GitHub Apps must have the organization_administration:write permission to use this endpoint.

    For more information, see "."

  • orgs.get

    To see many of the organization response values, you need to be an authenticated organization owner with the admin:org scope. When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable .

    GitHub Apps with the Organization plan permission can use this endpoint to retrieve information about an organization's GitHub Enterprise Server plan. See "" for details. For an example response, see 'Response with GitHub Enterprise Server plan information' below."

  • orgs.getAuditLog

    Gets the audit log for an organization. For more information, see "."

    To use this endpoint, you must be an organization owner, and you must use an access token with the admin:org scope. GitHub Apps must have the organization_administration read permission to use this endpoint.

    By default, the response includes up to 30 events from the past three months. Use the phrase parameter to filter results and retrieve older events. For example, use the phrase parameter with the created qualifier to filter events based on when the events occurred. For more information, see "."

    Use pagination to retrieve fewer or more than 30 events. For more information, see "."

  • orgs.getMembershipForAuthenticatedUser
  • orgs.getMembershipForUser

    In order to get a user's membership with an organization, the authenticated user must be an organization member. The state parameter in the response can be used to identify the user's membership status.

  • orgs.getWebhook

    Returns a webhook configured in an organization. To get only the webhook config properties, see "."

  • orgs.getWebhookConfigForOrg

    Returns the webhook configuration for an organization. To get more information about the webhook, including the active state and events, use "."

    Access tokens must have the admin:org_hook scope, and GitHub Apps must have the organization_hooks:read permission.

  • orgs.getWebhookDelivery

    Returns a delivery for a webhook configured in an organization.

  • orgs.list

    Lists all organizations, in the order that they were created on GitHub Enterprise Server.

    Note: Pagination is powered exclusively by the since parameter. Use the to get the URL for the next page of organizations.

  • orgs.listAppInstallations

    Lists all GitHub Apps in an organization. The installation count includes all GitHub Apps installed on repositories in the organization. You must be an organization owner with admin:read scope to use this endpoint.

  • orgs.listCustomRoles

    List the custom repository roles available in this organization. In order to see custom repository roles in an organization, the authenticated user must be an organization owner.

    To use this endpoint the authenticated user must be an administrator for the organization or of an repository of the organization and must use an access token with admin:org repo scope. GitHub Apps must have the organization_custom_roles:read organization permission to use this endpoint.

    For more information on custom repository roles, see "."

  • orgs.listForAuthenticatedUser

    List organizations for the authenticated user.

    OAuth scope requirements

    This only lists organizations that your authorization allows you to operate on in some way (e.g., you can list teams with read:org scope, you can publicize your organization membership with user scope, etc.). Therefore, this API requires at least user or read:org scope. OAuth requests with insufficient scope receive a 403 Forbidden response.

  • orgs.listForUser

    List for the specified user.

    This method only lists public memberships, regardless of authentication. If you need to fetch all of the organization memberships (public and private) for the authenticated user, use the API instead.

  • orgs.listMembers

    List all users who are members of an organization. If the authenticated user is also a member of this organization then both concealed and public members will be returned.

  • orgs.listMembershipsForAuthenticatedUser
  • orgs.listOutsideCollaborators

    List all users who are outside collaborators of an organization.

  • orgs.listPublicMembers

    Members of an organization can choose to have their membership publicized or not.

  • orgs.listSecurityManagerTeams

    Lists teams that are security managers for an organization. For more information, see "."

    To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the read:org scope.

    GitHub Apps must have the administration organization read permission to use this endpoint.

  • orgs.listWebhookDeliveries

    Returns a list of webhook deliveries for a webhook configured in an organization.

  • orgs.listWebhooks
  • orgs.pingWebhook

    This will trigger a to be sent to the hook.

  • orgs.redeliverWebhookDelivery

    Redeliver a delivery for a webhook configured in an organization.

  • orgs.removeMember

    Removing a user from this list will remove them from all teams and they will no longer have any access to the organization's repositories.

  • orgs.removeMembershipForUser

    In order to remove a user's membership with an organization, the authenticated user must be an organization owner.

    If the specified user is an active member of the organization, this will remove them from the organization. If the specified user has been invited to the organization, this will cancel their invitation. The specified user will receive an email notification in both cases.

  • orgs.removeOutsideCollaborator

    Removing a user from this list will remove them from all the organization's repositories.

  • orgs.removePublicMembershipForAuthenticatedUser
  • orgs.removeSecurityManagerTeam

    Removes the security manager role from a team for an organization. For more information, see " team from an organization."

    To use this endpoint, you must be an administrator for the organization, and you must use an access token with the admin:org scope.

    GitHub Apps must have the administration organization read-write permission to use this endpoint.

  • orgs.setMembershipForUser

    Only authenticated organization owners can add a member to the organization or update the member's role.

    • If the authenticated user is adding a member to the organization, the invited user will receive an email inviting them to the organization. The user's will be pending until they accept the invitation.

    • Authenticated users can update a user's membership by passing the role parameter. If the authenticated user changes a member's role to admin, the affected user will receive an email notifying them that they've been made an organization owner. If the authenticated user changes an owner's role to member, no email will be sent.

    Rate limits

    To prevent abuse, the authenticated user is limited to 50 organization invitations per 24 hour period. If the organization is more than one month old or on a paid plan, the limit is 500 invitations per 24 hour period.

  • orgs.setPublicMembershipForAuthenticatedUser

    The user can publicize their own membership. (A user cannot publicize the membership for another user.)

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • orgs.update

    Parameter Deprecation Notice: GitHub Enterprise Server will replace and discontinue members_allowed_repository_creation_type in favor of more granular permissions. The new input parameters are members_can_create_public_repositories, members_can_create_private_repositories for all organizations and members_can_create_internal_repositories for organizations associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. For more information, see the .

    Enables an authenticated organization owner with the admin:org scope to update the organization's profile and member privileges.

  • orgs.updateMembershipForAuthenticatedUser
  • orgs.updateWebhook

    Updates a webhook configured in an organization. When you update a webhook, the secret will be overwritten. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "."

  • orgs.updateWebhookConfigForOrg

    Updates the webhook configuration for an organization. To update more information about the webhook, including the active state and events, use "."

    Access tokens must have the admin:org_hook scope, and GitHub Apps must have the organization_hooks:write permission.

  • projects.addCollaborator

    Adds a collaborator to an organization project and sets their permission level. You must be an organization owner or a project admin to add a collaborator.

  • projects.createCard
  • projects.createColumn
  • projects.createForAuthenticatedUser

    Creates a user project board. Returns a 410 Gone status if the user does not have existing classic projects. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.createForOrg

    Creates an organization project board. Returns a 410 Gone status if projects are disabled in the organization or if the organization does not have existing classic projects. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.createForRepo

    Creates a repository project board. Returns a 410 Gone status if projects are disabled in the repository or if the repository does not have existing classic projects. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.delete

    Deletes a project board. Returns a 404 Not Found status if projects are disabled.

  • projects.deleteCard
  • projects.deleteColumn
  • projects.get

    Gets a project by its id. Returns a 404 Not Found status if projects are disabled. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.getCard
  • projects.getColumn
  • projects.getPermissionForUser

    Returns the collaborator's permission level for an organization project. Possible values for the permission key: admin, write, read, none. You must be an organization owner or a project admin to review a user's permission level.

  • projects.listCards
  • projects.listCollaborators

    Lists the collaborators for an organization project. For a project, the list of collaborators includes outside collaborators, organization members that are direct collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners. You must be an organization owner or a project admin to list collaborators.

  • projects.listColumns
  • projects.listForOrg

    Lists the projects in an organization. Returns a 404 Not Found status if projects are disabled in the organization. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.listForRepo

    Lists the projects in a repository. Returns a 404 Not Found status if projects are disabled in the repository. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.listForUser
  • projects.moveCard
  • projects.moveColumn
  • projects.removeCollaborator

    Removes a collaborator from an organization project. You must be an organization owner or a project admin to remove a collaborator.

  • projects.update

    Updates a project board's information. Returns a 404 Not Found status if projects are disabled. If you do not have sufficient privileges to perform this action, a 401 Unauthorized or 410 Gone status is returned.

  • projects.updateCard
  • projects.updateColumn
  • pulls.checkIfMerged
  • pulls.create

    Draft pull requests are available in public repositories with GitHub Free and GitHub Free for organizations, GitHub Pro, and legacy per-repository billing plans, and in public and private repositories with GitHub Team and GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    To open or update a pull request in a public repository, you must have write access to the head or the source branch. For organization-owned repositories, you must be a member of the organization that owns the repository to open or update a pull request.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • pulls.createReplyForReviewComment

    Creates a reply to a review comment for a pull request. For the comment_id, provide the ID of the review comment you are replying to. This must be the ID of a top-level review comment, not a reply to that comment. Replies to replies are not supported.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • pulls.createReview

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

    Pull request reviews created in the PENDING state are not submitted and therefore do not include the submitted_at property in the response. To create a pending review for a pull request, leave the event parameter blank. For more information about submitting a PENDING review, see "."

    Note: To comment on a specific line in a file, you need to first determine the position of that line in the diff. The GitHub REST API offers the application/vnd.github.v3.diff . To see a pull request diff, add this media type to the Accept header of a call to the endpoint.

    The position value equals the number of lines down from the first "@@" hunk header in the file you want to add a comment. The line just below the "@@" line is position 1, the next line is position 2, and so on. The position in the diff continues to increase through lines of whitespace and additional hunks until the beginning of a new file.

  • pulls.createReviewComment

    Creates a review comment in the pull request diff. To add a regular comment to a pull request timeline, see "." We recommend creating a review comment using line, side, and optionally start_line and start_side if your comment applies to more than one line in the pull request diff.

    The position parameter is deprecated. If you use position, the line, side, start_line, and start_side parameters are not required.

    Note: The position value equals the number of lines down from the first "@@" hunk header in the file you want to add a comment. The line just below the "@@" line is position 1, the next line is position 2, and so on. The position in the diff continues to increase through lines of whitespace and additional hunks until the beginning of a new file.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • pulls.deletePendingReview
  • pulls.deleteReviewComment

    Deletes a review comment.

  • pulls.dismissReview

    Note: To dismiss a pull request review on a , you must be a repository administrator or be included in the list of people or teams who can dismiss pull request reviews.

  • pulls.get

    Draft pull requests are available in public repositories with GitHub Free and GitHub Free for organizations, GitHub Pro, and legacy per-repository billing plans, and in public and private repositories with GitHub Team and GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    Lists details of a pull request by providing its number.

    When you get, , or a pull request, GitHub Enterprise Server creates a merge commit to test whether the pull request can be automatically merged into the base branch. This test commit is not added to the base branch or the head branch. You can review the status of the test commit using the mergeable key. For more information, see "".

    The value of the mergeable attribute can be true, false, or null. If the value is null, then GitHub Enterprise Server has started a background job to compute the mergeability. After giving the job time to complete, resubmit the request. When the job finishes, you will see a non-null value for the mergeable attribute in the response. If mergeable is true, then merge_commit_sha will be the SHA of the test merge commit.

    The value of the merge_commit_sha attribute changes depending on the state of the pull request. Before merging a pull request, the merge_commit_sha attribute holds the SHA of the test merge commit. After merging a pull request, the merge_commit_sha attribute changes depending on how you merged the pull request:

    • If merged as a , merge_commit_sha represents the SHA of the merge commit.
    • If merged via a , merge_commit_sha represents the SHA of the squashed commit on the base branch.
    • If , merge_commit_sha represents the commit that the base branch was updated to.

    Pass the appropriate to fetch diff and patch formats.

  • pulls.getReview
  • pulls.getReviewComment

    Provides details for a review comment.

  • pulls.list

    Draft pull requests are available in public repositories with GitHub Free and GitHub Free for organizations, GitHub Pro, and legacy per-repository billing plans, and in public and private repositories with GitHub Team and GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

  • pulls.listCommentsForReview

    List comments for a specific pull request review.

  • pulls.listCommits

    Lists a maximum of 250 commits for a pull request. To receive a complete commit list for pull requests with more than 250 commits, use the endpoint.

  • pulls.listFiles

    Note: Responses include a maximum of 3000 files. The paginated response returns 30 files per page by default.

  • pulls.listRequestedReviewers

    Gets the users or teams whose review is requested for a pull request. Once a requested reviewer submits a review, they are no longer considered a requested reviewer. Their review will instead be returned by the operation.

  • pulls.listReviewComments

    Lists all review comments for a pull request. By default, review comments are in ascending order by ID.

  • pulls.listReviewCommentsForRepo

    Lists review comments for all pull requests in a repository. By default, review comments are in ascending order by ID.

  • pulls.listReviews

    The list of reviews returns in chronological order.

  • pulls.merge

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • pulls.removeRequestedReviewers
  • pulls.requestReviewers

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • pulls.submitReview

    Submits a pending review for a pull request. For more information about creating a pending review for a pull request, see "."

  • pulls.update

    Draft pull requests are available in public repositories with GitHub Free and GitHub Free for organizations, GitHub Pro, and legacy per-repository billing plans, and in public and private repositories with GitHub Team and GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    To open or update a pull request in a public repository, you must have write access to the head or the source branch. For organization-owned repositories, you must be a member of the organization that owns the repository to open or update a pull request.

  • pulls.updateBranch

    Updates the pull request branch with the latest upstream changes by merging HEAD from the base branch into the pull request branch.

  • pulls.updateReview

    Update the review summary comment with new text.

  • pulls.updateReviewComment

    Enables you to edit a review comment.

  • rateLimit.get

    Note: Accessing this endpoint does not count against your REST API rate limit.

    Note: The rate object is deprecated. If you're writing new API client code or updating existing code, you should use the core object instead of the rate object. The core object contains the same information that is present in the rate object.

  • reactions.createForCommitComment

    Create a reaction to a . A response with an HTTP 200 status means that you already added the reaction type to this commit comment.

  • reactions.createForIssue

    Create a reaction to an . A response with an HTTP 200 status means that you already added the reaction type to this issue.

  • reactions.createForIssueComment

    Create a reaction to an . A response with an HTTP 200 status means that you already added the reaction type to this issue comment.

  • reactions.createForPullRequestReviewComment

    Create a reaction to a . A response with an HTTP 200 status means that you already added the reaction type to this pull request review comment.

  • reactions.createForRelease

    Create a reaction to a . A response with a Status: 200 OK means that you already added the reaction type to this release.

  • reactions.createForTeamDiscussionCommentInOrg

    Create a reaction to a . OAuth access tokens require the write:discussion . A response with an HTTP 200 status means that you already added the reaction type to this team discussion comment.

    Note: You can also specify a team by org_id and team_id using the route POST /organizations/:org_id/team/:team_id/discussions/:discussion_number/comments/:comment_number/reactions.

  • reactions.createForTeamDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new "" endpoint.

    Create a reaction to a . OAuth access tokens require the write:discussion . A response with an HTTP 200 status means that you already added the reaction type to this team discussion comment.

  • reactions.createForTeamDiscussionInOrg

    Create a reaction to a . OAuth access tokens require the write:discussion . A response with an HTTP 200 status means that you already added the reaction type to this team discussion.

    Note: You can also specify a team by org_id and team_id using the route POST /organizations/:org_id/team/:team_id/discussions/:discussion_number/reactions.

  • reactions.createForTeamDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Create a reaction to a . OAuth access tokens require the write:discussion . A response with an HTTP 200 status means that you already added the reaction type to this team discussion.

  • reactions.deleteForCommitComment

    Note: You can also specify a repository by repository_id using the route DELETE /repositories/:repository_id/comments/:comment_id/reactions/:reaction_id.

    Delete a reaction to a .

  • reactions.deleteForIssue

    Note: You can also specify a repository by repository_id using the route DELETE /repositories/:repository_id/issues/:issue_number/reactions/:reaction_id.

    Delete a reaction to an .

  • reactions.deleteForIssueComment

    Note: You can also specify a repository by repository_id using the route DELETE delete /repositories/:repository_id/issues/comments/:comment_id/reactions/:reaction_id.

    Delete a reaction to an .

  • reactions.deleteForPullRequestComment

    Note: You can also specify a repository by repository_id using the route DELETE /repositories/:repository_id/pulls/comments/:comment_id/reactions/:reaction_id.

    Delete a reaction to a .

  • reactions.deleteForRelease

    Note: You can also specify a repository by repository_id using the route DELETE delete /repositories/:repository_id/releases/:release_id/reactions/:reaction_id.

    Delete a reaction to a .

  • reactions.deleteForTeamDiscussion

    Note: You can also specify a team or organization with team_id and org_id using the route DELETE /organizations/:org_id/team/:team_id/discussions/:discussion_number/reactions/:reaction_id.

    Delete a reaction to a . OAuth access tokens require the write:discussion .

  • reactions.deleteForTeamDiscussionComment

    Note: You can also specify a team or organization with team_id and org_id using the route DELETE /organizations/:org_id/team/:team_id/discussions/:discussion_number/comments/:comment_number/reactions/:reaction_id.

    Delete a reaction to a . OAuth access tokens require the write:discussion .

  • reactions.listForCommitComment

    List the reactions to a .

  • reactions.listForIssue

    List the reactions to an .

  • reactions.listForIssueComment

    List the reactions to an .

  • reactions.listForPullRequestReviewComment

    List the reactions to a .

  • reactions.listForRelease

    List the reactions to a .

  • reactions.listForTeamDiscussionCommentInOrg

    List the reactions to a . OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/:org_id/team/:team_id/discussions/:discussion_number/comments/:comment_number/reactions.

  • reactions.listForTeamDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    List the reactions to a . OAuth access tokens require the read:discussion .

  • reactions.listForTeamDiscussionInOrg

    List the reactions to a . OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/:org_id/team/:team_id/discussions/:discussion_number/reactions.

  • reactions.listForTeamDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    List the reactions to a . OAuth access tokens require the read:discussion .

  • repos.acceptInvitationForAuthenticatedUser
  • repos.addAppAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Grants the specified apps push access for this branch. Only installed GitHub Apps with write access to the contents permission can be added as authorized actors on a protected branch.

  • repos.addCollaborator

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

    Adding an outside collaborator may be restricted by enterprise administrators. For more information, see "."

    For more information on permission levels, see "". There are restrictions on which permissions can be granted to organization members when an organization base role is in place. In this case, the permission being given must be equal to or higher than the org base permission. Otherwise, the request will fail with:

    Cannot assign {member} permission of {role name}

    Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

    The invitee will receive a notification that they have been invited to the repository, which they must accept or decline. They may do this via the notifications page, the email they receive, or by using the .

    Updating an existing collaborator's permission level

    The endpoint can also be used to change the permissions of an existing collaborator without first removing and re-adding the collaborator. To change the permissions, use the same endpoint and pass a different permission parameter. The response will be a 204, with no other indication that the permission level changed.

    Rate limits

    You are limited to sending 50 invitations to a repository per 24 hour period. Note there is no limit if you are inviting organization members to an organization repository.

  • repos.addStatusCheckContexts

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.addTeamAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Grants the specified teams push access for this branch. You can also give push access to child teams.

  • repos.addUserAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Grants the specified people push access for this branch.

    TypeDescription
    arrayUsernames for people who can have push access. Note: The list of users, apps, and teams in total is limited to 100 items.
  • repos.checkCollaborator

    For organization-owned repositories, the list of collaborators includes outside collaborators, organization members that are direct collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners.

    Team members will include the members of child teams.

    You must authenticate using an access token with the read:org and repo scopes with push access to use this endpoint. GitHub Apps must have the members organization permission and metadata repository permission to use this endpoint.

  • repos.codeownersErrors

    List any syntax errors that are detected in the CODEOWNERS file.

    For more information about the correct CODEOWNERS syntax, see "."

  • repos.compareCommits

    Compares two commits against one another. You can compare branches in the same repository, or you can compare branches that exist in different repositories within the same repository network, including fork branches. For more information about how to view a repository's network, see "."

    This endpoint is equivalent to running the git log BASE...HEAD command, but it returns commits in a different order. The git log BASE...HEAD command returns commits in reverse chronological order, whereas the API returns commits in chronological order. You can pass the appropriate to fetch diff and patch formats.

    The API response includes details about the files that were changed between the two commits. This includes the status of the change (if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a renamed status have a previous_filename field showing the previous filename of the file, and files with a modified status have a patch field showing the changes made to the file.

    When calling this endpoint without any paging parameter (per_page or page), the returned list is limited to 250 commits, and the last commit in the list is the most recent of the entire comparison.

    Working with large comparisons

    To process a response with a large number of commits, use a query parameter (per_page or page) to paginate the results. When using pagination:

    • The list of changed files is only shown on the first page of results, but it includes all changed files for the entire comparison.
    • The results are returned in chronological order, but the last commit in the returned list may not be the most recent one in the entire set if there are more pages of results.

    For more information on working with pagination, see "."

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The verification object includes the following fields:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • repos.createAutolink

    Users with admin access to the repository can create an autolink.

  • repos.createCommitComment

    Create a comment for a commit using its :commit_sha.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • repos.createCommitSignatureProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    When authenticated with admin or owner permissions to the repository, you can use this endpoint to require signed commits on a branch. You must enable branch protection to require signed commits.

  • repos.createCommitStatus

    Users with push access in a repository can create commit statuses for a given SHA.

    Note: there is a limit of 1000 statuses per sha and context within a repository. Attempts to create more than 1000 statuses will result in a validation error.

  • repos.createDeployKey

    You can create a read-only deploy key.

  • repos.createDeployment

    Deployments offer a few configurable parameters with certain defaults.

    The ref parameter can be any named branch, tag, or SHA. At GitHub Enterprise Server we often deploy branches and verify them before we merge a pull request.

    The environment parameter allows deployments to be issued to different runtime environments. Teams often have multiple environments for verifying their applications, such as production, staging, and qa. This parameter makes it easier to track which environments have requested deployments. The default environment is production.

    The auto_merge parameter is used to ensure that the requested ref is not behind the repository's default branch. If the ref is behind the default branch for the repository, we will attempt to merge it for you. If the merge succeeds, the API will return a successful merge commit. If merge conflicts prevent the merge from succeeding, the API will return a failure response.

    By default, for every submitted context must be in a success state. The required_contexts parameter allows you to specify a subset of contexts that must be success, or to specify contexts that have not yet been submitted. You are not required to use commit statuses to deploy. If you do not require any contexts or create any commit statuses, the deployment will always succeed.

    The payload parameter is available for any extra information that a deployment system might need. It is a JSON text field that will be passed on when a deployment event is dispatched.

    The task parameter is used by the deployment system to allow different execution paths. In the web world this might be deploy:migrations to run schema changes on the system. In the compiled world this could be a flag to compile an application with debugging enabled.

    Users with repo or repo_deployment scopes can create a deployment for a given ref.

    Merged branch response

    You will see this response when GitHub automatically merges the base branch into the topic branch instead of creating a deployment. This auto-merge happens when:

    • Auto-merge option is enabled in the repository
    • Topic branch does not include the latest changes on the base branch, which is master in the response example
    • There are no merge conflicts

    If there are no new commits in the base branch, a new request to create a deployment should give a successful response.

    Merge conflict response

    This error happens when the auto_merge option is enabled and when the default branch (in this case master), can't be merged into the branch that's being deployed (in this case topic-branch), due to merge conflicts.

    Failed commit status checks

    This error happens when the required_contexts parameter indicates that one or more contexts need to have a success status for the commit to be deployed, but one or more of the required contexts do not have a state of success.

  • repos.createDeploymentBranchPolicy

    Creates a deployment branch policy for an environment.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration:write permission for the repository to use this endpoint.

  • repos.createDeploymentStatus

    Users with push access can create deployment statuses for a given deployment.

    GitHub Apps require read & write access to "Deployments" and read-only access to "Repo contents" (for private repos). OAuth Apps require the repo_deployment scope.

  • repos.createDispatchEvent

    You can use this endpoint to trigger a webhook event called repository_dispatch when you want activity that happens outside of GitHub Enterprise Server to trigger a GitHub Actions workflow or GitHub App webhook. You must configure your GitHub Actions workflow or GitHub App to run when the repository_dispatch event occurs. For an example repository_dispatch webhook payload, see "."

    The client_payload parameter is available for any extra information that your workflow might need. This parameter is a JSON payload that will be passed on when the webhook event is dispatched. For example, the client_payload can include a message that a user would like to send using a GitHub Actions workflow. Or the client_payload can be used as a test to debug your workflow.

    This endpoint requires write access to the repository by providing either:

    • Personal access tokens with repo scope. For more information, see "" in the GitHub Help documentation.
    • GitHub Apps with both metadata:read and contents:read&write permissions.

    This input example shows how you can use the client_payload as a test to debug your workflow.

  • repos.createForAuthenticatedUser

    Creates a new repository for the authenticated user.

    OAuth scope requirements

    When using , authorizations must include:

    • public_repo scope or repo scope to create a public repository. Note: For GitHub AE, use repo scope to create an internal repository.
    • repo scope to create a private repository.
  • repos.createFork

    Create a fork for the authenticated user.

    Note: Forking a Repository happens asynchronously. You may have to wait a short period of time before you can access the git objects. If this takes longer than 5 minutes, be sure to contact .

  • repos.createInOrg

    Creates a new repository in the specified organization. The authenticated user must be a member of the organization.

    OAuth scope requirements

    When using , authorizations must include:

    • public_repo scope or repo scope to create a public repository. Note: For GitHub AE, use repo scope to create an internal repository.
    • repo scope to create a private repository
  • repos.createOrUpdateEnvironment

    Create or update an environment with protection rules, such as required reviewers. For more information about environment protection rules, see "."

    Note: To create or update name patterns that branches must match in order to deploy to this environment, see "."

    Note: To create or update secrets for an environment, see "."

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration:write permission for the repository to use this endpoint.

  • repos.createOrUpdateFileContents

    Creates a new file or replaces an existing file in a repository. You must authenticate using an access token with the workflow scope to use this endpoint.

    Note: If you use this endpoint and the "" endpoint in parallel, the concurrent requests will conflict and you will receive errors. You must use these endpoints serially instead.

  • repos.createPagesDeployment

    Create a GitHub Pages deployment for a repository.

    Users must have write permissions. GitHub Apps must have the pages:write permission to use this endpoint.

  • repos.createPagesSite

    Configures a GitHub Enterprise Server Pages site. For more information, see "."

    To use this endpoint, you must be a repository administrator, maintainer, or have the 'manage GitHub Pages settings' permission. A token with the repo scope or Pages write permission is required. GitHub Apps must have the administration:write and pages:write permissions.

  • repos.createRelease

    Users with push access to the repository can create a release.

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • repos.createTagProtection

    This creates a tag protection state for a repository. This endpoint is only available to repository administrators.

  • repos.createUsingTemplate

    Creates a new repository using a repository template. Use the template_owner and template_repo route parameters to specify the repository to use as the template. If the repository is not public, the authenticated user must own or be a member of an organization that owns the repository. To check if a repository is available to use as a template, get the repository's information using the endpoint and check that the is_template key is true.

    OAuth scope requirements

    When using , authorizations must include:

    • public_repo scope or repo scope to create a public repository. Note: For GitHub AE, use repo scope to create an internal repository.
    • repo scope to create a private repository
  • repos.createWebhook

    Repositories can have multiple webhooks installed. Each webhook should have a unique config. Multiple webhooks can share the same config as long as those webhooks do not have any events that overlap.

  • repos.declineInvitationForAuthenticatedUser
  • repos.delete

    Deleting a repository requires admin access. If OAuth is used, the delete_repo scope is required.

    If an organization owner has configured the organization to prevent members from deleting organization-owned repositories, you will get a 403 Forbidden response.

  • repos.deleteAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Disables the ability to restrict who can push to this branch.

  • repos.deleteAdminBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Removing admin enforcement requires admin or owner permissions to the repository and branch protection to be enabled.

  • repos.deleteAnEnvironment

    You must authenticate using an access token with the repo scope to use this endpoint.

  • repos.deleteAutolink

    This deletes a single autolink reference by ID that was configured for the given repository.

    Information about autolinks are only available to repository administrators.

  • repos.deleteBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.deleteCommitComment
  • repos.deleteCommitSignatureProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    When authenticated with admin or owner permissions to the repository, you can use this endpoint to disable required signed commits on a branch. You must enable branch protection to require signed commits.

  • repos.deleteDeployKey

    Deploy keys are immutable. If you need to update a key, remove the key and create a new one instead.

  • repos.deleteDeployment

    If the repository only has one deployment, you can delete the deployment regardless of its status. If the repository has more than one deployment, you can only delete inactive deployments. This ensures that repositories with multiple deployments will always have an active deployment. Anyone with repo or repo_deployment scopes can delete a deployment.

    To set a deployment as inactive, you must:

    • Create a new deployment that is active so that the system has a record of the current state, then delete the previously active deployment.
    • Mark the active deployment as inactive by adding any non-successful deployment status.

    For more information, see "" and "."

  • repos.deleteDeploymentBranchPolicy

    Deletes a deployment branch policy for an environment.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration:write permission for the repository to use this endpoint.

  • repos.deleteFile

    Deletes a file in a repository.

    You can provide an additional committer parameter, which is an object containing information about the committer. Or, you can provide an author parameter, which is an object containing information about the author.

    The author section is optional and is filled in with the committer information if omitted. If the committer information is omitted, the authenticated user's information is used.

    You must provide values for both name and email, whether you choose to use author or committer. Otherwise, you'll receive a 422 status code.

    Note: If you use this endpoint and the "" endpoint in parallel, the concurrent requests will conflict and you will receive errors. You must use these endpoints serially instead.

  • repos.deleteInvitation
  • repos.deletePagesSite

    Deletes a GitHub Enterprise Server Pages site. For more information, see ".

    To use this endpoint, you must be a repository administrator, maintainer, or have the 'manage GitHub Pages settings' permission. A token with the repo scope or Pages write permission is required. GitHub Apps must have the administration:write and pages:write permissions.

  • repos.deletePullRequestReviewProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.deleteRelease

    Users with push access to the repository can delete a release.

  • repos.deleteReleaseAsset
  • repos.deleteTagProtection

    This deletes a tag protection state for a repository. This endpoint is only available to repository administrators.

  • repos.deleteWebhook
  • repos.disableLfsForRepo

    Disables Git LFS for a repository. Access tokens must have the admin:enterprise scope.

  • repos.downloadTarballArchive

    Gets a redirect URL to download a tar archive for a repository. If you omit :ref, the repository’s default branch (usually main) will be used. Please make sure your HTTP framework is configured to follow redirects or you will need to use the Location header to make a second GET request. Note: For private repositories, these links are temporary and expire after five minutes.

  • repos.downloadZipballArchive

    Gets a redirect URL to download a zip archive for a repository. If you omit :ref, the repository’s default branch (usually main) will be used. Please make sure your HTTP framework is configured to follow redirects or you will need to use the Location header to make a second GET request.

    Note: For private repositories, these links are temporary and expire after five minutes. If the repository is empty, you will receive a 404 when you follow the redirect.

  • repos.enableLfsForRepo

    Enables Git LFS for a repository. Access tokens must have the admin:enterprise scope.

  • repos.generateReleaseNotes

    Generate a name and body describing a . The body content will be markdown formatted and contain information like the changes since last release and users who contributed. The generated release notes are not saved anywhere. They are intended to be generated and used when creating a new release.

  • repos.get

    The parent and source objects are present when the repository is a fork. parent is the repository this repository was forked from, source is the ultimate source for the network.

    Note: In order to see the security_and_analysis block for a repository you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see "."

  • repos.getAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Lists who has access to this protected branch.

    Note: Users, apps, and teams restrictions are only available for organization-owned repositories.

  • repos.getAdminBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.getAllEnvironments

    Lists the environments for a repository.

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • repos.getAllStatusCheckContexts

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.getAllTopics
  • repos.getAppsWithAccessToProtectedBranch

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Lists the GitHub Apps that have push access to this branch. Only installed GitHub Apps with write access to the contents permission can be added as authorized actors on a protected branch.

  • repos.getAutolink

    This returns a single autolink reference by ID that was configured for the given repository.

    Information about autolinks are only available to repository administrators.

  • repos.getBranch
  • repos.getBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.getCodeFrequencyStats

    Returns a weekly aggregate of the number of additions and deletions pushed to a repository.

  • repos.getCollaboratorPermissionLevel

    Checks the repository permission of a collaborator. The possible repository permissions are admin, write, read, and none.

  • repos.getCombinedStatusForRef

    Users with pull access in a repository can access a combined view of commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name.

    Additionally, a combined state is returned. The state is one of:

    • failure if any of the contexts report as error or failure
    • pending if there are no statuses or a context is pending
    • success if the latest status for all contexts is success
  • repos.getCommit

    Returns the contents of a single commit reference. You must have read access for the repository to use this endpoint.

    Note: If there are more than 300 files in the commit diff, the response will include pagination link headers for the remaining files, up to a limit of 3000 files. Each page contains the static commit information, and the only changes are to the file listing.

    You can pass the appropriate to fetch diff and patch formats. Diffs with binary data will have no patch property.

    To return only the SHA-1 hash of the commit reference, you can provide the sha custom in the Accept header. You can use this endpoint to check if a remote reference's SHA-1 hash is the same as your local reference's SHA-1 hash by providing the local SHA-1 reference as the ETag.

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • repos.getCommitActivityStats

    Returns the last year of commit activity grouped by week. The days array is a group of commits per day, starting on Sunday.

  • repos.getCommitComment
  • repos.getCommitSignatureProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    When authenticated with admin or owner permissions to the repository, you can use this endpoint to check whether a branch requires signed commits. An enabled status of true indicates you must sign commits on this branch. For more information, see in GitHub Help.

    Note: You must enable branch protection to require signed commits.

  • repos.getContent

    Gets the contents of a file or directory in a repository. Specify the file path or directory in :path. If you omit :path, you will receive the contents of the repository's root directory. See the description below regarding what the API response includes for directories.

    Files and symlinks support for retrieving the raw content or rendered HTML (when supported). All content types support to ensure the content is returned in a consistent object format.

    Notes:

    • To get a repository's contents recursively, you can .
    • This API has an upper limit of 1,000 files for a directory. If you need to retrieve more files, use the .
    • Download URLs expire and are meant to be used just once. To ensure the download URL does not expire, please use the contents API to obtain a fresh download URL for each download.

    Size limits

    If the requested file's size is:

    • 1 MB or smaller: All features of this endpoint are supported.
    • Between 1-100 MB: Only the raw or object are supported. Both will work as normal, except that when using the object media type, the content field will be an empty string and the encoding field will be "none". To get the contents of these larger files, use the raw media type.
    • Greater than 100 MB: This endpoint is not supported.

    If the content is a directory

    The response will be an array of objects, one object for each item in the directory. When listing the contents of a directory, submodules have their "type" specified as "file". Logically, the value should be "submodule". This behavior exists in API v3 . In the next major version of the API, the type will be returned as "submodule".

    If the content is a symlink

    If the requested :path points to a symlink, and the symlink's target is a normal file in the repository, then the API responds with the content of the file (in the format shown in the example. Otherwise, the API responds with an object describing the symlink itself.

    If the content is a submodule

    The submodule_git_url identifies the location of the submodule repository, and the sha identifies a specific commit within the submodule repository. Git uses the given URL when cloning the submodule repository, and checks out the submodule at that specific commit.

    If the submodule repository is not hosted on github.com, the Git URLs (git_url and _links["git"]) and the github.com URLs (html_url and _links["html"]) will have null values.

  • repos.getContributorsStats

    Returns the total number of commits authored by the contributor. In addition, the response includes a Weekly Hash (weeks array) with the following information:

    • w - Start of the week, given as a .
    • a - Number of additions
    • d - Number of deletions
    • c - Number of commits
  • repos.getDeployKey
  • repos.getDeployment
  • repos.getDeploymentBranchPolicy

    Gets a deployment branch policy for an environment.

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • repos.getDeploymentStatus

    Users with pull access can view a deployment status for a deployment:

  • repos.getEnvironment

    Note: To get information about name patterns that branches must match in order to deploy to this environment, see "."

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • repos.getLatestPagesBuild
  • repos.getLatestRelease

    View the latest published full release for the repository.

    The latest release is the most recent non-prerelease, non-draft release, sorted by the created_at attribute. The created_at attribute is the date of the commit used for the release, and not the date when the release was drafted or published.

  • repos.getPages
  • repos.getPagesBuild
  • repos.getParticipationStats

    Returns the total commit counts for the owner and total commit counts in all. all is everyone combined, including the owner in the last 52 weeks. If you'd like to get the commit counts for non-owners, you can subtract owner from all.

    The array order is oldest week (index 0) to most recent week.

  • repos.getPullRequestReviewProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.getPunchCardStats

    Each array contains the day number, hour number, and number of commits:

    • 0-6: Sunday - Saturday
    • 0-23: Hour of day
    • Number of commits

    For example, [2, 14, 25] indicates that there were 25 total commits, during the 2:00pm hour on Tuesdays. All times are based on the time zone of individual commits.

  • repos.getReadme

    Gets the preferred README for a repository.

    READMEs support for retrieving the raw content or rendered HTML.

  • repos.getReadmeInDirectory

    Gets the README from a repository directory.

    READMEs support for retrieving the raw content or rendered HTML.

  • repos.getRelease

    Note: This returns an upload_url key corresponding to the endpoint for uploading release assets. This key is a .

  • repos.getReleaseAsset

    To download the asset's binary content, set the Accept header of the request to . The API will either redirect the client to the location, or stream it directly if possible. API clients should handle both a 200 or 302 response.

  • repos.getReleaseByTag

    Get a published release with the specified tag.

  • repos.getStatusChecksProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.getTeamsWithAccessToProtectedBranch

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Lists the teams who have push access to this branch. The list includes child teams.

  • repos.getUsersWithAccessToProtectedBranch

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Lists the people who have push access to this branch.

  • repos.getWebhook

    Returns a webhook configured in a repository. To get only the webhook config properties, see "."

  • repos.getWebhookConfigForRepo

    Returns the webhook configuration for a repository. To get more information about the webhook, including the active state and events, use "."

    Access tokens must have the read:repo_hook or repo scope, and GitHub Apps must have the repository_hooks:read permission.

  • repos.getWebhookDelivery

    Returns a delivery for a webhook configured in a repository.

  • repos.listAutolinks

    This returns a list of autolinks configured for the given repository.

    Information about autolinks are only available to repository administrators.

  • repos.listBranches
  • repos.listBranchesForHeadCommit

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Returns all branches where the given commit SHA is the HEAD, or latest commit for the branch.

  • repos.listCacheInfo

    Lists the status of each repository cache replica.

  • repos.listCollaborators

    For organization-owned repositories, the list of collaborators includes outside collaborators, organization members that are direct collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners. Organization members with write, maintain, or admin privileges on the organization-owned repository can use this endpoint.

    Team members will include the members of child teams.

    You must authenticate using an access token with the read:org and repo scopes with push access to use this endpoint. GitHub Apps must have the members organization permission and metadata repository permission to use this endpoint.

  • repos.listCommentsForCommit

    Use the :commit_sha to specify the commit that will have its comments listed.

  • repos.listCommitCommentsForRepo

    Commit Comments use . You can read more about the use of media types in the API .

    Comments are ordered by ascending ID.

  • repos.listCommits

    Signature verification object

    The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

    NameTypeDescription
    verifiedbooleanIndicates whether GitHub considers the signature in this commit to be verified.
    reasonstringThe reason for verified value. Possible values and their meanings are enumerated in table below.
    signaturestringThe signature that was extracted from the commit.
    payloadstringThe value that was signed.

    These are the possible values for reason in the verification object:

    ValueDescription
    expired_keyThe key that made the signature is expired.
    not_signing_keyThe "signing" flag is not among the usage flags in the GPG key that made the signature.
    gpgverify_errorThere was an error communicating with the signature verification service.
    gpgverify_unavailableThe signature verification service is currently unavailable.
    unsignedThe object does not include a signature.
    unknown_signature_typeA non-PGP signature was found in the commit.
    no_userNo user was associated with the committer email address in the commit.
    unverified_emailThe committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
    bad_emailThe committer email address in the commit is not included in the identities of the PGP key that made the signature.
    unknown_keyThe key that made the signature has not been registered with any user's account.
    malformed_signatureThere was an error parsing the signature.
    invalidThe signature could not be cryptographically verified using the key whose key-id was found in the signature.
    validNone of the above errors applied, so the signature is considered to be verified.
  • repos.listCommitStatusesForRef

    Users with pull access in a repository can view commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name. Statuses are returned in reverse chronological order. The first status in the list will be the latest one.

    This resource is also available via a legacy route: GET /repos/:owner/:repo/statuses/:ref.

  • repos.listContributors

    Lists contributors to the specified repository and sorts them by the number of commits per contributor in descending order. This endpoint may return information that is a few hours old because the GitHub REST API caches contributor data to improve performance.

    GitHub identifies contributors by author email address. This endpoint groups contribution counts by GitHub user, which includes all associated email addresses. To improve performance, only the first 500 author email addresses in the repository link to GitHub users. The rest will appear as anonymous contributors without associated GitHub user information.

  • repos.listDeployKeys
  • repos.listDeploymentBranchPolicies

    Lists the deployment branch policies for an environment.

    Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

  • repos.listDeployments

    Simple filtering of deployments is available via query parameters:

  • repos.listDeploymentStatuses

    Users with pull access can view deployment statuses for a deployment:

  • repos.listForAuthenticatedUser

    Lists repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access.

    The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.

  • repos.listForks
  • repos.listForOrg

    Lists repositories for the specified organization.

  • repos.listForUser

    Lists public repositories for the specified user. Note: For GitHub AE, this endpoint will list internal repositories for the specified user.

  • repos.listInvitations

    When authenticating as a user with admin rights to a repository, this endpoint will list all currently open repository invitations.

  • repos.listInvitationsForAuthenticatedUser

    When authenticating as a user, this endpoint will list all currently open repository invitations for that user.

  • repos.listLanguages

    Lists languages for the specified repository. The value shown for each language is the number of bytes of code written in that language.

  • repos.listPagesBuilds
  • repos.listPublic

    Lists all public repositories in the order that they were created.

    Note:

    • For GitHub Enterprise Server, this endpoint will only list repositories available to all users on the enterprise.
    • Pagination is powered exclusively by the since parameter. Use the to get the URL for the next page of repositories.
  • repos.listPullRequestsAssociatedWithCommit

    Lists the merged pull request that introduced the commit to the repository. If the commit is not present in the default branch, will only return open pull requests associated with the commit.

  • repos.listReleaseAssets
  • repos.listReleases

    This returns a list of releases, which does not include regular Git tags that have not been associated with a release. To get a list of Git tags, use the .

    Information about published releases are available to everyone. Only users with push access will receive listings for draft releases.

  • repos.listTagProtection

    This returns the tag protection states of a repository.

    This information is only available to repository administrators.

  • repos.listTags
  • repos.listTeams
  • repos.listWebhookDeliveries

    Returns a list of webhook deliveries for a webhook configured in a repository.

  • repos.listWebhooks

    Lists webhooks for a repository. last response may return null if there have not been any deliveries within 30 days.

  • repos.merge
  • repos.mergeUpstream

    Sync a branch of a forked repository to keep it up-to-date with the upstream repository.

  • repos.pingWebhook

    This will trigger a to be sent to the hook.

  • repos.redeliverWebhookDelivery

    Redeliver a webhook delivery for a webhook configured in a repository.

  • repos.removeAppAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Removes the ability of an app to push to this branch. Only installed GitHub Apps with write access to the contents permission can be added as authorized actors on a protected branch.

  • repos.removeCollaborator
  • repos.removeStatusCheckContexts

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.removeStatusCheckProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.removeTeamAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Removes the ability of a team to push to this branch. You can also remove push access for child teams.

  • repos.removeUserAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Removes the ability of a user to push to this branch.

    TypeDescription
    arrayUsernames of the people who should no longer have push access. Note: The list of users, apps, and teams in total is limited to 100 items.
  • repos.renameBranch

    Renames a branch in a repository.

    Note: Although the API responds immediately, the branch rename process might take some extra time to complete in the background. You won't be able to push to the old branch name while the rename process is in progress. For more information, see "".

    The permissions required to use this endpoint depends on whether you are renaming the default branch.

    To rename a non-default branch:

    • Users must have push access.
    • GitHub Apps must have the contents:write repository permission.

    To rename the default branch:

    • Users must have admin or owner permissions.
    • GitHub Apps must have the administration:write repository permission.
  • repos.replaceAllTopics
  • repos.requestPagesBuild

    You can request that your site be built from the latest revision on the default branch. This has the same effect as pushing a commit to your default branch, but does not require an additional commit. Manually triggering page builds can be helpful when diagnosing build warnings and failures.

    Build requests are limited to one concurrent build per repository and one concurrent build per requester. If you request a build while another is still in progress, the second request will be queued until the first completes.

  • repos.setAdminBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Adding admin enforcement requires admin or owner permissions to the repository and branch protection to be enabled.

  • repos.setAppAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Replaces the list of apps that have push access to this branch. This removes all apps that previously had push access and grants push access to the new list of apps. Only installed GitHub Apps with write access to the contents permission can be added as authorized actors on a protected branch.

  • repos.setStatusCheckContexts

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

  • repos.setTeamAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Replaces the list of teams that have push access to this branch. This removes all teams that previously had push access and grants push access to the new list of teams. Team restrictions include child teams.

  • repos.setUserAccessRestrictions

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Replaces the list of people that have push access to this branch. This removes all people that previously had push access and grants push access to the new list of people.

    TypeDescription
    arrayUsernames for people who can have push access. Note: The list of users, apps, and teams in total is limited to 100 items.
  • repos.testPushWebhook

    This will trigger the hook with the latest push to the current repository if the hook is subscribed to push events. If the hook is not subscribed to push events, the server will respond with 204 but no test POST will be generated.

    Note: Previously /repos/:owner/:repo/hooks/:hook_id/test

  • repos.transfer

    A transfer request will need to be accepted by the new owner when transferring a personal repository to another user. The response will contain the original owner, and the transfer will continue asynchronously. For more details on the requirements to transfer personal and organization-owned repositories, see .

  • repos.update

    Note: To edit a repository's topics, use the endpoint.

  • repos.updateBranchProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Protecting a branch requires admin or owner permissions to the repository.

    Note: Passing new arrays of users and teams replaces their previous values.

    Note: The list of users, apps, and teams in total is limited to 100 items.

  • repos.updateCommitComment
  • repos.updateDeploymentBranchPolicy

    Updates a deployment branch policy for an environment.

    You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration:write permission for the repository to use this endpoint.

  • repos.updateInformationAboutPagesSite

    Updates information for a GitHub Enterprise Server Pages site. For more information, see ".

    To use this endpoint, you must be a repository administrator, maintainer, or have the 'manage GitHub Pages settings' permission. A token with the repo scope or Pages write permission is required. GitHub Apps must have the administration:write and pages:write permissions.

  • repos.updateInvitation
  • repos.updatePullRequestReviewProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Updating pull request review enforcement requires admin or owner permissions to the repository and branch protection to be enabled.

    Note: Passing new arrays of users and teams replaces their previous values.

  • repos.updateRelease

    Users with push access to the repository can edit a release.

  • repos.updateReleaseAsset

    Users with push access to the repository can edit a release asset.

  • repos.updateStatusCheckProtection

    Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see in the GitHub Help documentation.

    Updating required status checks requires admin or owner permissions to the repository and branch protection to be enabled.

  • repos.updateWebhook

    Updates a webhook configured in a repository. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "."

  • repos.updateWebhookConfigForRepo

    Updates the webhook configuration for a repository. To update more information about the webhook, including the active state and events, use "."

    Access tokens must have the write:repo_hook or repo scope, and GitHub Apps must have the repository_hooks:write permission.

  • repos.uploadReleaseAsset

    This endpoint makes use of to determine which URL to access. The endpoint you call to upload release assets is specific to your release. Use the upload_url returned in the response of the to upload a release asset.

    You need to use an HTTP client which supports to make calls to this endpoint.

    Most libraries will set the required Content-Length header automatically. Use the required Content-Type header to provide the media type of the asset. For a list of media types, see . For example:

    application/zip

    GitHub Enterprise Server expects the asset data in its raw binary form, rather than JSON. You will send the raw binary content of the asset as the request body. Everything else about the endpoint is the same as the rest of the API. For example, you'll still need to pass your authentication to be able to upload an asset.

    When an upstream failure occurs, you will receive a 502 Bad Gateway status. This may leave an empty asset with a state of starter. It can be safely deleted.

    Notes:

    • GitHub Enterprise Server renames asset filenames that have special characters, non-alphanumeric characters, and leading or trailing periods. The "" endpoint lists the renamed filenames. For more information and help, contact .
    • To find the release_id query the .
    • If you upload an asset with the same filename as another uploaded asset, you'll receive an error and must delete the old file before you can re-upload the new asset.
  • search.code

    Searches for query terms inside of a file. This method returns up to 100 results .

    When searching for code, you can get text match metadata for the file content and file path fields when you pass the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to find the definition of the addClass function inside repository, your query would look something like this:

    q=addClass+in:file+language:js+repo:jquery/jquery

    This query searches for the keyword addClass within a file's contents. The query limits the search to files where the language is JavaScript in the jquery/jquery repository.

    Considerations for code search

    Due to the complexity of searching code, there are a few restrictions on how searches are performed:

    • Only the default branch is considered. In most cases, this will be the master branch.
    • Only files smaller than 384 KB are searchable.
    • You must always include at least one search term when searching source code. For example, searching for is not valid, while is.
  • search.commits

    Find commits via various criteria on the default branch (usually main). This method returns up to 100 results .

    When searching for commits, you can get text match metadata for the message field when you provide the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to find commits related to CSS in the repository. Your query would look something like this:

    q=repo:octocat/Spoon-Knife+css

  • search.issuesAndPullRequests

    Find issues by state and keyword. This method returns up to 100 results .

    When searching for issues, you can get text match metadata for the issue title, issue body, and issue comment body fields when you pass the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to find the oldest unresolved Python bugs on Windows. Your query might look something like this.

    q=windows+label:bug+language:python+state:open&sort=created&order=asc

    This query searches for the keyword windows, within any open issue that is labeled as bug. The search runs across repositories whose primary language is Python. The results are sorted by creation date in ascending order, which means the oldest issues appear first in the search results.

    Note: For GitHub App requests, you can't retrieve a combination of issues and pull requests in a single query. Requests that don't include the is:issue or is:pull-request qualifier will receive an HTTP 422 Unprocessable Entity response. To get results for both issues and pull requests, you must send separate queries for issues and pull requests. For more information about the is qualifier, see "."

  • search.labels

    Find labels in a repository with names or descriptions that match search keywords. Returns up to 100 results .

    When searching for labels, you can get text match metadata for the label name and description fields when you pass the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to find labels in the linguist repository that match bug, defect, or enhancement. Your query might look like this:

    q=bug+defect+enhancement&repository_id=64778136

    The labels that best match the query appear first in the search results.

  • search.repos

    Find repositories via various criteria. This method returns up to 100 results .

    When searching for repositories, you can get text match metadata for the name and description fields when you pass the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to search for popular Tetris repositories written in assembly code, your query might look like this:

    q=tetris+language:assembly&sort=stars&order=desc

    This query searches for repositories with the word tetris in the name, the description, or the README. The results are limited to repositories where the primary language is assembly. The results are sorted by stars in descending order, so that the most popular repositories appear first in the search results.

  • search.topics

    Find topics via various criteria. Results are sorted by best match. This method returns up to 100 results . See "" for a detailed list of qualifiers.

    When searching for topics, you can get text match metadata for the topic's short_description, description, name, or display_name field when you pass the text-match media type. For more details about how to receive highlighted search results, see .

    For example, if you want to search for topics related to Ruby that are featured on . Your query might look like this:

    q=ruby+is:featured

    This query searches for topics with the keyword ruby and limits the results to find only topics that are featured. The topics that are the best match for the query appear first in the search results.

  • search.users

    Find users via various criteria. This method returns up to 100 results .

    When searching for users, you can get text match metadata for the issue login, public email, and name fields when you pass the text-match media type. For more details about highlighting search results, see . For more details about how to receive highlighted search results, see .

    For example, if you're looking for a list of popular users, you might try this query:

    q=tom+repos:%3E42+followers:%3E1000

    This query searches for users with the name tom. The results are restricted to users with more than 42 repositories and over 1,000 followers.

  • secretScanning.getAlert

    Gets a single secret scanning alert detected in an eligible repository. To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

  • secretScanning.listAlertsForEnterprise

    Lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest. To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a .

  • secretScanning.listAlertsForOrg

    Lists secret scanning alerts for eligible repositories in an organization, from newest to oldest. To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

  • secretScanning.listAlertsForRepo

    Lists secret scanning alerts for an eligible repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

  • secretScanning.listLocationsForAlert

    Lists all locations for a given secret scanning alert for an eligible repository. To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

  • secretScanning.updateAlert

    Updates the status of a secret scanning alert in an eligible repository. To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.

    GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.

  • teams.addMemberLegacy

    The "Add team member" endpoint (described below) is deprecated.

    We recommend using the endpoint instead. It allows you to invite new organization members to your teams.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    To add someone to a team, the authenticated user must be an organization owner or a team maintainer in the team they're changing. The person being added to the team must be a member of the team's organization.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • teams.addOrUpdateMembershipForUserInOrg

    Adds an organization member to a team. An authenticated organization owner or team maintainer can add organization members to a team.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

    An organization owner can add someone who is not part of the team's organization to a team. When an organization owner adds someone to a team who is not an organization member, this endpoint will send an invitation to the person via email. This newly-created membership will be in the "pending" state until the person accepts the invitation, at which point the membership will transition to the "active" state and the user will be added as a member of the team.

    If the user is already a member of the team, this endpoint will update the role of the team member's role. To update the membership of a team member, the authenticated user must be an organization owner or a team maintainer.

    Note: You can also specify a team by org_id and team_id using the route PUT /organizations/{org_id}/team/{team_id}/memberships/{username}.

  • teams.addOrUpdateMembershipForUserLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    If the user is already a member of the team's organization, this endpoint will add the user to the team. To add a membership between an organization member and a team, the authenticated user must be an organization owner or a team maintainer.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

    If the user is unaffiliated with the team's organization, this endpoint will send an invitation to the user via email. This newly-created membership will be in the "pending" state until the user accepts the invitation, at which point the membership will transition to the "active" state and the user will be added as a member of the team. To add a membership between an unaffiliated user and a team, the authenticated user must be an organization owner.

    If the user is already a member of the team, this endpoint will update the role of the team member's role. To update the membership of a team member, the authenticated user must be an organization owner or a team maintainer.

  • teams.addOrUpdateProjectPermissionsInOrg

    Adds an organization project to a team. To add a project to a team or update the team's permission on a project, the authenticated user must have admin permissions for the project. The project and team must be part of the same organization.

    Note: You can also specify a team by org_id and team_id using the route PUT /organizations/{org_id}/team/{team_id}/projects/{project_id}.

  • teams.addOrUpdateProjectPermissionsLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Adds an organization project to a team. To add a project to a team or update the team's permission on a project, the authenticated user must have admin permissions for the project. The project and team must be part of the same organization.

  • teams.addOrUpdateRepoPermissionsInOrg

    To add a repository to a team or update the team's permission on a repository, the authenticated user must have admin access to the repository, and must be able to see the team. The repository must be owned by the organization, or a direct fork of a repository owned by the organization. You will get a 422 Unprocessable Entity status if you attempt to add a repository to a team that is not owned by the organization. Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

    Note: You can also specify a team by org_id and team_id using the route PUT /organizations/{org_id}/team/{team_id}/repos/{owner}/{repo}.

    For more information about the permission levels, see "".

  • teams.addOrUpdateRepoPermissionsLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new "" endpoint.

    To add a repository to a team or update the team's permission on a repository, the authenticated user must have admin access to the repository, and must be able to see the team. The repository must be owned by the organization, or a direct fork of a repository owned by the organization. You will get a 422 Unprocessable Entity status if you attempt to add a repository to a team that is not owned by the organization.

    Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

  • teams.checkPermissionsForProjectInOrg

    Checks whether a team has read, write, or admin permissions for an organization project. The response includes projects inherited from a parent team.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/projects/{project_id}.

  • teams.checkPermissionsForProjectLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Checks whether a team has read, write, or admin permissions for an organization project. The response includes projects inherited from a parent team.

  • teams.checkPermissionsForRepoInOrg

    Checks whether a team has admin, push, maintain, triage, or pull permission for a repository. Repositories inherited through a parent team will also be checked.

    You can also get information about the specified repository, including what permissions the team grants on it, by passing the following custom via the application/vnd.github.v3.repository+json accept header.

    If a team doesn't have permission for the repository, you will receive a 404 Not Found response status.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/repos/{owner}/{repo}.

  • teams.checkPermissionsForRepoLegacy

    Note: Repositories inherited through a parent team will also be checked.

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    You can also get information about the specified repository, including what permissions the team grants on it, by passing the following custom via the Accept header:

  • teams.create

    To create a team, the authenticated user must be a member or owner of {org}. By default, organization members can create teams. Organization owners can limit team creation to organization owners. For more information, see "."

    When you create a new team, you automatically become a team maintainer without explicitly adding yourself to the optional array of maintainers. For more information, see "".

  • teams.createDiscussionCommentInOrg

    Creates a new comment on a team discussion. OAuth access tokens require the write:discussion .

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

    Note: You can also specify a team by org_id and team_id using the route POST /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}/comments.

  • teams.createDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Creates a new comment on a team discussion. OAuth access tokens require the write:discussion .

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • teams.createDiscussionInOrg

    Creates a new discussion post on a team's page. OAuth access tokens require the write:discussion .

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

    Note: You can also specify a team by org_id and team_id using the route POST /organizations/{org_id}/team/{team_id}/discussions.

  • teams.createDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Creates a new discussion post on a team's page. OAuth access tokens require the write:discussion .

    This endpoint triggers . Creating content too quickly using this endpoint may result in secondary rate limiting. See "" and "" for details.

  • teams.deleteDiscussionCommentInOrg

    Deletes a comment on a team discussion. OAuth access tokens require the write:discussion .

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}/comments/{comment_number}.

  • teams.deleteDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Deletes a comment on a team discussion. OAuth access tokens require the write:discussion .

  • teams.deleteDiscussionInOrg

    Delete a discussion from a team's page. OAuth access tokens require the write:discussion .

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}.

  • teams.deleteDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Delete a discussion from a team's page. OAuth access tokens require the write:discussion .

  • teams.deleteInOrg

    To delete a team, the authenticated user must be an organization owner or team maintainer.

    If you are an organization owner, deleting a parent team will delete all of its child teams as well.

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}.

  • teams.deleteLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    To delete a team, the authenticated user must be an organization owner or team maintainer.

    If you are an organization owner, deleting a parent team will delete all of its child teams as well.

  • teams.externalIdpGroupInfoForOrg

    Displays information about the specific group's usage. Provides a list of the group's external members as well as a list of teams that this group is connected to.

    You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see "" in the GitHub Help documentation.

  • teams.getByName

    Gets a team using the team's slug. To create the slug, GitHub Enterprise Server replaces special characters in the name string, changes all words to lowercase, and replaces spaces with a - separator. For example, "My TEam Näme" would become my-team-name.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}.

  • teams.getDiscussionCommentInOrg

    Get a specific comment on a team discussion. OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}/comments/{comment_number}.

  • teams.getDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Get a specific comment on a team discussion. OAuth access tokens require the read:discussion .

  • teams.getDiscussionInOrg

    Get a specific discussion on a team's page. OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}.

  • teams.getDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Get a specific discussion on a team's page. OAuth access tokens require the read:discussion .

  • teams.getLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the endpoint.

  • teams.getMemberLegacy

    The "Get team member" endpoint (described below) is deprecated.

    We recommend using the endpoint instead. It allows you to get both active and pending memberships.

    To list members in a team, the team must be visible to the authenticated user.

  • teams.getMembershipForUserInOrg

    Team members will include the members of child teams.

    To get a user's membership with a team, the team must be visible to the authenticated user.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/memberships/{username}.

    Note: The response contains the state of the membership and the member's role.

    The role for organization owners is set to maintainer. For more information about maintainer roles, see see .

  • teams.getMembershipForUserLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Team members will include the members of child teams.

    To get a user's membership with a team, the team must be visible to the authenticated user.

    Note: The response contains the state of the membership and the member's role.

    The role for organization owners is set to maintainer. For more information about maintainer roles, see .

  • teams.linkExternalIdpGroupToTeamForOrg

    Creates a connection between a team and an external group. Only one external group can be linked to a team.

    You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see "" in the GitHub Help documentation.

  • teams.list

    Lists all teams in an organization that are visible to the authenticated user.

  • teams.listChildInOrg

    Lists the child teams of the team specified by {team_slug}.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/teams.

  • teams.listChildLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

  • teams.listDiscussionCommentsInOrg

    List all comments on a team discussion. OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}/comments.

  • teams.listDiscussionCommentsLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    List all comments on a team discussion. OAuth access tokens require the read:discussion .

  • teams.listDiscussionsInOrg

    List all discussions on a team's page. OAuth access tokens require the read:discussion .

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/discussions.

  • teams.listDiscussionsLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    List all discussions on a team's page. OAuth access tokens require the read:discussion .

  • teams.listExternalIdpGroupsForOrg

    Lists external groups available in an organization. You can query the groups using the display_name parameter, only groups with a group_name containing the text provided in the display_name parameter will be returned. You can also limit your page results using the per_page parameter. GitHub Enterprise Server generates a url-encoded page token using a cursor value for where the next page begins. For more information on cursor pagination, see "."

    You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see "" in the GitHub Help documentation.

  • teams.listForAuthenticatedUser

    List all of the teams across all of the organizations to which the authenticated user belongs. This method requires user, repo, or read:org when authenticating via .

  • teams.listLinkedExternalIdpGroupsToTeamForOrg

    Lists a connection between a team and an external group.

    You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see "" in the GitHub Help documentation.

  • teams.listMembersInOrg

    Team members will include the members of child teams.

    To list members in a team, the team must be visible to the authenticated user.

  • teams.listMembersLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Team members will include the members of child teams.

  • teams.listProjectsInOrg

    Lists the organization projects for a team.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/projects.

  • teams.listProjectsLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Lists the organization projects for a team.

  • teams.listReposInOrg

    Lists a team's repositories visible to the authenticated user.

    Note: You can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/repos.

  • teams.listReposLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

  • teams.removeMemberLegacy

    The "Remove team member" endpoint (described below) is deprecated.

    We recommend using the endpoint instead. It allows you to remove both active and pending memberships.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    To remove a team member, the authenticated user must have 'admin' permissions to the team or be an owner of the org that the team is associated with. Removing a team member does not delete the user, it just removes them from the team.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

  • teams.removeMembershipForUserInOrg

    To remove a membership between a user and a team, the authenticated user must have 'admin' permissions to the team or be an owner of the organization that the team is associated with. Removing team membership does not delete the user, it just removes their membership from the team.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}/memberships/{username}.

  • teams.removeMembershipForUserLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

    To remove a membership between a user and a team, the authenticated user must have 'admin' permissions to the team or be an owner of the organization that the team is associated with. Removing team membership does not delete the user, it just removes their membership from the team.

    Note: When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "."

  • teams.removeProjectInOrg

    Removes an organization project from a team. An organization owner or a team maintainer can remove any project from the team. To remove a project from a team as an organization member, the authenticated user must have read access to both the team and project, or admin access to the team or project. This endpoint removes the project from the team, but does not delete the project.

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}/projects/{project_id}.

  • teams.removeProjectLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Removes an organization project from a team. An organization owner or a team maintainer can remove any project from the team. To remove a project from a team as an organization member, the authenticated user must have read access to both the team and project, or admin access to the team or project. Note: This endpoint removes the project from the team, but does not delete it.

  • teams.removeRepoInOrg

    If the authenticated user is an organization owner or a team maintainer, they can remove any repositories from the team. To remove a repository from a team as an organization member, the authenticated user must have admin access to the repository and must be able to see the team. This does not delete the repository, it just removes it from the team.

    Note: You can also specify a team by org_id and team_id using the route DELETE /organizations/{org_id}/team/{team_id}/repos/{owner}/{repo}.

  • teams.removeRepoLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    If the authenticated user is an organization owner or a team maintainer, they can remove any repositories from the team. To remove a repository from a team as an organization member, the authenticated user must have admin access to the repository and must be able to see the team. NOTE: This does not delete the repository, it just removes it from the team.

  • teams.unlinkExternalIdpGroupFromTeamForOrg

    Deletes a connection between a team and an external group.

    You can manage team membership with your IdP using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see in the GitHub Help documentation.

  • teams.updateDiscussionCommentInOrg

    Edits the body text of a discussion comment. OAuth access tokens require the write:discussion .

    Note: You can also specify a team by org_id and team_id using the route PATCH /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}/comments/{comment_number}.

  • teams.updateDiscussionCommentLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Edits the body text of a discussion comment. OAuth access tokens require the write:discussion .

  • teams.updateDiscussionInOrg

    Edits the title and body text of a discussion post. Only the parameters you provide are updated. OAuth access tokens require the write:discussion .

    Note: You can also specify a team by org_id and team_id using the route PATCH /organizations/{org_id}/team/{team_id}/discussions/{discussion_number}.

  • teams.updateDiscussionLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    Edits the title and body text of a discussion post. Only the parameters you provide are updated. OAuth access tokens require the write:discussion .

  • teams.updateInOrg

    To edit a team, the authenticated user must either be an organization owner or a team maintainer.

    Note: You can also specify a team by org_id and team_id using the route PATCH /organizations/{org_id}/team/{team_id}.

  • teams.updateLegacy

    Deprecation Notice: This endpoint route is deprecated and will be removed from the Teams API. We recommend migrating your existing code to use the new endpoint.

    To edit a team, the authenticated user must either be an organization owner or a team maintainer.

    Note: With nested teams, the privacy for parent teams cannot be secret.

  • users.addEmailForAuthenticatedUser

    This endpoint is accessible with the user scope.

  • users.checkFollowingForUser
  • users.checkPersonIsFollowedByAuthenticated
  • users.createGpgKeyForAuthenticatedUser

    Adds a GPG key to the authenticated user's GitHub account. Requires that you are authenticated via Basic Auth, or OAuth with at least write:gpg_key .

  • users.createPublicSshKeyForAuthenticatedUser

    Adds a public SSH key to the authenticated user's GitHub account. Requires that you are authenticated via Basic Auth, or OAuth with at least write:public_key .

  • users.createSshSigningKeyForAuthenticatedUser

    Creates an SSH signing key for the authenticated user's GitHub account. You must authenticate with Basic Authentication, or you must authenticate with OAuth with at least write:ssh_signing_key scope. For more information, see "."

  • users.deleteEmailForAuthenticatedUser

    This endpoint is accessible with the user scope.

  • users.deleteGpgKeyForAuthenticatedUser

    Removes a GPG key from the authenticated user's GitHub account. Requires that you are authenticated via Basic Auth or via OAuth with at least admin:gpg_key .

  • users.deletePublicSshKeyForAuthenticatedUser

    Removes a public SSH key from the authenticated user's GitHub account. Requires that you are authenticated via Basic Auth or via OAuth with at least admin:public_key .

  • users.deleteSshSigningKeyForAuthenticatedUser

    Deletes an SSH signing key from the authenticated user's GitHub account. You must authenticate with Basic Authentication, or you must authenticate with OAuth with at least admin:ssh_signing_key scope. For more information, see "."

  • users.follow

    Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "."

    Following a user requires the user to be logged in and authenticated with basic auth or OAuth with the user:follow scope.

  • users.getAuthenticated

    If the authenticated user is authenticated through basic authentication or OAuth with the user scope, then the response lists public and private profile information.

    If the authenticated user is authenticated through OAuth without the user scope, then the response lists only public profile information.

  • users.getByUsername

    Provides publicly available information about someone with a GitHub account.

    GitHub Apps with the Plan user permission can use this endpoint to retrieve information about a user's GitHub Enterprise Server plan. The GitHub App must be authenticated as a user. See "" for details about authentication. For an example response, see 'Response with GitHub Enterprise Server plan information' below"

    The email key in the following response is the publicly visible email address from your GitHub Enterprise Server . When setting up your profile, you can select a primary email address to be “public” which provides an email entry for this endpoint. If you do not set a public email address for email, then it will have a value of null. You only see publicly visible email addresses when authenticated with GitHub Enterprise Server. For more information, see .

    The Emails API enables you to list all of your email addresses, and toggle a primary email to be visible publicly. For more information, see "".

  • users.getContextForUser

    Provides hovercard information when authenticated through basic auth or OAuth with the repo scope. You can find out more about someone in relation to their pull requests, issues, repositories, and organizations.

    The subject_type and subject_id parameters provide context for the person's hovercard, which returns more information than without the parameters. For example, if you wanted to find out more about octocat who owns the Spoon-Knife repository via cURL, it would look like this:

    shell
     curl -u username:token  https://api.github.com/users/octocat/hovercard?subject_type=repository&subject_id=1300192
  • users.getGpgKeyForAuthenticatedUser

    View extended details for a single GPG key. Requires that you are authenticated via Basic Auth or via OAuth with at least read:gpg_key .

  • users.getPublicSshKeyForAuthenticatedUser

    View extended details for a single public SSH key. Requires that you are authenticated via Basic Auth or via OAuth with at least read:public_key .

  • users.getSshSigningKeyForAuthenticatedUser

    Gets extended details for an SSH signing key. You must authenticate with Basic Authentication, or you must authenticate with OAuth with at least read:ssh_signing_key scope. For more information, see "."

  • users.list

    Lists all users, in the order that they signed up on GitHub Enterprise Server. This list includes personal user accounts and organization accounts.

    Note: Pagination is powered exclusively by the since parameter. Use the to get the URL for the next page of users.

  • users.listEmailsForAuthenticatedUser

    Lists all of your email addresses, and specifies which one is visible to the public. This endpoint is accessible with the user:email scope.

  • users.listFollowedByAuthenticatedUser

    Lists the people who the authenticated user follows.

  • users.listFollowersForAuthenticatedUser

    Lists the people following the authenticated user.

  • users.listFollowersForUser

    Lists the people following the specified user.

  • users.listFollowingForUser

    Lists the people who the specified user follows.

  • users.listGpgKeysForAuthenticatedUser

    Lists the current user's GPG keys. Requires that you are authenticated via Basic Auth or via OAuth with at least read:gpg_key .

  • users.listGpgKeysForUser

    Lists the GPG keys for a user. This information is accessible by anyone.

  • users.listPublicEmailsForAuthenticatedUser

    Lists your publicly visible email address, which you can set with the endpoint. This endpoint is accessible with the user:email scope.

  • users.listPublicKeysForUser

    Lists the verified public SSH keys for a user. This is accessible by anyone.

  • users.listPublicSshKeysForAuthenticatedUser

    Lists the public SSH keys for the authenticated user's GitHub account. Requires that you are authenticated via Basic Auth or via OAuth with at least read:public_key .

  • users.listSshSigningKeysForAuthenticatedUser

    Lists the SSH signing keys for the authenticated user's GitHub account. You must authenticate with Basic Authentication, or you must authenticate with OAuth with at least read:ssh_signing_key scope. For more information, see "."

  • users.listSshSigningKeysForUser

    Lists the SSH signing keys for a user. This operation is accessible by anyone.

  • users.unfollow

    Unfollowing a user requires the user to be logged in and authenticated with basic auth or OAuth with the user:follow scope.

  • users.updateAuthenticated

    Note: If your email is set to private and you send an email parameter as part of this request to update your profile, your privacy settings are still enforced: the email address will not be displayed on your public profile or via the API.

  • openapi.previewSpec

    Preview an OpenAPI document before adding it as a source

  • openapi.addSource

    Add an OpenAPI source and register its operations as tools