octokit/rest.js

Usage

Import the Octokit constructor based on your platform.

Browsers

Load @octokit/rest directly from cdn.skypack.dev

<script type="module">
  import { Octokit } from "https://cdn.skypack.dev/@octokit/rest";
</script>

Node

Install with npm install @octokit/rest

const { Octokit } = require("@octokit/rest");
// or: import { Octokit } from "@octokit/rest";

const { Octokit } = require("@octokit/rest");

Now instantiate your octokit API. All options are optional, but authentication is strongly encouraged.

const octokit = new Octokit({

You can set auth to a personal access token string.

Learn more about authentication.

  auth: "secret123",

Setting a user agent is required. It defaults to octokit/rest.js v1.2.3 where v1.2.3 is the current version of @octokit/rest, but you should set it to something that identifies your app or script.

  userAgent: 'myApp v1.2.3',

API Previews can be enabled globally by setting the previews option. They can be set per-request as well.

Learn more about API Previews.

  previews: ['jean-grey', 'symmetra'],

A default time zone can be enabled by setting the timeZone option.

  timeZone: 'Europe/Amsterdam',

Learn more about using time zones with the GitHub API.

In order to use Octokit with GitHub Enterprise, set the baseUrl option.

  baseUrl: 'https://api.github.com',

For custom logging, pass an object with debug, info, warn and error methods as the log option.

Learn more about logging and debugging.

  log: {
    debug: () => {},
    info: () => {},
    warn: console.warn,
    error: console.error
  },

Custom request options can be passed as request.* options. See @octokit/request options. The same options can be passed to each endpoint request method.

  request: {
    agent: undefined,
    fetch: undefined,
    timeout: 0
  }
})

Most of GitHub’s REST API endpoints have matching methods. All endpoint methods are asynchronous, in order to use await in the code examples, we wrap them into an anonymous async function.

(async () => {

For example to retrieve a pull request, use octokit.rest.pulls.get(). We recommend to use the search above to find the endpoint method you are looking for

const { data: pullRequest } = await octokit.rest.pulls.get({
  owner: "octokit",
  repo: "rest.js",
  pull_number: 123,
});

Some API endpoints support alternative response formats, see Media types. For example, to request the above pull request in a diff format, pass the mediaType.format option.

Learn more about request formats.

const { data: diff } = await octokit.rest.pulls.get({
  owner: "octokit",
  repo: "rest.js",
  pull_number: 123,
  mediaType: {
    format: "diff",
  },
});

For the API endpoints that do not have a matching method, such as the root endpoint or legacy endpoints, you can send custom requests.

Learn more about custom requests.

const { data: root } = await octokit.request("GET /");

You can also register custom endpoint methods, which is particularly useful if you participate in a private beta.

Learn more about custom endpoint methods.

await octokit.registerEndpoints({
  misc: {
    getRoot: {
      method: "GET",
      url: "/",
    },
  },
});

Some endpoints return a list which has to be paginated in order to retrieve the complete data set.

Learn more about pagination.

  octokit.paginate(octokit.rest.issues.listForRepo, {
    owner: 'octokit',
    repo: 'rest.js'
  })
    .then(issues => {
      // issues is an array of all issue objects
    })
})

You can add more functionality with plugins. We recommend the retry and throttling plugins.

Learn more about throttling, automatic retries and building your own Plugins.

import { retry } from "@octokit/plugin-retry";
import { throttling } from "@octokit/plugin-throttling";

const MyOctokit = Octokit.plugin(retry, throttling);

Octokit.plugin() returns a new constructor. The same options can be passed to the constructor. The options are passed on to all plugin functions as the 2nd argument.

const myOctokit = new MyOctokit({
  auth: "secret123",
  throttle: {
    onRateLimit: (retryAfter, options) => {
      myOctokit.log.warn(
        `Request quota exhausted for request ${options.method} ${options.url}`
      );

      if (options.request.retryCount === 0) {
        // only retries once
        myOctokit.log.info(`Retrying after ${retryAfter} seconds!`);
        return true;
      }
    },
    onAbuseLimit: (retryAfter, options) => {
      // does not retry, only logs a warning
      myOctokit.log.warn(
        `Abuse detected for request ${options.method} ${options.url}`
      );
    },
  },
  retry: {
    doNotRetry: ["429"],
  },
});

Authentication

Authentication is optional for some REST API endpoints accessing public data, but is required for GraphQL queries. Using authentication also increases your API rate limit.

GitHub supports different authentication strategies:

Personal access token (create). This is the default authentication strategy. Set the options.auth option to the token in new Octokit(options). Learn more about the built-in @octokit/auth-token authentication strategy.
OAuth Apps: authenticate using user access token created by an OAuth app, to which you granted selected permissions, or as the OAuth App itself (OAuth using client_id and client_secret). Learn more about the optional @octokit/auth-oauth-app authentication strategy
GitHub Apps: authenticate using an installation access token or as GitHub App itself. Learn more about the optional @octokit/auth-app authentication strategy.
GitHub Actions: authenticate using the GITHUB_TOKEN secret which is provided to GitHub Actions Workflows. Learn more about the optional @octokit/auth-action authentication strategy.

Learn more about all official and community authentication strategies.

By default, @octokit/rest authenticates using the token authentication strategy. Pass in a token using options.auth. It can be a personal access token, an OAuth token, an installation access token or a JSON Web Token for GitHub App authentication. The Authorization request header will be set according to the type of token.

const { Octokit } = require("@octokit/rest");

const octokit = new Octokit({
  auth: "mypersonalaccesstoken123",
});

// sends request with `Authorization: token mypersonalaccesstoken123` header
const { data } = await octokit.request("/user");

To use a different authentication strategy, set options.authStrategy. Here is an example for GitHub App authentication

const { Octokit } = require("@octokit/rest");
const { createAppAuth } = require("@octokit/auth-app");

const appOctokit = new Octokit({
  authStrategy: createAppAuth,
  auth: {
    appId: 123,
    privateKey: process.env.PRIVATE_KEY,
    // optional: this will make appOctokit authenticate as app (JWT)
    //           or installation (access token), depending on the request URL
    installationId: 123,
  },
});

const { data } = await appOctokit.request("/app");

The .auth() method returned by the current authentication strategy can be accessed at octokit.auth(). Example

const { token } = await appOctokit.auth({
  type: "installation",
  // defaults to `options.auth.installationId` set in the constructor
  installationId: 123,
});

Previews

To enable any of GitHub’s API Previews, pass the previews option to the GitHub constructor

const octokit = new Octokit({
  previews: ["mercy-preview"],
});

Previews can also be enabled for a single request by passing the mediaType.preview option

const {
  data: { topics },
} = await octokit.rest.repos.get({
  owner: "octokit",
  repo: "rest.js",
  mediaType: {
    previews: ["symmetra"],
  },
});

Request formats & aborts

Some API endpoints support alternative response formats, see Media types.

For example, to request a pull request as diff format, set the mediaType.format option

const { data: prDiff } = await octokit.rest.pulls.get({
  owner: "octokit",
  repo: "rest.js",
  pull_number: 1278,
  mediaType: {
    format: "diff",
  },
});

The AbortController interface can be used to abort one or more requests as and when desired. When the request is initiated, an AbortSignal instance can be passed as an option inside the request's options object. For usage in Node, the abort-controller package can be used.

const controller = new AbortController();
const { data: prDiff } = await octokit.rest.pulls.get({
  owner: "octokit",
  repo: "rest.js",
  pull_number: 1278,
  request: {
    signal: controller.signal,
  },
});

Use controller.abort() to abort the request when desired.

Custom requests

To send custom requests you can use the lower-level octokit.request() method

octokit.request("GET /");

The baseUrl, headers and other defaults are already set. For more information on the octokit.request() API see octokit/request.js

All the endpoint methods such as octokit.rest.repos.get() are aliases of octokit.request() with pre-bound default options. So you can use the @octokit/request API to get the default options or get generic request option to use with your preferred request library.

const defaultOptions = octokit.rest.repos.get.endpoint.DEFAULTS;
const requestOptions = octokit.rest.repos.get.endpoint({
  owner: "octokit",
  repo: "rest.js",
});

Note that authentication is not applied when retrieving request options from the *.endpoint APIs.

Pagination

All endpoint methods starting with .list* do not return all results at once but instead return the first 30 items by default, see also GitHub’s REST API pagination documentation.

To automatically receive all results across all pages, you can use the octokit.paginate() method:

octokit
  .paginate("GET /repos/{owner}/{repo}/issues", {
    owner: "octokit",
    repo: "rest.js",
  })
  .then((issues) => {
    // issues is an array of all issue objects. It is not wrapped in a { data, headers, status, url } object
    // like results from `octokit.request()` or any of the endpoint methods such as `octokit.rest.issues.listForRepo()`
  });

octokit.paginate() accepts the same options as octokit.request(). You can optionally pass an additional function to map the results from each response. The map must return a new value, usually an array with mapped data.

Note: the map function is called with the { data, headers, status, url } response object. The data property is guaranteed to be an array of the result items, even for list endpoints that respond with an object instead of an array, such as the search endpoints.

octokit
  .paginate(
    "GET /repos/{owner}/{repo}/issues",
    { owner: "octokit", repo: "rest.js" },
    (response) => response.data.map((issue) => issue.title)
  )
  .then((issueTitles) => {
    // issueTitles is now an array with the titles only
  });

To stop paginating early, you can call the done() function passed as 2nd argument to the response map function. Note that you still have to return the value you want to map the response to, otherwise the last response will be mapped to undefined.

octokit.paginate("GET /organizations", (response, done) => {
  if (response.data.find((issues) => issue.body.includes("something"))) {
    done();
  }
  return response.data;
});

To paginate responses for one of the registered endpoint methods such as octokit.rest.issues.listForRepo() you can pass the method directly as first argument to octokit.paginate:

octokit
  .paginate(octokit.rest.issues.listForRepo, {
    owner: "octokit",
    repo: "rest.js",
  })
  .then((issues) => {
    // issues is an array of all issue objects
  });

If your runtime environment supports async iterators (such as most modern browsers and Node 10+), you can iterate through each response

for await (const response of octokit.paginate.iterator(
  octokit.rest.issues.listForRepo,
  {
    owner: "octokit",
    repo: "rest.js",
  }
)) {
  // do whatever you want with each response, break out of the loop, etc.
}

octokit.paginate.iterator() accepts the same options as octokit.paginate().

Hooks

You can customize Octokit’s request lifecycle with hooks. Available methods are

octokit.hook.before("request", async (options) => {
  validate(options);
});
octokit.hook.after("request", async (response, options) => {
  console.log(`${options.method} ${options.url}: ${response.status}`);
});
octokit.hook.error("request", async (error, options) => {
  if (error.status === 304) {
    return findInCache(error.response.headers.etag);
  }

  throw error;
});
octokit.hook.wrap("request", async (request, options) => {
  // add logic before, after, catch errors or replace the request altogether
  return request(options);
});

See before-after-hook for more details on the 4 methods.

Custom endpoint methods

Note: octokit.registerEndpoints() has been deprecated.

Instead of

await octokit.registerEndpoints({
  misc: {
    getRoot: {
      method: "GET",
      url: "/",
    },
  },
});

Object.assign(octokit.misc, {
  getRoot: octokit.request.defaults({
    method: "GET",
    url: "/",
  }),
});

If you use octokit.registerEndpoints() in a plugin, return an object instead:

function myPlugin(octokit, options) {
  return {
    misc: {
      octokit.request.defaults({ method: "GET", url: "/" })
    }
  }
}

You can register custom endpoint methods such as octokit.rest.repos.get() using the octokit.registerEndpoints(routes) method

octokit.registerEndpoints({
  foo: {
    bar: {
      method: "PATCH",
      url: "/repos/{owner}/{repo}/foo",
      headers: {
        accept: "application/vnd.github.foo-bar-preview+json",
      },
      params: {
        owner: {
          required: true,
          type: "string",
        },
        repo: {
          required: true,
          type: "string",
        },
        baz: {
          required: true,
          type: "string",
          enum: ["qux", "quux", "quuz"],
        },
      },
    },
  },
});

octokit.foo.bar({
  owner: "octokit",
  repo: "rest.js",
  baz: "quz",
});

This is useful when you participate in private beta features and prefer the convenience of methods for the new endpoints instead of using octokit.request().

Plugins

You can customize and extend Octokit’s functionality using plugins

// index.js
const { Octokit } = require("@octokit/rest");
const MyOctokit = Octokit.plugin(
  require("./lib/my-plugin"),
  require("octokit-plugin-example")
);

// lib/my-plugin.js
module.exports = (octokit, options = { greeting: "Hello" }) => {
  // hook into the request lifecycle
  octokit.hook.wrap("request", async (request, options) => {
    const time = Date.now();
    const response = await request(options);
    octokit.log.info(
      `${options.method} ${options.url} – ${response.status} in ${
        Date.now() - time
      }ms`
    );
    return response;
  });

  // add a custom method: octokit.helloWorld()
  return {
    helloWorld: () => console.log(`${options.greeting}, world!`),
  };
};

.plugin accepts a function or an array of functions.

We recommend using Octokit’s log methods to help users of your plugin with debugging.

You can add new methods to the octokit instance passed as the first argument to the plugin function. The 2nd argument is the options object passed to the constructor when instantiating the octokit client.

const octokit = new MyOctokit({ greeting: "Hola" });
octokit.helloWorld();
// Hola, world!

Throttling

When you send too many requests in too little time you will likely hit errors due to rate and/or abuse limits.

In order to automatically throttle requests as recommended in GitHub’s best practices for integrators, we recommend you install the @octokit/plugin-throttling plugin.

The throttle.onAbuseLimit and throttle.onRateLimit options are required.

Return true from these functions to automatically retry the request after retryAfter seconds. Return false or undefined to skip retry and throw the error. For rate limit errors, retryAfter defaults to seconds until X-RateLimit-Reset. For abuse errors, retryAfter defaults to the retry-after header but is a minimum of five seconds.

const { Octokit } = require("@octokit/rest");
const { throttling } = require("@octokit/plugin-throttling");
const MyOctokit = Octokit.plugin(throttling);

const octokit = new MyOctokit({
  auth: "token " + process.env.TOKEN,
  throttle: {
    onRateLimit: (retryAfter, options) => {
      octokit.log.warn(
        `Request quota exhausted for request ${options.method} ${options.url}`
      );

      // Retry twice after hitting a rate limit error, then give up
      if (options.request.retryCount <= 2) {
        console.log(`Retrying after ${retryAfter} seconds!`);
        return true;
      }
    },
    onAbuseLimit: (retryAfter, options) => {
      // does not retry, only logs a warning
      octokit.log.warn(
        `Abuse detected for request ${options.method} ${options.url}`
      );
    },
  },
});

Automatic retries

Many common request errors can be easily remediated by retrying the request. We recommend installing the @octokit/plugin-retry plugin for Automatic retries in these cases

const { Octokit } = require("@octokit/rest");
const { retry } = require("@octokit/plugin-retry");
const MyOctokit = Octokit.plugin(retry);

const octokit = new MyOctokit();

// all requests sent with the `octokit` instance are now retried up to 3 times for recoverable errors.

Logging

Octokit has 4 built-in log methods

octokit.log.debug(message[, additionalInfo])
octokit.log.info(message[, additionalInfo])
octokit.log.warn(message[, additionalInfo])
octokit.log.error(message[, additionalInfo])

They can be configured using the log client option. By default, octokit.log.debug() and octokit.log.info() are no-ops, while the other two call console.warn() and console.error() respectively.

This is useful if you build reusable plugins.

Debug

The simplest way to receive debug information is to set the log client option to console.

const octokit = require("@octokit/rest")({
  log: console,
});

octokit.request("/");

This will log

request { method: 'GET',
  baseUrl: 'https://api.github.com',
  headers:
   { accept: 'application/vnd.github.v3+json',
     'user-agent':
      'octokit.js/0.0.0-development Node.js/10.15.0 (macOS Mojave; x64)' },
  request: {},
  url: '/' }
GET / - 200 in 514ms

If you like to support a configurable log level, we recommend using the console-log-level module

const octokit = require("@octokit/rest")({
  log: require("console-log-level")({ level: "info" }),
});

octokit.request("/");

This will only log

GET / - 200 in 514ms

Actions

Add custom labels to a self-hosted runner for an organization

Add custom labels to a self-hosted runner configured in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForOrg({
  org,
  runner_id,
  labels,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to add to the runner.

Add custom labels to a self-hosted runner for a repository

Add custom labels to a self-hosted runner configured in a repository.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
  labels,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to add to the runner.

Add selected repository to an organization secret

Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.addSelectedRepoToOrgSecret({
  org,
  secret_name,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
repository_id	yes

Approve a workflow run for a fork pull request

Approves a workflow run for a pull request from a public fork of a first time contributor. For more information, see "Approving workflow runs from public forks."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.approveWorkflowRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Cancel a workflow run

Cancels a workflow run using its id. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.cancelWorkflowRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Create or update an environment secret

Creates or updates an environment secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.actions.createOrUpdateEnvironmentSecret({
  repository_id,
  environment_name,
  secret_name,
  encrypted_value,
  key_id,
});

Parameters

name	required	description
repository_id	yes	The unique identifier of the repository.
environment_name	yes	The name of the environment
secret_name	yes	The name of the secret.
encrypted_value	yes	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an environment public key endpoint.
key_id	yes	ID of the key you used to encrypt the secret.

Create or update an organization secret

Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.actions.createOrUpdateOrgSecret({
  org,
  secret_name,
  visibility,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an organization public key endpoint.
key_id	no	ID of the key you used to encrypt the secret.
visibility	yes	Which type of organization repositories have access to the organization secret. `selected` means only the repositories specified by `selected_repository_ids` can access the secret.
selected_repository_ids	no	An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the `visibility` is set to `selected`. You can manage the list of selected repositories using the List selected repositories for an organization secret, Set selected repositories for an organization secret, and Remove selected repository from an organization secret endpoints.

Create or update a repository secret

Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.actions.createOrUpdateRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint.
key_id	no	ID of the key you used to encrypt the secret.

Create a registration token for an organization

Returns a token that you can pass to the config script. The token expires after one hour.

You must authenticate using an access token with the admin:org scope to use this endpoint.

Example using registration token

Configure your self-hosted runner, replacing TOKEN with the registration token provided by this endpoint.

./config.sh --url https://github.com/octo-org --token TOKEN

octokit.rest.actions.createRegistrationTokenForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Create a registration token for a repository

Returns a token that you can pass to the config script. The token expires after one hour. You must authenticate using an access token with the repo scope to use this endpoint.

Example using registration token

Configure your self-hosted runner, replacing TOKEN with the registration token provided by this endpoint.

./config.sh --url https://github.com/octo-org/octo-repo-artifacts --token TOKEN

octokit.rest.actions.createRegistrationTokenForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Create a remove token for an organization

Returns a token that you can pass to the config script to remove a self-hosted runner from an organization. The token expires after one hour.

You must authenticate using an access token with the admin:org scope to use this endpoint.

Example using remove token

To remove your self-hosted runner from an organization, replace TOKEN with the remove token provided by this endpoint.

./config.sh remove --token TOKEN

octokit.rest.actions.createRemoveTokenForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Create a remove token for a repository

Returns a token that you can pass to remove a self-hosted runner from a repository. The token expires after one hour. You must authenticate using an access token with the repo scope to use this endpoint.

Example using remove token

To remove your self-hosted runner from a repository, replace TOKEN with the remove token provided by this endpoint.

./config.sh remove --token TOKEN

octokit.rest.actions.createRemoveTokenForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Create a workflow dispatch event

You can use this endpoint to manually trigger a GitHub Actions workflow run. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

You must configure your GitHub Actions workflow to run when the workflow_dispatch webhook event occurs. The inputs are configured in the workflow file. For more information about how to configure the workflow_dispatch event in the workflow file, see "Events that trigger workflows."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint. For more information, see "Creating a personal access token for the command line."

octokit.rest.actions.createWorkflowDispatch({
  owner,
  repo,
  workflow_id,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.
ref	yes	The git reference for the workflow. The reference can be a branch or tag name.
inputs	no	Input keys and values configured in the workflow file. The maximum number of properties is 10. Any default properties configured in the workflow file will be used when `inputs` are omitted.
inputs.*	no

Delete a GitHub Actions cache for a repository (using a cache ID)

Deletes a GitHub Actions cache for a repository, using a cache ID.

You must authenticate using an access token with the repo scope to use this endpoint.

GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.deleteActionsCacheById({
  owner,
  repo,
  cache_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
cache_id	yes	The unique identifier of the GitHub Actions cache.

Delete GitHub Actions caches for a repository (using a cache key)

Deletes one or more GitHub Actions caches for a repository, using a complete cache key. By default, all caches that match the provided key are deleted, but you can optionally provide a Git ref to restrict deletions to caches that match both the provided key and the Git ref.

You must authenticate using an access token with the repo scope to use this endpoint.

GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.deleteActionsCacheByKey({
  owner,
  repo,
  key,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
key	yes	A key for identifying the cache.
ref	no	The Git reference for the results you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.

Delete an artifact

Deletes an artifact for a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.deleteArtifact({
  owner,
  repo,
  artifact_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
artifact_id	yes	The unique identifier of the artifact.

Delete an environment secret

Deletes a secret in an environment using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.deleteEnvironmentSecret({
  repository_id,
  environment_name,
  secret_name,
});

Parameters

name	required	description
repository_id	yes	The unique identifier of the repository.
environment_name	yes	The name of the environment
secret_name	yes	The name of the secret.

Delete an organization secret

Deletes a secret in an organization using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.deleteOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.

Delete a repository secret

Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.deleteRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

Delete a self-hosted runner from an organization

Forces the removal of a self-hosted runner from an organization. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.deleteSelfHostedRunnerFromOrg({
  org,
  runner_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Delete a self-hosted runner from a repository

Forces the removal of a self-hosted runner from a repository. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
  owner,
  repo,
  runner_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Delete a workflow run

Delete a specific workflow run. Anyone with write access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.deleteWorkflowRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Delete workflow run logs

Deletes all logs for a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.deleteWorkflowRunLogs({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Disable a selected repository for GitHub Actions in an organization

Removes a repository from the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.disableSelectedRepositoryGithubActionsOrganization({
  org,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
repository_id	yes	The unique identifier of the repository.

Disable a workflow

Disables a workflow and sets the state of the workflow to disabled_manually. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.disableWorkflow({
  owner,
  repo,
  workflow_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.

Download an artifact

Gets a redirect URL to download an archive for a repository. This URL expires after 1 minute. Look for Location: in the response header to find the URL for the download. The :archive_format must be zip. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.downloadArtifact({
  owner,
  repo,
  artifact_id,
  archive_format,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
artifact_id	yes	The unique identifier of the artifact.
archive_format	yes

Download job logs for a workflow run

Gets a redirect URL to download a plain text file of logs for a workflow job. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.downloadJobLogsForWorkflowRun({
  owner,
  repo,
  job_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
job_id	yes	The unique identifier of the job.

Download workflow run attempt logs

Gets a redirect URL to download an archive of log files for a specific workflow run attempt. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.downloadWorkflowRunAttemptLogs({
  owner,
  repo,
  run_id,
  attempt_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
attempt_number	yes	The attempt number of the workflow run.

Download workflow run logs

Gets a redirect URL to download an archive of log files for a workflow run. This link expires after 1 minute. Look for Location: in the response header to find the URL for the download. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.downloadWorkflowRunLogs({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Enable a selected repository for GitHub Actions in an organization

Adds a repository to the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.enableSelectedRepositoryGithubActionsOrganization({
  org,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
repository_id	yes	The unique identifier of the repository.

Enable a workflow

Enables a workflow and sets the state of the workflow to active. You can replace workflow_id with the workflow file name. For example, you could use main.yaml.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.enableWorkflow({
  owner,
  repo,
  workflow_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.

List GitHub Actions caches for a repository

Lists the GitHub Actions caches for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getActionsCacheList({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
ref	no	The Git reference for the results you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.
key	no	An explicit key or prefix for identifying the cache
sort	no	The property to sort the results by. `created_at` means when the cache was created. `last_accessed_at` means when the cache was last accessed. `size_in_bytes` is the size of the cache in bytes.
direction	no	The direction to sort the results by.

Get GitHub Actions cache usage for a repository

Gets GitHub Actions cache usage for a repository. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getActionsCacheUsage({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

List repositories with GitHub Actions cache usage for an organization

Lists repositories and their GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_admistration:read permission to use this endpoint.

octokit.rest.actions.getActionsCacheUsageByRepoForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Get GitHub Actions cache usage for an enterprise

Gets the total GitHub Actions cache usage for an enterprise. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.actions.getActionsCacheUsageForEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Get GitHub Actions cache usage for an organization

Gets the total GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_admistration:read permission to use this endpoint.

octokit.rest.actions.getActionsCacheUsageForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get allowed actions and reusable workflows for an organization

Gets the selected actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization.""

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.getAllowedActionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get allowed actions and reusable workflows for a repository

Gets the settings for selected actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

octokit.rest.actions.getAllowedActionsRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get an artifact

Gets a specific artifact for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getArtifact({
  owner,
  repo,
  artifact_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
artifact_id	yes	The unique identifier of the artifact.

Get an environment public key

Get the public key for an environment, which you need to encrypt environment secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.getEnvironmentPublicKey({
  repository_id,
  environment_name,
});

Parameters

name	required	description
repository_id	yes	The unique identifier of the repository.
environment_name	yes	The name of the environment

Get an environment secret

Gets a single environment secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.getEnvironmentSecret({
  repository_id,
  environment_name,
  secret_name,
});

Parameters

name	required	description
repository_id	yes	The unique identifier of the repository.
environment_name	yes	The name of the environment
secret_name	yes	The name of the secret.

Get default workflow permissions for an enterprise

Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise, as well as whether GitHub Actions can submit approving pull request reviews. For more information, see "Enforcing a policy for workflow permissions in your enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

octokit.rest.actions.getGithubActionsDefaultWorkflowPermissionsEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Get default workflow permissions for an organization

Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, as well as whether GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.getGithubActionsDefaultWorkflowPermissionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get default workflow permissions for a repository

Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, as well as if GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this API.

octokit.rest.actions.getGithubActionsDefaultWorkflowPermissionsRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get GitHub Actions permissions for an organization

Gets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.getGithubActionsPermissionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get GitHub Actions permissions for a repository

Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

octokit.rest.actions.getGithubActionsPermissionsRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a job for a workflow run

Gets a specific job in a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getJobForWorkflowRun({
  owner,
  repo,
  job_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
job_id	yes	The unique identifier of the job.

Get an organization public key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.getOrgPublicKey({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get an organization secret

Gets a single organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.getOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.

Get pending deployments for a workflow run

Get all deployment environments for a workflow run that are waiting for protection rules to pass.

Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getPendingDeploymentsForRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Get GitHub Actions permissions for a repository

Deprecated: This method has been renamed to actions.getGithubActionsPermissionsRepository

Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

octokit.rest.actions.getRepoPermissions({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a repository public key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.getRepoPublicKey({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a repository secret

Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.getRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

Get the review history for a workflow run

octokit.rest.actions.getReviewsForRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Get a self-hosted runner for an organization

Gets a specific self-hosted runner configured in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.getSelfHostedRunnerForOrg({
  org,
  runner_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Get a self-hosted runner for a repository

Gets a specific self-hosted runner configured in a repository.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.getSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Get a workflow

Gets a specific workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getWorkflow({
  owner,
  repo,
  workflow_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.

Get the level of access for workflows outside of the repository

Gets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to internal repositories. For more information, see "Managing GitHub Actions settings for a repository."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this endpoint.

octokit.rest.actions.getWorkflowAccessToRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a workflow run

Gets a specific workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getWorkflowRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
exclude_pull_requests	no	If `true` pull requests are omitted from the response (empty array).

Get a workflow run attempt

Gets a specific workflow run attempt. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getWorkflowRunAttempt({
  owner,
  repo,
  run_id,
  attempt_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
attempt_number	yes	The attempt number of the workflow run.
exclude_pull_requests	no	If `true` pull requests are omitted from the response (empty array).

Get workflow run usage

Gets the number of billable minutes and total run time for a specific workflow run. Billable minutes only apply to workflows in private repositories that use GitHub-hosted runners. Usage is listed for each GitHub-hosted runner operating system in milliseconds. Any job re-runs are also included in the usage. The usage does not include the multiplier for macOS and Windows runners and is not rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".

Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getWorkflowRunUsage({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.

Get workflow usage

Gets the number of billable minutes used by a specific workflow during the current billing cycle. Billable minutes only apply to workflows in private repositories that use GitHub-hosted runners. Usage is listed for each GitHub-hosted runner operating system in milliseconds. Any job re-runs are also included in the usage. The usage does not include the multiplier for macOS and Windows runners and is not rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".

You can replace workflow_id with the workflow file name. For example, you could use main.yaml. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.getWorkflowUsage({
  owner,
  repo,
  workflow_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.

List artifacts for a repository

Lists all artifacts for a repository. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.listArtifactsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List environment secrets

Lists all secrets available in an environment without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.listEnvironmentSecrets({
  repository_id,
  environment_name,
});

Parameters

name	required	description
repository_id	yes	The unique identifier of the repository.
environment_name	yes	The name of the environment
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List jobs for a workflow run

Lists jobs for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.

octokit.rest.actions.listJobsForWorkflowRun({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
filter	no	Filters jobs by their `completed_at` timestamp. `latest` returns jobs from the most recent execution of the workflow run. `all` returns all jobs for a workflow run, including from old executions of the workflow run.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List jobs for a workflow run attempt

Lists jobs for a specific workflow run attempt. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.

octokit.rest.actions.listJobsForWorkflowRunAttempt({
  owner,
  repo,
  run_id,
  attempt_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
attempt_number	yes	The attempt number of the workflow run.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List labels for a self-hosted runner for an organization

Lists all labels for a self-hosted runner configured in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.listLabelsForSelfHostedRunnerForOrg({
  org,
  runner_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

List labels for a self-hosted runner for a repository

Lists all labels for a self-hosted runner configured in a repository.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.listLabelsForSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

List organization secrets

Lists all secrets available in an organization without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.listOrgSecrets({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository secrets

Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use this endpoint.

octokit.rest.actions.listRepoSecrets({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository workflows

Lists the workflows in a repository. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.listRepoWorkflows({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List runner applications for an organization

Lists binaries for the runner application that you can download and run.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.listRunnerApplicationsForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

List runner applications for a repository

Lists binaries for the runner application that you can download and run.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.listRunnerApplicationsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

List selected repositories for an organization secret

Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.listSelectedReposForOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).

List selected repositories enabled for GitHub Actions in an organization

Lists the selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.listSelectedRepositoriesEnabledGithubActionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List self-hosted runners for an organization

Lists all self-hosted runners configured in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.listSelfHostedRunnersForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List self-hosted runners for a repository

Lists all self-hosted runners configured in a repository. You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.listSelfHostedRunnersForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List workflow run artifacts

Lists artifacts for a workflow run. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.

octokit.rest.actions.listWorkflowRunArtifacts({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List workflow runs

List all workflow runs for a workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.

Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope.

octokit.rest.actions.listWorkflowRuns({
  owner,
  repo,
  workflow_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
workflow_id	yes	The ID of the workflow. You can also pass the workflow file name as a string.
actor	no	Returns someone's workflow runs. Use the login for the user who created the `push` associated with the check suite or workflow run.
branch	no	Returns workflow runs associated with a branch. Use the name of the branch of the `push`.
event	no	Returns workflow run triggered by the event you specify. For example, `push`, `pull_request` or `issue`. For more information, see "Events that trigger workflows."
status	no	Returns workflow runs with the check run `status` or `conclusion` that you specify. For example, a conclusion can be `success` or a status can be `in_progress`. Only GitHub can set a status of `waiting` or `requested`. For a list of the possible `status` and `conclusion` options, see "Create a check run."
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
created	no	Returns workflow runs created within the given date-time range. For more information on the syntax, see "Understanding the search syntax."
exclude_pull_requests	no	If `true` pull requests are omitted from the response (empty array).
check_suite_id	no	Returns workflow runs with the `check_suite_id` that you specify.

List workflow runs for a repository

Lists all workflow runs for a repository. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.

octokit.rest.actions.listWorkflowRunsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
actor	no	Returns someone's workflow runs. Use the login for the user who created the `push` associated with the check suite or workflow run.
branch	no	Returns workflow runs associated with a branch. Use the name of the branch of the `push`.
event	no	Returns workflow run triggered by the event you specify. For example, `push`, `pull_request` or `issue`. For more information, see "Events that trigger workflows."
status	no	Returns workflow runs with the check run `status` or `conclusion` that you specify. For example, a conclusion can be `success` or a status can be `in_progress`. Only GitHub can set a status of `waiting` or `requested`. For a list of the possible `status` and `conclusion` options, see "Create a check run."
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
created	no	Returns workflow runs created within the given date-time range. For more information on the syntax, see "Understanding the search syntax."
exclude_pull_requests	no	If `true` pull requests are omitted from the response (empty array).
check_suite_id	no	Returns workflow runs with the `check_suite_id` that you specify.

Re-run a job from a workflow run

Re-run a job and its dependent jobs in a workflow run. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.reRunJobForWorkflowRun({
  owner,
  repo,
  job_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
job_id	yes	The unique identifier of the job.
enable_debug_logging	no	Whether to enable debug logging for the re-run.

Re-run a workflow

Re-runs your workflow run using its id. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

octokit.rest.actions.reRunWorkflow({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
enable_debug_logging	no	Whether to enable debug logging for the re-run.

Re-run failed jobs from a workflow run

Re-run all of the failed jobs and their dependent jobs in a workflow run using the id of the workflow run. You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.reRunWorkflowFailedJobs({
  owner,
  repo,
  run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
enable_debug_logging	no	Whether to enable debug logging for the re-run.

Remove all custom labels from a self-hosted runner for an organization

Remove all custom labels from a self-hosted runner configured in an organization. Returns the remaining read-only labels from the runner.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForOrg({
  org,
  runner_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Remove all custom labels from a self-hosted runner for a repository

Remove all custom labels from a self-hosted runner configured in a repository. Returns the remaining read-only labels from the runner.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.

Remove a custom label from a self-hosted runner for an organization

Remove a custom label from a self-hosted runner configured in an organization. Returns the remaining labels from the runner.

This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.removeCustomLabelFromSelfHostedRunnerForOrg({
  org,
  runner_id,
  name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
name	yes	The name of a self-hosted runner's custom label.

Remove a custom label from a self-hosted runner for a repository

Remove a custom label from a self-hosted runner configured in a repository. Returns the remaining labels from the runner.

This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.removeCustomLabelFromSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
name	yes	The name of a self-hosted runner's custom label.

Remove selected repository from an organization secret

Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.removeSelectedRepoFromOrgSecret({
  org,
  secret_name,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
repository_id	yes

Review pending deployments for a workflow run

Approve or reject pending deployments that are waiting on approval by a required reviewer.

Required reviewers with read access to the repository contents and deployments can use this endpoint. Required reviewers must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.reviewPendingDeploymentsForRun({
  owner,
  repo,
  run_id,
  environment_ids,
  state,
  comment,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
run_id	yes	The unique identifier of the workflow run.
environment_ids	yes	The list of environment ids to approve or reject
state	yes	Whether to approve or reject deployment to the specified environments.
comment	yes	A comment to accompany the deployment review

Set allowed actions and reusable workflows for an organization

Sets the actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."

If the organization belongs to an enterprise that has selected actions and reusable workflows set at the enterprise level, then you cannot override any of the enterprise's allowed actions and reusable workflows settings.

To use the patterns_allowed setting for private repositories, the organization must belong to an enterprise. If the organization does not belong to an enterprise, then the patterns_allowed setting only applies to public repositories in the organization.

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.setAllowedActionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
github_owned_allowed	no	Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.
verified_allowed	no	Whether actions from GitHub Marketplace verified creators are allowed. Set to `true` to allow all actions by GitHub Marketplace verified creators.
patterns_allowed	no	Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@`, `monalisa/octocat@v2`, `monalisa/`."

Set allowed actions and reusable workflows for a repository

Sets the actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."

If the repository belongs to an organization or enterprise that has selected actions and reusable workflows set at the organization or enterprise levels, then you cannot override any of the allowed actions and reusable workflows settings.

To use the patterns_allowed setting for private repositories, the repository must belong to an enterprise. If the repository does not belong to an enterprise, then the patterns_allowed setting only applies to public repositories.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

octokit.rest.actions.setAllowedActionsRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
github_owned_allowed	no	Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.
verified_allowed	no	Whether actions from GitHub Marketplace verified creators are allowed. Set to `true` to allow all actions by GitHub Marketplace verified creators.
patterns_allowed	no	Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@`, `monalisa/octocat@v2`, `monalisa/`."

Set custom labels for a self-hosted runner for an organization

Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in an organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.actions.setCustomLabelsForSelfHostedRunnerForOrg({
  org,
  runner_id,
  labels,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to set for the runner. You can pass an empty array to remove all custom labels.

Set custom labels for a self-hosted runner for a repository

Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in a repository.

You must authenticate using an access token with the repo scope to use this endpoint.

octokit.rest.actions.setCustomLabelsForSelfHostedRunnerForRepo({
  owner,
  repo,
  runner_id,
  labels,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to set for the runner. You can pass an empty array to remove all custom labels.

Set default workflow permissions for an enterprise

Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise, and sets whether GitHub Actions can submit approving pull request reviews. For more information, see "Enforcing a policy for workflow permissions in your enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint. GitHub Apps must have the enterprise_administration:write permission to use this endpoint.

octokit.rest.actions.setGithubActionsDefaultWorkflowPermissionsEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
default_workflow_permissions	no	The default workflow permissions granted to the GITHUB_TOKEN when running workflows.
can_approve_pull_request_reviews	no	Whether GitHub Actions can approve pull requests. Enabling this can be a security risk.

Set default workflow permissions for an organization

Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, and sets if GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.setGithubActionsDefaultWorkflowPermissionsOrganization({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
default_workflow_permissions	no	The default workflow permissions granted to the GITHUB_TOKEN when running workflows.
can_approve_pull_request_reviews	no	Whether GitHub Actions can approve pull requests. Enabling this can be a security risk.

Set default workflow permissions for a repository

Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, and sets if GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this API.

octokit.rest.actions.setGithubActionsDefaultWorkflowPermissionsRepository({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
default_workflow_permissions	no	The default workflow permissions granted to the GITHUB_TOKEN when running workflows.
can_approve_pull_request_reviews	no	Whether GitHub Actions can approve pull requests. Enabling this can be a security risk.

Set GitHub Actions permissions for an organization

Sets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.

If the organization belongs to an enterprise that has set restrictive permissions at the enterprise level, such as allowed_actions to selected actions and reusable workflows, then you cannot override them for the organization.

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.setGithubActionsPermissionsOrganization({
  org,
  enabled_repositories,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
enabled_repositories	yes	The policy that controls the repositories in the organization that are allowed to run GitHub Actions.
allowed_actions	no	The permissions policy that controls the actions and reusable workflows that are allowed to run.

Set GitHub Actions permissions for a repository

Sets the GitHub Actions permissions policy for enabling GitHub Actions and allowed actions and reusable workflows in the repository.

If the repository belongs to an organization or enterprise that has set restrictive permissions at the organization or enterprise levels, such as allowed_actions to selected actions and reusable workflows, then you cannot override them for the repository.

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the administration repository permission to use this API.

octokit.rest.actions.setGithubActionsPermissionsRepository({
  owner,
  repo,
  enabled,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
enabled	yes	Whether GitHub Actions is enabled on the repository.
allowed_actions	no	The permissions policy that controls the actions and reusable workflows that are allowed to run.

Set selected repositories for an organization secret

Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the secrets organization permission to use this endpoint.

octokit.rest.actions.setSelectedReposForOrgSecret({
  org,
  secret_name,
  selected_repository_ids,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
selected_repository_ids	yes	An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the `visibility` is set to `selected`. You can add and remove individual repositories using the Set selected repositories for an organization secret and Remove selected repository from an organization secret endpoints.

Set selected repositories enabled for GitHub Actions in an organization

Replaces the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."

You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the administration organization permission to use this API.

octokit.rest.actions.setSelectedRepositoriesEnabledGithubActionsOrganization({
  org,
  selected_repository_ids,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
selected_repository_ids	yes	List of repository IDs to enable for GitHub Actions.

Set the level of access for workflows outside of the repository

Sets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to internal repositories. For more information, see "Managing GitHub Actions settings for a repository."

You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the repository administration permission to use this endpoint.

octokit.rest.actions.setWorkflowAccessToRepository({
  owner,
  repo,
  access_level,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
access_level	yes	Defines the level of access that workflows outside of the repository have to actions and reusable workflows within the repository. `none` means access is only possible from workflows in this repository.

Activity

Check if a repository is starred by the authenticated user

octokit.rest.activity.checkRepoIsStarredByAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Delete a repository subscription

This endpoint should only be used to stop watching a repository. To control whether or not you wish to receive notifications from a repository, set the repository's subscription manually.

octokit.rest.activity.deleteRepoSubscription({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Delete a thread subscription

Mutes all future notifications for a conversation until you comment on the thread or get an @mention. If you are watching the repository of the thread, you will still receive notifications. To ignore future notifications for a repository you are watching, use the Set a thread subscription endpoint and set ignore to true.

octokit.rest.activity.deleteThreadSubscription({
  thread_id,
});

Parameters

name	required	description
thread_id	yes	The unique identifier of the pull request thread.

Get feeds

GitHub provides several timeline resources in Atom format. The Feeds API lists all the feeds available to the authenticated user:

Timeline: The GitHub global public timeline
User: The public timeline for any user, using URI template
Current user public: The public timeline for the authenticated user
Current user: The private timeline for the authenticated user
Current user actor: The private timeline for activity created by the authenticated user
Current user organizations: The private timeline for the organizations the authenticated user is a member of.
Security advisories: A collection of public announcements that provide information about security-related vulnerabilities in software on GitHub.

Note: Private feeds are only returned when authenticating via Basic Auth since current feed URIs use the older, non revocable auth tokens.

octokit.rest.activity.getFeeds();

Parameters

This endpoint has no parameters

Get a repository subscription

octokit.rest.activity.getRepoSubscription({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a thread

octokit.rest.activity.getThread({
  thread_id,
});

Parameters

name	required	description
thread_id	yes	The unique identifier of the pull request thread.

Get a thread subscription for the authenticated user

This checks to see if the current user is subscribed to a thread. You can also get a repository subscription.

Note that subscriptions are only generated if a user is participating in a conversation--for example, they've replied to the thread, were @mentioned, or manually subscribe to a thread.

octokit.rest.activity.getThreadSubscriptionForAuthenticatedUser({
  thread_id,
});

Parameters

name	required	description
thread_id	yes	The unique identifier of the pull request thread.

List events for the authenticated user

If you are authenticated as the given user, you will see your private events. Otherwise, you'll only see public events.

octokit.rest.activity.listEventsForAuthenticatedUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List notifications for the authenticated user

List all notifications for the current user, sorted by most recently updated.

octokit.rest.activity.listNotificationsForAuthenticatedUser();

Parameters

name	required	description
all	no	If `true`, show notifications marked as read.
participating	no	If `true`, only shows notifications in which the user is directly participating or mentioned.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
before	no	Only show notifications updated before the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization events for the authenticated user

This is the user's organization dashboard. You must be authenticated as the user to view this.

octokit.rest.activity.listOrgEventsForAuthenticatedUser({
  username,
  org,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public events

We delay the public events feed by five minutes, which means the most recent event returned by the public events API actually occurred at least five minutes ago.

octokit.rest.activity.listPublicEvents();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public events for a network of repositories

octokit.rest.activity.listPublicEventsForRepoNetwork({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public events for a user

octokit.rest.activity.listPublicEventsForUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public organization events

octokit.rest.activity.listPublicOrgEvents({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List events received by the authenticated user

These are events that you've received by watching repos and following users. If you are authenticated as the given user, you will see private events. Otherwise, you'll only see public events.

octokit.rest.activity.listReceivedEventsForUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public events received by a user

octokit.rest.activity.listReceivedPublicEventsForUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository events

octokit.rest.activity.listRepoEvents({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository notifications for the authenticated user

List all notifications for the current user.

octokit.rest.activity.listRepoNotificationsForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
all	no	If `true`, show notifications marked as read.
participating	no	If `true`, only shows notifications in which the user is directly participating or mentioned.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
before	no	Only show notifications updated before the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories starred by the authenticated user

Lists repositories the authenticated user has starred.

You can also find out when stars were created by passing the following custom media type via the Accept header:

octokit.rest.activity.listReposStarredByAuthenticatedUser();

Parameters

name	required	description
sort	no	The property to sort the results by. `created` means when the repository was starred. `updated` means when the repository was last pushed to.
direction	no	The direction to sort the results by.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories starred by a user

Lists repositories a user has starred.

You can also find out when stars were created by passing the following custom media type via the Accept header:

octokit.rest.activity.listReposStarredByUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
sort	no	The property to sort the results by. `created` means when the repository was starred. `updated` means when the repository was last pushed to.
direction	no	The direction to sort the results by.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories watched by a user

Lists repositories a user is watching.

octokit.rest.activity.listReposWatchedByUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List stargazers

Lists the people that have starred the repository.

You can also find out when stars were created by passing the following custom media type via the Accept header:

octokit.rest.activity.listStargazersForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories watched by the authenticated user

Lists repositories the authenticated user is watching.

octokit.rest.activity.listWatchedReposForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List watchers

Lists the people watching the specified repository.

octokit.rest.activity.listWatchersForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Mark notifications as read

Marks all notifications as "read" removes it from the default view on GitHub. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted status and GitHub will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the List notifications for the authenticated user endpoint and pass the query parameter all=false.

octokit.rest.activity.markNotificationsAsRead();

Parameters

name	required	description
last_read_at	no	Describes the last point that notifications were checked. Anything updated since this time will not be marked as read. If you omit this parameter, all notifications are marked as read. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. Default: The current timestamp.
read	no	Whether the notification has been read.

Mark repository notifications as read

Marks all notifications in a repository as "read" removes them from the default view on GitHub. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted status and GitHub will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the List repository notifications for the authenticated user endpoint and pass the query parameter all=false.

octokit.rest.activity.markRepoNotificationsAsRead({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
last_read_at	no	Describes the last point that notifications were checked. Anything updated since this time will not be marked as read. If you omit this parameter, all notifications are marked as read. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. Default: The current timestamp.

Mark a thread as read

octokit.rest.activity.markThreadAsRead({
  thread_id,
});

Parameters

name	required	description
thread_id	yes	The unique identifier of the pull request thread.

Set a repository subscription

If you would like to watch a repository, set subscribed to true. If you would like to ignore notifications made within a repository, set ignored to true. If you would like to stop watching a repository, delete the repository's subscription completely.

octokit.rest.activity.setRepoSubscription({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
subscribed	no	Determines if notifications should be received from this repository.
ignored	no	Determines if all notifications should be blocked from this repository.

Set a thread subscription

If you are watching a repository, you receive notifications for all threads by default. Use this endpoint to ignore future notifications for threads until you comment on the thread or get an @mention.

You can also use this endpoint to subscribe to threads that you are currently not receiving notifications for or to subscribed to threads that you have previously ignored.

Unsubscribing from a conversation in a repository that you are not watching is functionally equivalent to the Delete a thread subscription endpoint.

octokit.rest.activity.setThreadSubscription({
  thread_id,
});

Parameters

name	required	description
thread_id	yes	The unique identifier of the pull request thread.
ignored	no	Whether to block all notifications from a thread.

Star a repository for the authenticated user

Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."

octokit.rest.activity.starRepoForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Unstar a repository for the authenticated user

octokit.rest.activity.unstarRepoForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Apps

Add a repository to an app installation

Deprecated: This method has been renamed to apps.addRepoToInstallationForAuthenticatedUser

Add a single repository to an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.

octokit.rest.apps.addRepoToInstallation({
  installation_id,
  repository_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
repository_id	yes	The unique identifier of the repository.

Add a repository to an app installation

Add a single repository to an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.

octokit.rest.apps.addRepoToInstallationForAuthenticatedUser({
  installation_id,
  repository_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
repository_id	yes	The unique identifier of the repository.

Check a token

OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.

octokit.rest.apps.checkToken({
  client_id,
  access_token,
});

Parameters

name	required	description
client_id	yes	The client ID of the GitHub app.
access_token	yes	The access_token of the OAuth application.

Create a GitHub App from a manifest

Use this endpoint to complete the handshake necessary when implementing the GitHub App Manifest flow. When you create a GitHub App with the manifest flow, you receive a temporary code used to retrieve the GitHub App's id, pem (private key), and webhook_secret.

octokit.rest.apps.createFromManifest({
  code,
});

Parameters

name	required	description
code	yes

Create an installation access token for an app

Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access. To restrict the access to specific repositories, you can provide the repository_ids when creating the token. When you omit repository_ids, the response does not contain the repositories key.

You must use a JWT to access this endpoint.

octokit.rest.apps.createInstallationAccessToken({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
repositories	no	List of repository names that the token should have access to
repository_ids	no	List of repository IDs that the token should have access to
permissions	no	The permissions granted to the user-to-server access token.
permissions.actions	no	The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts.
permissions.administration	no	The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation.
permissions.checks	no	The level of permission to grant the access token for checks on code.
permissions.contents	no	The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges.
permissions.deployments	no	The level of permission to grant the access token for deployments and deployment statuses.
permissions.environments	no	The level of permission to grant the access token for managing repository environments.
permissions.issues	no	The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones.
permissions.metadata	no	The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.
permissions.packages	no	The level of permission to grant the access token for packages published to GitHub Packages.
permissions.pages	no	The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds.
permissions.pull_requests	no	The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges.
permissions.repository_hooks	no	The level of permission to grant the access token to manage the post-receive hooks for a repository.
permissions.repository_projects	no	The level of permission to grant the access token to manage repository projects, columns, and cards.
permissions.secret_scanning_alerts	no	The level of permission to grant the access token to view and manage secret scanning alerts.
permissions.secrets	no	The level of permission to grant the access token to manage repository secrets.
permissions.security_events	no	The level of permission to grant the access token to view and manage security events like code scanning alerts.
permissions.single_file	no	The level of permission to grant the access token to manage just a single file.
permissions.statuses	no	The level of permission to grant the access token for commit statuses.
permissions.vulnerability_alerts	no	The level of permission to grant the access token to manage Dependabot alerts.
permissions.workflows	no	The level of permission to grant the access token to update GitHub Actions workflow files.
permissions.members	no	The level of permission to grant the access token for organization teams and members.
permissions.organization_administration	no	The level of permission to grant the access token to manage access to an organization.
permissions.organization_hooks	no	The level of permission to grant the access token to manage the post-receive hooks for an organization.
permissions.organization_plan	no	The level of permission to grant the access token for viewing an organization's plan.
permissions.organization_projects	no	The level of permission to grant the access token to manage organization projects and projects beta (where available).
permissions.organization_packages	no	The level of permission to grant the access token for organization packages published to GitHub Packages.
permissions.organization_secrets	no	The level of permission to grant the access token to manage organization secrets.
permissions.organization_self_hosted_runners	no	The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization.
permissions.organization_user_blocking	no	The level of permission to grant the access token to view and manage users blocked by the organization.
permissions.team_discussions	no	The level of permission to grant the access token to manage team discussions and related comments.

Delete an app authorization

OAuth application owners can revoke a grant for their OAuth application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

octokit.rest.apps.deleteAuthorization({
  client_id,
  access_token,
});

Parameters

name	required	description
client_id	yes	The client ID of the GitHub app.
access_token	yes	The OAuth access token used to authenticate to the GitHub API.

Delete an installation for the authenticated app

Uninstalls a GitHub App on a user, organization, or business account. If you prefer to temporarily suspend an app's access to your account's resources, then we recommend the "Suspend an app installation" endpoint.

You must use a JWT to access this endpoint.

octokit.rest.apps.deleteInstallation({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.

Delete an app token

OAuth application owners can revoke a single token for an OAuth application. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password.

octokit.rest.apps.deleteToken({
  client_id,
  access_token,
});

Parameters

name	required	description
client_id	yes	The client ID of the GitHub app.
access_token	yes	The OAuth access token used to authenticate to the GitHub API.

Get the authenticated app

Returns the GitHub App associated with the authentication credentials used. To see how many app installations are associated with this GitHub App, see the installations_count in the response. For more details about your app's installations, see the "List installations for the authenticated app" endpoint.

You must use a JWT to access this endpoint.

octokit.rest.apps.getAuthenticated();

Parameters

This endpoint has no parameters

Get an app

Note: The :app_slug is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., https://github.com/settings/apps/:app_slug).

If the GitHub App you specify is public, you can access this endpoint without authenticating. If the GitHub App you specify is private, you must authenticate with a personal access token or an installation access token to access this endpoint.

octokit.rest.apps.getBySlug({
  app_slug,
});

Parameters

name	required	description
app_slug	yes

Get an installation for the authenticated app

Enables an authenticated GitHub App to find an installation's information using the installation id.

You must use a JWT to access this endpoint.

octokit.rest.apps.getInstallation({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.

Get an organization installation for the authenticated app

Enables an authenticated GitHub App to find the organization's installation information.

You must use a JWT to access this endpoint.

octokit.rest.apps.getOrgInstallation({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get a repository installation for the authenticated app

Enables an authenticated GitHub App to find the repository's installation information. The installation's account type will be either an organization or a user account, depending which account the repository belongs to.

You must use a JWT to access this endpoint.

octokit.rest.apps.getRepoInstallation({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a subscription plan for an account

Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.getSubscriptionPlanForAccount({
  account_id,
});

Parameters

name	required	description
account_id	yes	account_id parameter

Get a subscription plan for an account (stubbed)

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.getSubscriptionPlanForAccountStubbed({
  account_id,
});

Parameters

name	required	description
account_id	yes	account_id parameter

Get a user installation for the authenticated app

Enables an authenticated GitHub App to find the user’s installation information.

You must use a JWT to access this endpoint.

octokit.rest.apps.getUserInstallation({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.

Get a webhook configuration for an app

Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."

You must use a JWT to access this endpoint.

octokit.rest.apps.getWebhookConfigForApp();

Parameters

This endpoint has no parameters

Get a delivery for an app webhook

Returns a delivery for the webhook configured for a GitHub App.

You must use a JWT to access this endpoint.

octokit.rest.apps.getWebhookDelivery({
  delivery_id,
});

Parameters

name	required	description
delivery_id	yes

List accounts for a plan

Returns user and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.listAccountsForPlan({
  plan_id,
});

Parameters

name	required	description
plan_id	yes	The unique identifier of the plan.
sort	no	The property to sort the results by. `created` means when the repository was starred. `updated` means when the repository was last pushed to.
direction	no	To return the oldest accounts first, set to `asc`. Ignored without the `sort` parameter.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List accounts for a plan (stubbed)

Returns repository and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.listAccountsForPlanStubbed({
  plan_id,
});

Parameters

name	required	description
plan_id	yes	The unique identifier of the plan.
sort	no	The property to sort the results by. `created` means when the repository was starred. `updated` means when the repository was last pushed to.
direction	no	To return the oldest accounts first, set to `asc`. Ignored without the `sort` parameter.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories accessible to the user access token

List repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access for an installation.

The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.

You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint.

The access the user has to each repository is included in the hash under the permissions key.

octokit.rest.apps.listInstallationReposForAuthenticatedUser({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List installations for the authenticated app

You must use a JWT to access this endpoint.

The permissions the installation has are included under the permissions key.

octokit.rest.apps.listInstallations();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
outdated	no

List app installations accessible to the user access token

Lists installations of your GitHub App that the authenticated user has explicit permission (:read, :write, or :admin) to access.

You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint.

The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.

You can find the permissions for the installation under the permissions key.

octokit.rest.apps.listInstallationsForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List plans

Lists all plans that are part of your GitHub Marketplace listing.

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.listPlans();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List plans (stubbed)

Lists all plans that are part of your GitHub Marketplace listing.

GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.

octokit.rest.apps.listPlansStubbed();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories accessible to the app installation

List repositories that an app installation can access.

You must use an installation access token to access this endpoint.

octokit.rest.apps.listReposAccessibleToInstallation();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List subscriptions for the authenticated user

Lists the active subscriptions for the authenticated user. You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint. . OAuth Apps must authenticate using an OAuth token.

octokit.rest.apps.listSubscriptionsForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List subscriptions for the authenticated user (stubbed)

octokit.rest.apps.listSubscriptionsForAuthenticatedUserStubbed();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List deliveries for an app webhook

Returns a list of webhook deliveries for the webhook configured for a GitHub App.

You must use a JWT to access this endpoint.

octokit.rest.apps.listWebhookDeliveries();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
cursor	no	Used for pagination: the starting delivery from which the page of deliveries is fetched. Refer to the `link` header for the next and previous page cursors.

Redeliver a delivery for an app webhook

Redeliver a delivery for the webhook configured for a GitHub App.

You must use a JWT to access this endpoint.

octokit.rest.apps.redeliverWebhookDelivery({
  delivery_id,
});

Parameters

name	required	description
delivery_id	yes

Remove a repository from an app installation

Deprecated: This method has been renamed to apps.removeRepoFromInstallationForAuthenticatedUser

Remove a single repository from an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.

octokit.rest.apps.removeRepoFromInstallation({
  installation_id,
  repository_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
repository_id	yes	The unique identifier of the repository.

Remove a repository from an app installation

Remove a single repository from an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.

octokit.rest.apps.removeRepoFromInstallationForAuthenticatedUser({
  installation_id,
  repository_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.
repository_id	yes	The unique identifier of the repository.

Reset a token

OAuth applications can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.

octokit.rest.apps.resetToken({
  client_id,
  access_token,
});

Parameters

name	required	description
client_id	yes	The client ID of the GitHub app.
access_token	yes	The access_token of the OAuth application.

Revoke an installation access token

Revokes the installation token you're using to authenticate as an installation and access this endpoint.

Once an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the "Create an installation access token for an app" endpoint.

You must use an installation access token to access this endpoint.

octokit.rest.apps.revokeInstallationAccessToken();

Parameters

This endpoint has no parameters

Create a scoped access token

Use a non-scoped user-to-server OAuth access token to create a repository scoped and/or permission scoped user-to-server OAuth access token. You can specify which repositories the token can access and which permissions are granted to the token. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.

octokit.rest.apps.scopeToken({
  client_id,
  access_token,
});

Parameters

name	required	description
client_id	yes	The client ID of the GitHub app.
access_token	yes	The OAuth access token used to authenticate to the GitHub API.
target	no	The name of the user or organization to scope the user-to-server access token to. Required unless `target_id` is specified.
target_id	no	The ID of the user or organization to scope the user-to-server access token to. Required unless `target` is specified.
repositories	no	The list of repository names to scope the user-to-server access token to. `repositories` may not be specified if `repository_ids` is specified.
repository_ids	no	The list of repository IDs to scope the user-to-server access token to. `repository_ids` may not be specified if `repositories` is specified.
permissions	no	The permissions granted to the user-to-server access token.
permissions.actions	no	The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts.
permissions.administration	no	The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation.
permissions.checks	no	The level of permission to grant the access token for checks on code.
permissions.contents	no	The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges.
permissions.deployments	no	The level of permission to grant the access token for deployments and deployment statuses.
permissions.environments	no	The level of permission to grant the access token for managing repository environments.
permissions.issues	no	The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones.
permissions.metadata	no	The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.
permissions.packages	no	The level of permission to grant the access token for packages published to GitHub Packages.
permissions.pages	no	The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds.
permissions.pull_requests	no	The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges.
permissions.repository_hooks	no	The level of permission to grant the access token to manage the post-receive hooks for a repository.
permissions.repository_projects	no	The level of permission to grant the access token to manage repository projects, columns, and cards.
permissions.secret_scanning_alerts	no	The level of permission to grant the access token to view and manage secret scanning alerts.
permissions.secrets	no	The level of permission to grant the access token to manage repository secrets.
permissions.security_events	no	The level of permission to grant the access token to view and manage security events like code scanning alerts.
permissions.single_file	no	The level of permission to grant the access token to manage just a single file.
permissions.statuses	no	The level of permission to grant the access token for commit statuses.
permissions.vulnerability_alerts	no	The level of permission to grant the access token to manage Dependabot alerts.
permissions.workflows	no	The level of permission to grant the access token to update GitHub Actions workflow files.
permissions.members	no	The level of permission to grant the access token for organization teams and members.
permissions.organization_administration	no	The level of permission to grant the access token to manage access to an organization.
permissions.organization_hooks	no	The level of permission to grant the access token to manage the post-receive hooks for an organization.
permissions.organization_plan	no	The level of permission to grant the access token for viewing an organization's plan.
permissions.organization_projects	no	The level of permission to grant the access token to manage organization projects and projects beta (where available).
permissions.organization_packages	no	The level of permission to grant the access token for organization packages published to GitHub Packages.
permissions.organization_secrets	no	The level of permission to grant the access token to manage organization secrets.
permissions.organization_self_hosted_runners	no	The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization.
permissions.organization_user_blocking	no	The level of permission to grant the access token to view and manage users blocked by the organization.
permissions.team_discussions	no	The level of permission to grant the access token to manage team discussions and related comments.

Suspend an app installation

Suspends a GitHub App on a user, organization, or business account, which blocks the app from accessing the account's resources. When a GitHub App is suspended, the app's access to the GitHub API or webhook events is blocked for that account.

You must use a JWT to access this endpoint.

octokit.rest.apps.suspendInstallation({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.

Unsuspend an app installation

Removes a GitHub App installation suspension.

You must use a JWT to access this endpoint.

octokit.rest.apps.unsuspendInstallation({
  installation_id,
});

Parameters

name	required	description
installation_id	yes	The unique identifier of the installation.

Update a webhook configuration for an app

Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."

You must use a JWT to access this endpoint.

octokit.rest.apps.updateWebhookConfigForApp();

Parameters

name	required	description
url	no	The URL to which the payloads will be delivered.
content_type	no	The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
secret	no	If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
insecure_ssl	no

Billing

Get GitHub Actions billing for an organization

Gets the summary of the free and paid GitHub Actions minutes used.

Paid minutes only apply to workflows in private repositories that use GitHub-hosted runners. Minutes used is listed for each GitHub-hosted runner operating system. Any job re-runs are also included in the usage. The usage returned includes any minute multipliers for macOS and Windows runners, and is rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".

Access tokens must have the repo or admin:org scope.

octokit.rest.billing.getGithubActionsBillingOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get GitHub Actions billing for a user

Gets the summary of the free and paid GitHub Actions minutes used.

Access tokens must have the user scope.

octokit.rest.billing.getGithubActionsBillingUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.

Get GitHub Advanced Security active committers for an enterprise

Gets the GitHub Advanced Security active committers for an enterprise per repository. Each distinct user login across all repositories is counted as a single Advanced Security seat, so the total_advanced_security_committers is not the sum of active_users for each repository.

octokit.rest.billing.getGithubAdvancedSecurityBillingGhe({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Get GitHub Advanced Security active committers for an organization

Gets the GitHub Advanced Security active committers for an organization per repository. Each distinct user login across all repositories is counted as a single Advanced Security seat, so the total_advanced_security_committers is not the sum of advanced_security_committers for each repository. If this organization defers to an enterprise for billing, the total_advanced_security_committers returned from the organization API may include some users that are in more than one organization, so they will only consume a single Advanced Security seat at the enterprise level.

octokit.rest.billing.getGithubAdvancedSecurityBillingOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Get GitHub Packages billing for an organization

Gets the free and paid storage used for GitHub Packages in gigabytes.

Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."

Access tokens must have the repo or admin:org scope.

octokit.rest.billing.getGithubPackagesBillingOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get GitHub Packages billing for a user

Gets the free and paid storage used for GitHub Packages in gigabytes.

Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."

Access tokens must have the user scope.

octokit.rest.billing.getGithubPackagesBillingUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.

Get shared storage billing for an organization

Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.

Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."

Access tokens must have the repo or admin:org scope.

octokit.rest.billing.getSharedStorageBillingOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get shared storage billing for a user

Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.

Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."

Access tokens must have the user scope.

octokit.rest.billing.getSharedStorageBillingUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.

Checks

Create a check run

Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.

Creates a new check run for a specific commit in a repository. Your GitHub App must have the checks:write permission to create check runs.

In a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.

octokit.rest.checks.create({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
status	no
*	no

Create a check suite

By default, check suites are automatically created when you create a check run. You only need to use this endpoint for manually creating check suites when you've disabled automatic creation using "Update repository preferences for check suites". Your GitHub App must have the checks:write permission to create check suites.

octokit.rest.checks.createSuite({
  owner,
  repo,
  head_sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
head_sha	yes	The sha of the head commit.

Get a check run

Gets a single check run using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

octokit.rest.checks.get({
  owner,
  repo,
  check_run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_run_id	yes	The unique identifier of the check run.

Get a check suite

Gets a single check suite using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check suites. OAuth Apps and authenticated users must have the repo scope to get check suites in a private repository.

octokit.rest.checks.getSuite({
  owner,
  repo,
  check_suite_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_suite_id	yes	The unique identifier of the check suite.

List check run annotations

Lists annotations for a check run using the annotation id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get annotations for a check run. OAuth Apps and authenticated users must have the repo scope to get annotations for a check run in a private repository.

octokit.rest.checks.listAnnotations({
  owner,
  repo,
  check_run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_run_id	yes	The unique identifier of the check run.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List check runs for a Git reference

Lists check runs for a commit ref. The ref can be a SHA, branch name, or a tag name. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

octokit.rest.checks.listForRef({
  owner,
  repo,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter
check_name	no	Returns check runs with the specified `name`.
status	no	Returns check runs with the specified `status`.
filter	no	Filters check runs by their `completed_at` timestamp. `latest` returns the most recent check runs.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
app_id	no

List check runs in a check suite

Lists check runs for a check suite using its id. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to get check runs. OAuth Apps and authenticated users must have the repo scope to get check runs in a private repository.

octokit.rest.checks.listForSuite({
  owner,
  repo,
  check_suite_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_suite_id	yes	The unique identifier of the check suite.
check_name	no	Returns check runs with the specified `name`.
status	no	Returns check runs with the specified `status`.
filter	no	Filters check runs by their `completed_at` timestamp. `latest` returns the most recent check runs.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List check suites for a Git reference

Lists check suites for a commit ref. The ref can be a SHA, branch name, or a tag name. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to list check suites. OAuth Apps and authenticated users must have the repo scope to get check suites in a private repository.

octokit.rest.checks.listSuitesForRef({
  owner,
  repo,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter
app_id	no	Filters check suites by GitHub App `id`.
check_name	no	Returns check runs with the specified `name`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Rerequest a check run

Triggers GitHub to rerequest an existing check run, without pushing new code to a repository. This endpoint will trigger the check_run webhook event with the action rerequested. When a check run is rerequested, its status is reset to queued and the conclusion is cleared.

To rerequest a check run, your GitHub App must have the checks:read permission on a private repository or pull access to a public repository.

octokit.rest.checks.rerequestRun({
  owner,
  repo,
  check_run_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_run_id	yes	The unique identifier of the check run.

Rerequest a check suite

Triggers GitHub to rerequest an existing check suite, without pushing new code to a repository. This endpoint will trigger the check_suite webhook event with the action rerequested. When a check suite is rerequested, its status is reset to queued and the conclusion is cleared.

To rerequest a check suite, your GitHub App must have the checks:read permission on a private repository or pull access to a public repository.

octokit.rest.checks.rerequestSuite({
  owner,
  repo,
  check_suite_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_suite_id	yes	The unique identifier of the check suite.

Update repository preferences for check suites

Changes the default automatic flow when creating check suites. By default, a check suite is automatically created each time code is pushed to a repository. When you disable the automatic creation of check suites, you can manually Create a check suite. You must have admin permissions in the repository to set preferences for check suites.

octokit.rest.checks.setSuitesPreferences({
        owner,
repo,
auto_trigger_checks[].app_id,
auto_trigger_checks[].setting
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
auto_trigger_checks	no	Enables or disables automatic creation of CheckSuite events upon pushes to the repository. Enabled by default. See the `auto_trigger_checks` object description for details.
auto_trigger_checks[].app_id	yes	The `id` of the GitHub App.
auto_trigger_checks[].setting	yes	Set to `true` to enable automatic creation of CheckSuite events upon pushes to the repository, or `false` to disable them.

Update a check run

Updates a check run for a specific commit in a repository. Your GitHub App must have the checks:write permission to edit check runs.

octokit.rest.checks.update({
        owner,
repo,
check_run_id,
output.summary,
output.annotations[].path,
output.annotations[].start_line,
output.annotations[].end_line,
output.annotations[].annotation_level,
output.annotations[].message,
output.images[].alt,
output.images[].image_url,
actions[].label,
actions[].description,
actions[].identifier
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
check_run_id	yes	The unique identifier of the check run.
name	no	The name of the check. For example, "code-coverage".
details_url	no	The URL of the integrator's site that has the full details of the check.
external_id	no	A reference for the run on the integrator's system.
started_at	no	This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
status	no	The current status.
conclusion	no	Required if you provide `completed_at` or a `status` of `completed`. The final conclusion of the check. Note: Providing `conclusion` will automatically set the `status` parameter to `completed`. You cannot change a check run conclusion to `stale`, only GitHub can set this.
completed_at	no	The time the check completed. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
output	no	Check runs can accept a variety of data in the `output` object, including a `title` and `summary` and can optionally provide descriptive details about the run. See the `output` object description.
output.title	no	Required.
output.summary	yes	Can contain Markdown.
output.text	no	Can contain Markdown.
output.annotations	no	Adds information from your analysis to specific lines of code. Annotations are visible in GitHub's pull request UI. Annotations are visible in GitHub's pull request UI. The Checks API limits the number of annotations to a maximum of 50 per API request. To create more than 50 annotations, you have to make multiple requests to the Update a check run endpoint. Each time you update the check run, annotations are appended to the list of annotations that already exist for the check run. For details about annotations in the UI, see "About status checks". See the `annotations` object description for details.
output.annotations[].path	yes	The path of the file to add an annotation to. For example, `assets/css/main.css`.
output.annotations[].start_line	yes	The start line of the annotation.
output.annotations[].end_line	yes	The end line of the annotation.
output.annotations[].start_column	no	The start column of the annotation. Annotations only support `start_column` and `end_column` on the same line. Omit this parameter if `start_line` and `end_line` have different values.
output.annotations[].end_column	no	The end column of the annotation. Annotations only support `start_column` and `end_column` on the same line. Omit this parameter if `start_line` and `end_line` have different values.
output.annotations[].annotation_level	yes	The level of the annotation.
output.annotations[].message	yes	A short description of the feedback for these lines of code. The maximum size is 64 KB.
output.annotations[].title	no	The title that represents the annotation. The maximum size is 255 characters.
output.annotations[].raw_details	no	Details about this annotation. The maximum size is 64 KB.
output.images	no	Adds images to the output displayed in the GitHub pull request UI. See the `images` object description for details.
output.images[].alt	yes	The alternative text for the image.
output.images[].image_url	yes	The full URL of the image.
output.images[].caption	no	A short image description.
actions	no	Possible further actions the integrator can perform, which a user may trigger. Each action includes a `label`, `identifier` and `description`. A maximum of three actions are accepted. See the `actions` object description. To learn more about check runs and requested actions, see "Check runs and requested actions."
actions[].label	yes	The text to be displayed on a button in the web UI. The maximum size is 20 characters.
actions[].description	yes	A short explanation of what this action would do. The maximum size is 40 characters.
actions[].identifier	yes	A reference for the action on the integrator's system. The maximum size is 20 characters.

Code-Scanning

Delete a code scanning analysis from a repository

Deletes a specified code scanning analysis from a repository. For private repositories, you must use an access token with the repo scope. For public repositories, you must use an access token with public_repo scope. GitHub Apps must have the security_events write permission to use this endpoint.

You can delete one analysis at a time. To delete a series of analyses, start with the most recent analysis and work backwards. Conceptually, the process is similar to the undo function in a text editor.

When you list the analyses for a repository, one or more will be identified as deletable in the response:

"deletable": true

An analysis is deletable when it's the most recent in a set of analyses. Typically, a repository will have multiple sets of analyses for each enabled code scanning tool, where a set is determined by a unique combination of analysis values:

ref
tool
analysis_key
environment

If you attempt to delete an analysis that is not the most recent in a set, you'll get a 400 response with the message:

Analysis specified is not deletable.

The response from a successful DELETE operation provides you with two alternative URLs for deleting the next analysis in the set: next_analysis_url and confirm_delete_url. Use the next_analysis_url URL if you want to avoid accidentally deleting the final analysis in a set. This is a useful option if you want to preserve at least one analysis for the specified tool in your repository. Use the confirm_delete_url URL if you are content to remove all analyses for a tool. When you delete the last analysis in a set, the value of next_analysis_url and confirm_delete_url in the 200 response is null.

As an example of the deletion process, let's imagine that you added a workflow that configured a particular code scanning tool to analyze the code in a repository. This tool has added 15 analyses: 10 on the default branch, and another 5 on a topic branch. You therefore have two separate sets of analyses for this tool. You've now decided that you want to remove all of the analyses for the tool. To do this you must make 15 separate deletion requests. To start, you must find an analysis that's identified as deletable. Each set of analyses always has one that's identified as deletable. Having found the deletable analysis for one of the two sets, delete this analysis and then continue deleting the next analysis in the set until they're all deleted. Then repeat the process for the second set. The procedure therefore consists of a nested loop:

Outer loop:

List the analyses for the repository, filtered by tool.
Parse this list to find a deletable analysis. If found:

Inner loop:
- Delete the identified analysis.
- Parse the response for the value of confirm_delete_url and, if found, use this in the next iteration.

The above process assumes that you want to remove all trace of the tool's analyses from the GitHub user interface, for the specified repository, and it therefore uses the confirm_delete_url value. Alternatively, you could use the next_analysis_url value, which would leave the last analysis in each set undeleted to avoid removing a tool's analysis entirely.

octokit.rest.codeScanning.deleteAnalysis({
  owner,
  repo,
  analysis_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
analysis_id	yes	The ID of the analysis, as returned from the `GET /repos/{owner}/{repo}/code-scanning/analyses` operation.
confirm_delete	no	Allow deletion if the specified analysis is the last in a set. If you attempt to delete the final analysis in a set without setting this parameter to `true`, you'll get a 400 response with the message: `Analysis is last of its type and deletion may result in the loss of historical alert data. Please specify confirm_delete.`

Get a code scanning alert

Gets a single code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

Deprecation notice: The instances field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The same information can now be retrieved via a GET request to the URL specified by instances_url.

octokit.rest.codeScanning.getAlert({
  owner,
  repo,
  alert_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
alert_number	yes	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.
alert_id	no	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.

Get a code scanning analysis for a repository

Gets a specified code scanning analysis for a repository. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

The default JSON response contains fields that describe the analysis. This includes the Git reference and commit SHA to which the analysis relates, the datetime of the analysis, the name of the code scanning tool, and the number of alerts.

The rules_count field in the default response give the number of rules that were run in the analysis. For very old analyses this data is not available, and 0 is returned in this field.

If you use the Accept header application/sarif+json, the response contains the analysis data that was uploaded. This is formatted as SARIF version 2.1.0.

octokit.rest.codeScanning.getAnalysis({
  owner,
  repo,
  analysis_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
analysis_id	yes	The ID of the analysis, as returned from the `GET /repos/{owner}/{repo}/code-scanning/analyses` operation.

Get information about a SARIF upload

Gets information about a SARIF upload, including the status and the URL of the analysis that was uploaded so that you can retrieve details of the analysis. For more information, see "Get a code scanning analysis for a repository." You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

octokit.rest.codeScanning.getSarif({
  owner,
  repo,
  sarif_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
sarif_id	yes	The SARIF ID obtained after uploading.

List instances of a code scanning alert

Lists all instances of the specified code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

octokit.rest.codeScanning.listAlertInstances({
  owner,
  repo,
  alert_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
alert_number	yes	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
ref	no	The Git reference for the results you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.

List code scanning alerts for an organization

Lists all code scanning alerts for the default branch (usually main or master) for all eligible repositories in an organization. To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the security_events read permission to use this endpoint.

octokit.rest.codeScanning.listAlertsForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
tool_name	no	The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either `tool_name` or `tool_guid`, but not both.
tool_guid	no	The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either `tool_guid` or `tool_name`, but not both.
before	no	A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
after	no	A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
direction	no	The direction to sort the results by.
state	no	Set to `open`, `closed`, `fixed`, or `dismissed` to list code scanning alerts in a specific state.
sort	no	The property by which to sort the results.

List code scanning alerts for a repository

Lists all open code scanning alerts for the default branch (usually main or master). You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

The response includes a most_recent_instance object. This provides details of the most recent instance of this alert for the default branch or for the specified Git reference (if you used ref in the request).

octokit.rest.codeScanning.listAlertsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tool_name	no	The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either `tool_name` or `tool_guid`, but not both.
tool_guid	no	The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either `tool_guid` or `tool_name`, but not both.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
ref	no	The Git reference for the results you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.
direction	no	The direction to sort the results by.
sort	no	The property by which to sort the results. `number` is deprecated - we recommend that you use `created` instead.
state	no	Set to `open`, `closed,` fixed`, or` dismissed` to list code scanning alerts in a specific state.

List instances of a code scanning alert

Deprecated: This method has been renamed to codeScanning.listAlertInstances

octokit.rest.codeScanning.listAlertsInstances({
  owner,
  repo,
  alert_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
alert_number	yes	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
ref	no	The Git reference for the results you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.

List code scanning analyses for a repository

Lists the details of all code scanning analyses for a repository, starting with the most recent. The response is paginated and you can use the page and per_page parameters to list the analyses you're interested in. By default 30 analyses are listed per page.

The rules_count field in the response give the number of rules that were run in the analysis. For very old analyses this data is not available, and 0 is returned in this field.

You must use an access token with the security_events scope to use this endpoint with private repos, the public_repo scope also grants permission to read security events on public repos only. GitHub Apps must have the security_events read permission to use this endpoint.

Deprecation notice: The tool_name field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The tool name can now be found inside the tool field.

octokit.rest.codeScanning.listRecentAnalyses({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tool_name	no	The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either `tool_name` or `tool_guid`, but not both.
tool_guid	no	The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either `tool_guid` or `tool_name`, but not both.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
ref	no	The Git reference for the analyses you want to list. The `ref` for a branch can be formatted either as `refs/heads/<branch name>` or simply `<branch name>`. To reference a pull request use `refs/pull/<number>/merge`.
sarif_id	no	Filter analyses belonging to the same SARIF upload.

Update a code scanning alert

Updates the status of a single code scanning alert. You must use an access token with the security_events scope to use this endpoint with private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have the security_events write permission to use this endpoint.

octokit.rest.codeScanning.updateAlert({
  owner,
  repo,
  alert_number,
  state,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
alert_number	yes	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.
state	yes	Sets the state of the code scanning alert. You must provide `dismissed_reason` when you set the state to `dismissed`.
dismissed_reason	no	Required when the state is dismissed. The reason for dismissing or closing the alert.
dismissed_comment	no	The dismissal comment associated with the dismissal of the alert.

Upload an analysis as SARIF data

Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint for private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have the security_events write permission to use this endpoint.

There are two places where you can upload code scanning results.

If you upload to a pull request, for example --ref refs/pull/42/merge or --ref refs/pull/42/head, then the results appear as alerts in a pull request check. For more information, see "Triaging code scanning alerts in pull requests."
If you upload to a branch, for example --ref refs/heads/my-branch, then the results appear in the Security tab for your repository. For more information, see "Managing code scanning alerts for your repository."

You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:

gzip -c analysis-data.sarif | base64 -w0

SARIF upload supports a maximum of 5000 results per analysis run. Any results over this limit are ignored and any SARIF uploads with more than 25,000 results are rejected. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.

The 202 Accepted, response includes an id value. You can use this ID to check the status of the upload by using this for the /sarifs/{sarif_id} endpoint. For more information, see "Get information about a SARIF upload."

octokit.rest.codeScanning.uploadSarif({
  owner,
  repo,
  commit_sha,
  ref,
  sarif,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
commit_sha	yes	The SHA of the commit to which the analysis you are uploading relates.
ref	yes	The full Git reference, formatted as `refs/heads/<branch name>`, `refs/pull/<number>/merge`, or `refs/pull/<number>/head`.
sarif	yes	A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using `gzip` and then translate the contents of the file into a Base64 encoding string. For more information, see "SARIF support for code scanning."
checkout_uri	no	The base directory used in the analysis, as it appears in the SARIF file. This property is used to convert file paths from absolute to relative, so that alerts can be mapped to their correct location in the repository.
started_at	no	The time that the analysis run began. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
tool_name	no	The name of the tool used to generate the code scanning analysis. If this parameter is not used, the tool name defaults to "API". If the uploaded SARIF contains a tool GUID, this will be available for filtering using the `tool_guid` parameter of operations such as `GET /repos/{owner}/{repo}/code-scanning/alerts`.

Codes-of-Conduct

Get all codes of conduct

octokit.rest.codesOfConduct.getAllCodesOfConduct();

Parameters

This endpoint has no parameters

Get a code of conduct

octokit.rest.codesOfConduct.getConductCode({
  key,
});

Parameters

name	required	description
key	yes

Codespaces

Add a selected repository to a user secret

Adds a repository to the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on the referenced repository to use this endpoint.

octokit.rest.codespaces.addRepositoryForSecretForAuthenticatedUser({
  secret_name,
  repository_id,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.
repository_id	yes

List machine types for a codespace

List the machine types a codespace can transition to use.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces_metadata repository permission to use this endpoint.

octokit.rest.codespaces.codespaceMachinesForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Create a codespace for the authenticated user

Creates a new codespace, owned by the authenticated user.

This endpoint requires either a repository_id OR a pull_request but not both.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.createForAuthenticatedUser({
        repository_id,
pull_request,
pull_request.pull_request_number,
pull_request.repository_id
      })

Parameters

name	required	description
repository_id	yes	Repository id for this codespace
ref	no	Git ref (typically a branch name) for this codespace
location	no	Location for this codespace. Assigned by IP if not provided
client_ip	no	IP for location auto-detection when proxying a request
machine	no	Machine type to use for this codespace
devcontainer_path	no	Path to devcontainer.json config to use for this codespace
multi_repo_permissions_opt_out	no	Whether to authorize requested permissions from devcontainer.json
working_directory	no	Working directory for this codespace
idle_timeout_minutes	no	Time in minutes before codespace stops from inactivity
display_name	no	Display name for this codespace
retention_period_minutes	no	Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days).
pull_request	yes	Pull request number for this codespace
pull_request.pull_request_number	yes	Pull request number
pull_request.repository_id	yes	Repository id for this codespace

Create or update a repository secret

Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the codespaces_secrets repository permission to use this endpoint.

Example of encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example of encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example of encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example of encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.codespaces.createOrUpdateRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint.
key_id	no	ID of the key you used to encrypt the secret.

Create or update a secret for the authenticated user

Creates or updates a secret for a user's codespace with an encrypted value. Encrypt your secret using LibSodium.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must also have Codespaces access to use this endpoint.

GitHub Apps must have read access to the codespaces_user_secrets user permission and codespaces_secrets repository permission on all referenced repositories to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.codespaces.createOrUpdateSecretForAuthenticatedUser({
  secret_name,
  key_id,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get the public key for the authenticated user endpoint.
key_id	yes	ID of the key you used to encrypt the secret.
selected_repository_ids	no	An array of repository ids that can access the user secret. You can manage the list of selected repositories using the List selected repositories for a user secret, Set selected repositories for a user secret, and Remove a selected repository from a user secret endpoints.

Create a codespace from a pull request

Creates a codespace owned by the authenticated user for the specified pull request.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.createWithPrForAuthenticatedUser({
  owner,
  repo,
  pull_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
pull_number	yes	The number that identifies the pull request.
location	no	Location for this codespace. Assigned by IP if not provided
client_ip	no	IP for location auto-detection when proxying a request
machine	no	Machine type to use for this codespace
devcontainer_path	no	Path to devcontainer.json config to use for this codespace
multi_repo_permissions_opt_out	no	Whether to authorize requested permissions from devcontainer.json
working_directory	no	Working directory for this codespace
idle_timeout_minutes	no	Time in minutes before codespace stops from inactivity
display_name	no	Display name for this codespace
retention_period_minutes	no	Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days).

Create a codespace in a repository

Creates a codespace owned by the authenticated user in the specified repository.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.createWithRepoForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	no	Git ref (typically a branch name) for this codespace
location	no	Location for this codespace. Assigned by IP if not provided
client_ip	no	IP for location auto-detection when proxying a request
machine	no	Machine type to use for this codespace
devcontainer_path	no	Path to devcontainer.json config to use for this codespace
multi_repo_permissions_opt_out	no	Whether to authorize requested permissions from devcontainer.json
working_directory	no	Working directory for this codespace
idle_timeout_minutes	no	Time in minutes before codespace stops from inactivity
display_name	no	Display name for this codespace
retention_period_minutes	no	Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days).

Delete a codespace for the authenticated user

Deletes a user's codespace.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.deleteForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Delete a codespace from the organization

Deletes a user's codespace.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.codespaces.deleteFromOrganization({
  org,
  username,
  codespace_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.
codespace_name	yes	The name of the codespace.

Delete a repository secret

Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the codespaces_secrets repository permission to use this endpoint.

octokit.rest.codespaces.deleteRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

Delete a secret for the authenticated user

Deletes a secret from a user's codespaces using the secret name. Deleting the secret will remove access from all codespaces that were allowed to access the secret.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.

octokit.rest.codespaces.deleteSecretForAuthenticatedUser({
  secret_name,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.

Export a codespace for the authenticated user

Triggers an export of the specified codespace and returns a URL and ID where the status of the export can be monitored.

You must authenticate using a personal access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.

octokit.rest.codespaces.exportForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Get details about a codespace export

Gets information about an export of a codespace.

You must authenticate using a personal access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces_lifecycle_admin repository permission to use this endpoint.

octokit.rest.codespaces.getExportDetailsForAuthenticatedUser({
  codespace_name,
  export_id,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.
export_id	yes	The ID of the export operation, or `latest`. Currently only `latest` is currently supported.

Get a codespace for the authenticated user

Gets information about a user's codespace.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.getForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Get public key for the authenticated user

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.

octokit.rest.codespaces.getPublicKeyForAuthenticatedUser();

Parameters

This endpoint has no parameters

Get a repository public key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the codespaces_secrets repository permission to use this endpoint.

octokit.rest.codespaces.getRepoPublicKey({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a repository secret

Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the codespaces_secrets repository permission to use this endpoint.

octokit.rest.codespaces.getRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

Get a secret for the authenticated user

Gets a secret available to a user's codespaces without revealing its encrypted value.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.

octokit.rest.codespaces.getSecretForAuthenticatedUser({
  secret_name,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.

List devcontainer configurations in a repository for the authenticated user

Lists the devcontainer.json files associated with a specified repository and the authenticated user. These files specify launchpoint configurations for codespaces created within the repository.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces_metadata repository permission to use this endpoint.

octokit.rest.codespaces.listDevcontainersInRepositoryForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

List codespaces for the authenticated user

Lists the authenticated user's codespaces.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.listForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
repository_id	no	ID of the Repository to filter on

List codespaces for the organization

Lists the codespaces associated to a specified organization.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.codespaces.listInOrganization({
  org,
});

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
org	yes	The organization name. The name is not case sensitive.
org_id	no	The organization name. The name is not case sensitive.

List codespaces in a repository for the authenticated user

Lists the codespaces associated to a specified repository and the authenticated user.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have read access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.listInRepositoryForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

List repository secrets

Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the codespaces_secrets repository permission to use this endpoint.

octokit.rest.codespaces.listRepoSecrets({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List selected repositories for a user secret

List the repositories that have been granted the ability to use a user's codespace secret.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have read access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.

octokit.rest.codespaces.listRepositoriesForSecretForAuthenticatedUser({
  secret_name,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.

List secrets for the authenticated user

Lists all secrets available for a user's Codespaces without revealing their encrypted values.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.

octokit.rest.codespaces.listSecretsForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Remove a selected repository from a user secret

Removes a repository from the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.

octokit.rest.codespaces.removeRepositoryForSecretForAuthenticatedUser({
  secret_name,
  repository_id,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.
repository_id	yes

List available machine types for a repository

List the machine types available for a given repository based on its configuration.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces_metadata repository permission to use this endpoint.

octokit.rest.codespaces.repoMachinesForAuthenticatedUser({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
location	no	The location to check for available machines. Assigned by IP if not provided.
client_ip	no	IP for location auto-detection when proxying a request

Set selected repositories for a user secret

Select the repositories that will use a user's codespace secret.

You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.

GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.

octokit.rest.codespaces.setRepositoriesForSecretForAuthenticatedUser({
  secret_name,
  selected_repository_ids,
});

Parameters

name	required	description
secret_name	yes	The name of the secret.
selected_repository_ids	yes	An array of repository ids for which a codespace can access the secret. You can manage the list of selected repositories using the List selected repositories for a user secret, Add a selected repository to a user secret, and Remove a selected repository from a user secret endpoints.

Start a codespace for the authenticated user

Starts a user's codespace.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.

octokit.rest.codespaces.startForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Stop a codespace for the authenticated user

Stops a user's codespace.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.

octokit.rest.codespaces.stopForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.

Stop a codespace for an organization user

Stops a user's codespace.

You must authenticate using an access token with the admin:org scope to use this endpoint.

octokit.rest.codespaces.stopInOrganization({
  org,
  username,
  codespace_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.
codespace_name	yes	The name of the codespace.

Update a codespace for the authenticated user

Updates a codespace owned by the authenticated user. Currently only the codespace's machine type and recent folders can be modified using this endpoint.

If you specify a new machine type it will be applied the next time your codespace is started.

You must authenticate using an access token with the codespace scope to use this endpoint.

GitHub Apps must have write access to the codespaces repository permission to use this endpoint.

octokit.rest.codespaces.updateForAuthenticatedUser({
  codespace_name,
});

Parameters

name	required	description
codespace_name	yes	The name of the codespace.
machine	no	A valid machine to transition this codespace to.
display_name	no	Display name for this codespace
recent_folders	no	Recently opened folders inside the codespace. It is currently used by the clients to determine the folder path to load the codespace in.

Dependabot

Add selected repository to an organization secret

Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.addSelectedRepoToOrgSecret({
  org,
  secret_name,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
repository_id	yes

Create or update an organization secret

Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.dependabot.createOrUpdateOrgSecret({
  org,
  secret_name,
  visibility,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an organization public key endpoint.
key_id	no	ID of the key you used to encrypt the secret.
visibility	yes	Which type of organization repositories have access to the organization secret. `selected` means only the repositories specified by `selected_repository_ids` can access the secret.
selected_repository_ids	no	An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the `visibility` is set to `selected`. You can manage the list of selected repositories using the List selected repositories for an organization secret, Set selected repositories for an organization secret, and Remove selected repository from an organization secret endpoints.

Create or update a repository secret

Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

const sodium = require('tweetsodium');

const key = "base64-encoded-public-key";
const value = "plain-text-secret";

// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');

// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);

// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');

console.log(encrypted);

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

octokit.rest.dependabot.createOrUpdateRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.
encrypted_value	no	Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint.
key_id	no	ID of the key you used to encrypt the secret.

Delete an organization secret

Deletes a secret in an organization using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.deleteOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.

Delete a repository secret

Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

octokit.rest.dependabot.deleteRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

Get an organization public key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.getOrgPublicKey({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get an organization secret

Gets a single organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.getOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.

Get a repository public key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

octokit.rest.dependabot.getRepoPublicKey({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a repository secret

Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

octokit.rest.dependabot.getRepoSecret({
  owner,
  repo,
  secret_name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
secret_name	yes	The name of the secret.

List organization secrets

Lists all secrets available in an organization without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.listOrgSecrets({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository secrets

Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.

octokit.rest.dependabot.listRepoSecrets({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List selected repositories for an organization secret

Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.listSelectedReposForOrgSecret({
  org,
  secret_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).

Remove selected repository from an organization secret

Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.removeSelectedRepoFromOrgSecret({
  org,
  secret_name,
  repository_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
repository_id	yes

Set selected repositories for an organization secret

Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

octokit.rest.dependabot.setSelectedReposForOrgSecret({
  org,
  secret_name,
  selected_repository_ids,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
secret_name	yes	The name of the secret.
selected_repository_ids	yes	An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the `visibility` is set to `selected`. You can add and remove individual repositories using the Set selected repositories for an organization secret and Remove selected repository from an organization secret endpoints.

Dependency-Graph

Create a snapshot of dependencies for a repository

Create a new snapshot of a repository's dependencies. You must authenticate using an access token with the repo scope to use this endpoint for a repository that the requesting user has access to.

octokit.rest.dependencyGraph.createRepositorySnapshot({
        owner,
repo,
version,
job,
job.id,
job.correlator,
sha,
ref,
detector,
detector.name,
detector.version,
detector.url,
manifests.*.name,
scanned
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
version	yes	The version of the repository snapshot submission.
job	yes
job.id	yes	The external ID of the job.
job.correlator	yes	Correlator provides a key that is used to group snapshots submitted over time. Only the "latest" submitted snapshot for a given combination of `job.correlator` and `detector.name` will be considered when calculating a repository's current dependencies. Correlator should be as unique as it takes to distinguish all detection runs for a given "wave" of CI workflow you run. If you're using GitHub Actions, a good default value for this could be the environment variables GITHUB_WORKFLOW and GITHUB_JOB concatenated together. If you're using a build matrix, then you'll also need to add additional key(s) to distinguish between each submission inside a matrix variation.
job.html_url	no	The url for the job.
sha	yes	The commit SHA associated with this dependency snapshot.
ref	yes	The repository branch that triggered this snapshot.
detector	yes	A description of the detector used.
detector.name	yes	The name of the detector used.
detector.version	yes	The version of the detector used.
detector.url	yes	The url of the detector used.
metadata	no	User-defined metadata to store domain-specific information limited to 8 keys with scalar values.
metadata.*	no
manifests	no	A collection of package manifests
manifests.*	no	A collection of related dependencies declared in a file or representing a logical group of dependencies.
manifests.*.name	yes	The name of the manifest.
manifests.*.file	no
manifests.*.file.source_location	no	The path of the manifest file relative to the root of the Git repository.
manifests.*.metadata	no	User-defined metadata to store domain-specific information limited to 8 keys with scalar values.
manifests..metadata.	no
manifests.*.resolved	no
scanned	yes	The time at which the snapshot was scanned.

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

octokit.rest.dependencyGraph.diffRange({
  owner,
  repo,
  basehead,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
basehead	yes	The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.
name	no	The full path, relative to the repository root, of the dependency manifest file.

Emojis

Get emojis

Lists all the emojis available to use on GitHub.

octokit.rest.emojis.get();

Parameters

This endpoint has no parameters

Enterprise-Admin

Add custom labels to a self-hosted runner for an enterprise

Add custom labels to a self-hosted runner configured in an enterprise.

You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.addCustomLabelsToSelfHostedRunnerForEnterprise({
  enterprise,
  runner_id,
  labels,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to add to the runner.

Disable a selected organization for GitHub Actions in an enterprise

Removes an organization from the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.disableSelectedOrganizationGithubActionsEnterprise(
  {
    enterprise,
    org_id,
  }
);

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
org_id	yes	The unique identifier of the organization.

Enable a selected organization for GitHub Actions in an enterprise

Adds an organization to the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.enableSelectedOrganizationGithubActionsEnterprise({
  enterprise,
  org_id,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
org_id	yes	The unique identifier of the organization.

Get allowed actions and reusable workflows for an enterprise

Gets the selected actions and reusable workflows that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.getAllowedActionsEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Get GitHub Actions permissions for an enterprise

Gets the GitHub Actions permissions policy for organizations and allowed actions and reusable workflows in an enterprise.

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.getGithubActionsPermissionsEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Get GitHub Enterprise Server statistics

Returns aggregate usage metrics for your GitHub Enterprise Server 3.5+ instance for a specified time period up to 365 days.

To use this endpoint, your GitHub Enterprise Server instance must be connected to GitHub Enterprise Cloud using GitHub Connect. You must enable Server Statistics, and for the API request provide your enterprise account name or organization name connected to the GitHub Enterprise Server. For more information, see "Enabling Server Statistics for your enterprise" in the GitHub Enterprise Server documentation.

You'll need to use a personal access token:

If you connected your GitHub Enterprise Server to an enterprise account and enabled Server Statistics, you'll need a personal access token with the read:enterprise permission.
If you connected your GitHub Enterprise Server to an organization account and enabled Server Statistics, you'll need a personal access token with the read:org permission.

For more information on creating a personal access token, see "Creating a personal access token."

octokit.rest.enterpriseAdmin.getServerStatistics({
  enterprise_or_org,
});

Parameters

name	required	description
enterprise_or_org	yes	The slug version of the enterprise name or the login of an organization.
date_start	no	A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
date_end	no	A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

List labels for a self-hosted runner for an enterprise

Lists all labels for a self-hosted runner configured in an enterprise.

You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.listLabelsForSelfHostedRunnerForEnterprise({
  enterprise,
  runner_id,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
runner_id	yes	Unique identifier of the self-hosted runner.

List selected organizations enabled for GitHub Actions in an enterprise

Lists the organizations that are selected to have GitHub Actions enabled in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.listSelectedOrganizationsEnabledGithubActionsEnterprise(
  {
    enterprise,
  }
);

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Remove all custom labels from a self-hosted runner for an enterprise

Remove all custom labels from a self-hosted runner configured in an enterprise. Returns the remaining read-only labels from the runner.

You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.removeAllCustomLabelsFromSelfHostedRunnerForEnterprise(
  {
    enterprise,
    runner_id,
  }
);

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
runner_id	yes	Unique identifier of the self-hosted runner.

Remove a custom label from a self-hosted runner for an enterprise

Remove a custom label from a self-hosted runner configured in an enterprise. Returns the remaining labels from the runner.

This endpoint returns a 404 Not Found status if the custom label is not present on the runner.

You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.removeCustomLabelFromSelfHostedRunnerForEnterprise(
  {
    enterprise,
    runner_id,
    name,
  }
);

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
runner_id	yes	Unique identifier of the self-hosted runner.
name	yes	The name of a self-hosted runner's custom label.

Set allowed actions and reusable workflows for an enterprise

Sets the actions and reusable workflows that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.setAllowedActionsEnterprise({
  enterprise,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
github_owned_allowed	no	Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.
verified_allowed	no	Whether actions from GitHub Marketplace verified creators are allowed. Set to `true` to allow all actions by GitHub Marketplace verified creators.
patterns_allowed	no	Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@`, `monalisa/octocat@v2`, `monalisa/`."

Set custom labels for a self-hosted runner for an enterprise

Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in an enterprise.

You must authenticate using an access token with the manage_runners:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.setCustomLabelsForSelfHostedRunnerForEnterprise({
  enterprise,
  runner_id,
  labels,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
runner_id	yes	Unique identifier of the self-hosted runner.
labels	yes	The names of the custom labels to set for the runner. You can pass an empty array to remove all custom labels.

Set GitHub Actions permissions for an enterprise

Sets the GitHub Actions permissions policy for organizations and allowed actions and reusable workflows in an enterprise.

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.setGithubActionsPermissionsEnterprise({
  enterprise,
  enabled_organizations,
});

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
enabled_organizations	yes	The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions.
allowed_actions	no	The permissions policy that controls the actions and reusable workflows that are allowed to run.

Set selected organizations enabled for GitHub Actions in an enterprise

Replaces the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see "Set GitHub Actions permissions for an enterprise."

You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

octokit.rest.enterpriseAdmin.setSelectedOrganizationsEnabledGithubActionsEnterprise(
  {
    enterprise,
    selected_organization_ids,
  }
);

Parameters

name	required	description
enterprise	yes	The slug version of the enterprise name. You can also substitute this value with the enterprise id.
selected_organization_ids	yes	List of organization IDs to enable for GitHub Actions.

Gists

Check if a gist is starred

octokit.rest.gists.checkIsStarred({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Create a gist

Allows you to add a new gist with one or more files.

Note: Don't name your files "gistfile" with a numerical suffix. This is the format of the automatic naming scheme that Gist uses internally.

octokit.rest.gists.create({
        files,
files.*.content
      })

Parameters

name	required	description
description	no	Description of the gist
files	yes	Names and content for the files that make up the gist
files.*	no
files.*.content	yes	Content of the file
public	no

Create a gist comment

octokit.rest.gists.createComment({
  gist_id,
  body,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
body	yes	The comment text.

Delete a gist

octokit.rest.gists.delete({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Delete a gist comment

octokit.rest.gists.deleteComment({
  gist_id,
  comment_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
comment_id	yes	The unique identifier of the comment.

Fork a gist

Note: This was previously /gists/:gist_id/fork.

octokit.rest.gists.fork({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Get a gist

octokit.rest.gists.get({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Get a gist comment

octokit.rest.gists.getComment({
  gist_id,
  comment_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
comment_id	yes	The unique identifier of the comment.

Get a gist revision

octokit.rest.gists.getRevision({
  gist_id,
  sha,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
sha	yes

List gists for the authenticated user

Lists the authenticated user's gists or if called anonymously, this endpoint returns all public gists:

octokit.rest.gists.list();

Parameters

name	required	description
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List gist comments

octokit.rest.gists.listComments({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List gist commits

octokit.rest.gists.listCommits({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List gists for a user

Lists public gists for the specified user:

octokit.rest.gists.listForUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List gist forks

octokit.rest.gists.listForks({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public gists

List public gists sorted by most recently updated to least recently updated.

Note: With pagination, you can fetch up to 3000 gists. For example, you can fetch 100 pages with 30 gists per page or 30 pages with 100 gists per page.

octokit.rest.gists.listPublic();

Parameters

name	required	description
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List starred gists

List the authenticated user's starred gists:

octokit.rest.gists.listStarred();

Parameters

name	required	description
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Star a gist

Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."

octokit.rest.gists.star({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Unstar a gist

octokit.rest.gists.unstar({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.

Update a gist

Allows you to update or delete a gist file and rename gist files. Files from the previous version of the gist that aren't explicitly changed during an edit are unchanged.

octokit.rest.gists.update({
  gist_id,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
description	no	Description of the gist
files	no	Names of files to be updated
files.*	no
files.*.content	no	The new content of the file
files.*.filename	no	The new filename for the file

Update a gist comment

octokit.rest.gists.updateComment({
  gist_id,
  comment_id,
  body,
});

Parameters

name	required	description
gist_id	yes	The unique identifier of the gist.
comment_id	yes	The unique identifier of the comment.
body	yes	The comment text.

Git

Create a blob

octokit.rest.git.createBlob({
  owner,
  repo,
  content,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
content	yes	The new blob's content.
encoding	no	The encoding used for `content`. Currently, `"utf-8"` and `"base64"` are supported.

Create a commit

Creates a new Git commit object.

Signature verification object

The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

Name	Type	Description
`verified`	`boolean`	Indicates whether GitHub considers the signature in this commit to be verified.
`reason`	`string`	The reason for verified value. Possible values and their meanings are enumerated in the table below.
`signature`	`string`	The signature that was extracted from the commit.
`payload`	`string`	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
`expired_key`	The key that made the signature is expired.
`not_signing_key`	The "signing" flag is not among the usage flags in the GPG key that made the signature.
`gpgverify_error`	There was an error communicating with the signature verification service.
`gpgverify_unavailable`	The signature verification service is currently unavailable.
`unsigned`	The object does not include a signature.
`unknown_signature_type`	A non-PGP signature was found in the commit.
`no_user`	No user was associated with the `committer` email address in the commit.
`unverified_email`	The `committer` email address in the commit was associated with a user, but the email address is not verified on her/his account.
`bad_email`	The `committer` email address in the commit is not included in the identities of the PGP key that made the signature.
`unknown_key`	The key that made the signature has not been registered with any user's account.
`malformed_signature`	There was an error parsing the signature.
`invalid`	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
`valid`	None of the above errors applied, so the signature is considered to be verified.

octokit.rest.git.createCommit({
        owner,
repo,
message,
tree,
author.name,
author.email
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
message	yes	The commit message
tree	yes	The SHA of the tree object this commit points to
parents	no	The SHAs of the commits that were the parents of this commit. If omitted or empty, the commit will be written as a root commit. For a single parent, an array of one SHA should be provided; for a merge commit, an array of more than one should be provided.
author	no	Information about the author of the commit. By default, the `author` will be the authenticated user and the current date. See the `author` and `committer` object below for details.
author.name	yes	The name of the author (or committer) of the commit
author.email	yes	The email of the author (or committer) of the commit
author.date	no	Indicates when this commit was authored (or committed). This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
committer	no	Information about the person who is making the commit. By default, `committer` will use the information set in `author`. See the `author` and `committer` object below for details.
committer.name	no	The name of the author (or committer) of the commit
committer.email	no	The email of the author (or committer) of the commit
committer.date	no	Indicates when this commit was authored (or committed). This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
signature	no	The PGP signature of the commit. GitHub adds the signature to the `gpgsig` header of the created commit. For a commit signature to be verifiable by Git or GitHub, it must be an ASCII-armored detached PGP signature over the string commit as it would be written to the object database. To pass a `signature` parameter, you need to first manually create a valid PGP signature, which can be complicated. You may find it easier to use the command line to create signed commits.

Create a reference

Creates a reference for your repository. You are unable to create new references for empty repositories, even if the commit SHA-1 hash used exists. Empty repositories are repositories without branches.

octokit.rest.git.createRef({
  owner,
  repo,
  ref,
  sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	The name of the fully qualified reference (ie: `refs/heads/master`). If it doesn't start with 'refs' and have at least two slashes, it will be rejected.
sha	yes	The SHA1 value for this reference.
key	no

Create a tag object

Note that creating a tag object does not create the reference that makes a tag in Git. If you want to create an annotated tag in Git, you have to do this call to create the tag object, and then create the refs/tags/[tag] reference. If you want to create a lightweight tag, you only have to create the tag reference - this call would be unnecessary.

Signature verification object

The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

Name	Type	Description
`verified`	`boolean`	Indicates whether GitHub considers the signature in this commit to be verified.
`reason`	`string`	The reason for verified value. Possible values and their meanings are enumerated in table below.
`signature`	`string`	The signature that was extracted from the commit.
`payload`	`string`	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
`expired_key`	The key that made the signature is expired.
`not_signing_key`	The "signing" flag is not among the usage flags in the GPG key that made the signature.
`gpgverify_error`	There was an error communicating with the signature verification service.
`gpgverify_unavailable`	The signature verification service is currently unavailable.
`unsigned`	The object does not include a signature.
`unknown_signature_type`	A non-PGP signature was found in the commit.
`no_user`	No user was associated with the `committer` email address in the commit.
`unverified_email`	The `committer` email address in the commit was associated with a user, but the email address is not verified on her/his account.
`bad_email`	The `committer` email address in the commit is not included in the identities of the PGP key that made the signature.
`unknown_key`	The key that made the signature has not been registered with any user's account.
`malformed_signature`	There was an error parsing the signature.
`invalid`	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
`valid`	None of the above errors applied, so the signature is considered to be verified.

octokit.rest.git.createTag({
        owner,
repo,
tag,
message,
object,
type,
tagger.name,
tagger.email
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tag	yes	The tag's name. This is typically a version (e.g., "v0.0.1").
message	yes	The tag message.
object	yes	The SHA of the git object this is tagging.
type	yes	The type of the object we're tagging. Normally this is a `commit` but it can also be a `tree` or a `blob`.
tagger	no	An object with information about the individual creating the tag.
tagger.name	yes	The name of the author of the tag
tagger.email	yes	The email of the author of the tag
tagger.date	no	When this object was tagged. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.

Create a tree

The tree creation API accepts nested entries. If you specify both a tree and a nested path modifying that tree, this endpoint will overwrite the contents of the tree with the new path contents, and create a new tree structure.

If you use this endpoint to add, delete, or modify the file contents in a tree, you will need to commit the tree and then update a branch to point to the commit. For more information see "Create a commit" and "Update a reference."

octokit.rest.git.createTree({
  owner,
  repo,
  tree,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tree	yes	Objects (of `path`, `mode`, `type`, and `sha`) specifying a tree structure.
tree[].path	no	The file referenced in the tree.
tree[].mode	no	The file mode; one of `100644` for file (blob), `100755` for executable (blob), `040000` for subdirectory (tree), `160000` for submodule (commit), or `120000` for a blob that specifies the path of a symlink.
tree[].type	no	Either `blob`, `tree`, or `commit`.
tree[].sha	no	The SHA1 checksum ID of the object in the tree. Also called `tree.sha`. If the value is `null` then the file will be deleted. Note: Use either `tree.sha` or `content` to specify the contents of the entry. Using both `tree.sha` and `content` will return an error.
tree[].content	no	The content you want this file to have. GitHub will write this blob out and use that SHA for this entry. Use either this, or `tree.sha`. Note: Use either `tree.sha` or `content` to specify the contents of the entry. Using both `tree.sha` and `content` will return an error.
base_tree	no	The SHA1 of an existing Git tree object which will be used as the base for the new tree. If provided, a new Git tree object will be created from entries in the Git tree object pointed to by `base_tree` and entries defined in the `tree` parameter. Entries defined in the `tree` parameter will overwrite items from `base_tree` with the same `path`. If you're creating new changes on a branch, then normally you'd set `base_tree` to the SHA1 of the Git tree object of the current latest commit on the branch you're working on. If not provided, GitHub will create a new Git tree object from only the entries defined in the `tree` parameter. If you create a new commit pointing to such a tree, then all files which were a part of the parent commit's tree and were not defined in the `tree` parameter will be listed as deleted by the new commit.

Delete a reference

octokit.rest.git.deleteRef({
  owner,
  repo,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter

Get a blob

The content in the response will always be Base64 encoded.

Note: This API supports blobs up to 100 megabytes in size.

octokit.rest.git.getBlob({
  owner,
  repo,
  file_sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
file_sha	yes

Get a commit

Gets a Git commit object.

Signature verification object

The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

Name	Type	Description
`verified`	`boolean`	Indicates whether GitHub considers the signature in this commit to be verified.
`reason`	`string`	The reason for verified value. Possible values and their meanings are enumerated in the table below.
`signature`	`string`	The signature that was extracted from the commit.
`payload`	`string`	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
`expired_key`	The key that made the signature is expired.
`not_signing_key`	The "signing" flag is not among the usage flags in the GPG key that made the signature.
`gpgverify_error`	There was an error communicating with the signature verification service.
`gpgverify_unavailable`	The signature verification service is currently unavailable.
`unsigned`	The object does not include a signature.
`unknown_signature_type`	A non-PGP signature was found in the commit.
`no_user`	No user was associated with the `committer` email address in the commit.
`unverified_email`	The `committer` email address in the commit was associated with a user, but the email address is not verified on her/his account.
`bad_email`	The `committer` email address in the commit is not included in the identities of the PGP key that made the signature.
`unknown_key`	The key that made the signature has not been registered with any user's account.
`malformed_signature`	There was an error parsing the signature.
`invalid`	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
`valid`	None of the above errors applied, so the signature is considered to be verified.

octokit.rest.git.getCommit({
  owner,
  repo,
  commit_sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
commit_sha	yes	The SHA of the commit.

Get a reference

Returns a single reference from your Git database. The :ref in the URL must be formatted as heads/<branch name> for branches and tags/<tag name> for tags. If the :ref doesn't match an existing ref, a 404 is returned.

Note: You need to explicitly request a pull request to trigger a test merge commit, which checks the mergeability of pull requests. For more information, see "Checking mergeability of pull requests".

octokit.rest.git.getRef({
  owner,
  repo,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter

Get a tag

Signature verification object

The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:

Name	Type	Description
`verified`	`boolean`	Indicates whether GitHub considers the signature in this commit to be verified.
`reason`	`string`	The reason for verified value. Possible values and their meanings are enumerated in table below.
`signature`	`string`	The signature that was extracted from the commit.
`payload`	`string`	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
`expired_key`	The key that made the signature is expired.
`not_signing_key`	The "signing" flag is not among the usage flags in the GPG key that made the signature.
`gpgverify_error`	There was an error communicating with the signature verification service.
`gpgverify_unavailable`	The signature verification service is currently unavailable.
`unsigned`	The object does not include a signature.
`unknown_signature_type`	A non-PGP signature was found in the commit.
`no_user`	No user was associated with the `committer` email address in the commit.
`unverified_email`	The `committer` email address in the commit was associated with a user, but the email address is not verified on her/his account.
`bad_email`	The `committer` email address in the commit is not included in the identities of the PGP key that made the signature.
`unknown_key`	The key that made the signature has not been registered with any user's account.
`malformed_signature`	There was an error parsing the signature.
`invalid`	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
`valid`	None of the above errors applied, so the signature is considered to be verified.

octokit.rest.git.getTag({
  owner,
  repo,
  tag_sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tag_sha	yes

Get a tree

Returns a single tree using the SHA1 value for that tree.

If truncated is true in the response then the number of items in the tree array exceeded our maximum limit. If you need to fetch more items, use the non-recursive method of fetching trees, and fetch one sub-tree at a time.

octokit.rest.git.getTree({
  owner,
  repo,
  tree_sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
tree_sha	yes
recursive	no	Setting this parameter to any value returns the objects or subtrees referenced by the tree specified in `:tree_sha`. For example, setting `recursive` to any of the following will enable returning objects or subtrees: `0`, `1`, `"true"`, and `"false"`. Omit this parameter to prevent recursively returning objects or subtrees.

List matching references

Returns an array of references from your Git database that match the supplied name. The :ref in the URL must be formatted as heads/<branch name> for branches and tags/<tag name> for tags. If the :ref doesn't exist in the repository, but existing refs start with :ref, they will be returned as an array.

When you use this endpoint without providing a :ref, it will return an array of all the references from your Git database, including notes and stashes if they exist on the server. Anything in the namespace is returned, not just heads and tags.

If you request matching references for a branch named feature but the branch feature doesn't exist, the response can still include other matching head refs that start with the word feature, such as featureA and featureB.

octokit.rest.git.listMatchingRefs({
  owner,
  repo,
  ref,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Update a reference

octokit.rest.git.updateRef({
  owner,
  repo,
  ref,
  sha,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
ref	yes	ref parameter
sha	yes	The SHA1 value to set this reference to
force	no	Indicates whether to force the update or to make sure the update is a fast-forward update. Leaving this out or setting it to `false` will make sure you're not overwriting work.

Gitignore

Get all gitignore templates

List all templates available to pass as an option when creating a repository.

octokit.rest.gitignore.getAllTemplates();

Parameters

This endpoint has no parameters

Get a gitignore template

The API also allows fetching the source of a single template. Use the raw media type to get the raw contents.

octokit.rest.gitignore.getTemplate({
  name,
});

Parameters

name	required	description
name	yes

Interactions

Get interaction restrictions for your public repositories

Shows which type of GitHub user can interact with your public repositories and when the restriction expires.

octokit.rest.interactions.getRestrictionsForAuthenticatedUser();

Parameters

This endpoint has no parameters

Get interaction restrictions for an organization

Shows which type of GitHub user can interact with this organization and when the restriction expires. If there is no restrictions, you will see an empty response.

octokit.rest.interactions.getRestrictionsForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get interaction restrictions for a repository

Shows which type of GitHub user can interact with this repository and when the restriction expires. If there are no restrictions, you will see an empty response.

octokit.rest.interactions.getRestrictionsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get interaction restrictions for your public repositories

Deprecated: This method has been renamed to interactions.getRestrictionsForAuthenticatedUser

Shows which type of GitHub user can interact with your public repositories and when the restriction expires.

octokit.rest.interactions.getRestrictionsForYourPublicRepos();

Parameters

This endpoint has no parameters

Remove interaction restrictions from your public repositories

Removes any interaction restrictions from your public repositories.

octokit.rest.interactions.removeRestrictionsForAuthenticatedUser();

Parameters

This endpoint has no parameters

Remove interaction restrictions for an organization

Removes all interaction restrictions from public repositories in the given organization. You must be an organization owner to remove restrictions.

octokit.rest.interactions.removeRestrictionsForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Remove interaction restrictions for a repository

Removes all interaction restrictions from the given repository. You must have owner or admin access to remove restrictions. If the interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict response and will not be able to use this endpoint to change the interaction limit for a single repository.

octokit.rest.interactions.removeRestrictionsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Remove interaction restrictions from your public repositories

Deprecated: This method has been renamed to interactions.removeRestrictionsForAuthenticatedUser

Removes any interaction restrictions from your public repositories.

octokit.rest.interactions.removeRestrictionsForYourPublicRepos();

Parameters

This endpoint has no parameters

Set interaction restrictions for your public repositories

Temporarily restricts which type of GitHub user can interact with your public repositories. Setting the interaction limit at the user level will overwrite any interaction limits that are set for individual repositories owned by the user.

octokit.rest.interactions.setRestrictionsForAuthenticatedUser({
  limit,
});

Parameters

name	required	description
limit	yes	The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect.
expiry	no	The duration of the interaction restriction. Default: `one_day`.

Set interaction restrictions for an organization

Temporarily restricts interactions to a certain type of GitHub user in any public repository in the given organization. You must be an organization owner to set these restrictions. Setting the interaction limit at the organization level will overwrite any interaction limits that are set for individual repositories owned by the organization.

octokit.rest.interactions.setRestrictionsForOrg({
  org,
  limit,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
limit	yes	The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect.
expiry	no	The duration of the interaction restriction. Default: `one_day`.

Set interaction restrictions for a repository

Temporarily restricts interactions to a certain type of GitHub user within the given repository. You must have owner or admin access to set these restrictions. If an interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict response and will not be able to use this endpoint to change the interaction limit for a single repository.

octokit.rest.interactions.setRestrictionsForRepo({
  owner,
  repo,
  limit,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
limit	yes	The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect.
expiry	no	The duration of the interaction restriction. Default: `one_day`.

Set interaction restrictions for your public repositories

Deprecated: This method has been renamed to interactions.setRestrictionsForAuthenticatedUser

octokit.rest.interactions.setRestrictionsForYourPublicRepos({
  limit,
});

Parameters

name	required	description
limit	yes	The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect.
expiry	no	The duration of the interaction restriction. Default: `one_day`.

Issues

Add assignees to an issue

Adds up to 10 assignees to an issue. Users already assigned to an issue are not replaced.

octokit.rest.issues.addAssignees({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
assignees	no	Usernames of people to assign this issue to. NOTE: Only users with push access can add assignees to an issue. Assignees are silently ignored otherwise.

Add labels to an issue

octokit.rest.issues.addLabels({
        owner,
repo,
issue_number,
labels[].name
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
labels	no
labels[].name	yes

Check if a user can be assigned

Checks if a user has permission to be assigned to an issue in this repository.

If the assignee can be assigned to issues in the repository, a 204 header with no content is returned.

Otherwise a 404 status code is returned.

octokit.rest.issues.checkUserCanBeAssigned({
  owner,
  repo,
  assignee,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
assignee	yes

Create an issue

Any user with pull access to a repository can create an issue. If issues are disabled in the repository, the API returns a 410 Gone status.

This endpoint triggers notifications. Creating content too quickly using this endpoint may result in secondary rate limiting. See "Secondary rate limits" and "Dealing with secondary rate limits" for details.

octokit.rest.issues.create({
  owner,
  repo,
  title,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
title	yes	The title of the issue.
body	no	The contents of the issue.
assignee	no	Login for the user that this issue should be assigned to. NOTE: Only users with push access can set the assignee for new issues. The assignee is silently dropped otherwise. This field is deprecated.
milestone	no
labels	no	Labels to associate with this issue. NOTE: Only users with push access can set labels for new issues. Labels are silently dropped otherwise.
assignees	no	Logins for Users to assign to this issue. NOTE: Only users with push access can set assignees for new issues. Assignees are silently dropped otherwise.

Create an issue comment

octokit.rest.issues.createComment({
  owner,
  repo,
  issue_number,
  body,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
body	yes	The contents of the comment.

Create a label

octokit.rest.issues.createLabel({
  owner,
  repo,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
name	yes	The name of the label. Emoji can be added to label names, using either native emoji or colon-style markup. For example, typing `:strawberry:` will render the emoji . For a full list of available emoji and codes, see "Emoji cheat sheet."
color	no	The hexadecimal color code for the label, without the leading `#`.
description	no	A short description of the label. Must be 100 characters or fewer.

Create a milestone

octokit.rest.issues.createMilestone({
  owner,
  repo,
  title,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
title	yes	The title of the milestone.
state	no	The state of the milestone. Either `open` or `closed`.
description	no	A description of the milestone.
due_on	no	The milestone due date. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.

Delete an issue comment

octokit.rest.issues.deleteComment({
  owner,
  repo,
  comment_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
comment_id	yes	The unique identifier of the comment.

Delete a label

octokit.rest.issues.deleteLabel({
  owner,
  repo,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
name	yes

Delete a milestone

octokit.rest.issues.deleteMilestone({
  owner,
  repo,
  milestone_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
milestone_number	yes	The number that identifies the milestone.

Get an issue

The API returns a 301 Moved Permanently status if the issue was transferred to another repository. If the issue was transferred to or deleted from a repository where the authenticated user lacks read access, the API returns a 404 Not Found status. If the issue was deleted from a repository where the authenticated user has read access, the API returns a 410 Gone status. To receive webhook events for transferred and deleted issues, subscribe to the issues webhook.

Note: GitHub's REST API v3 considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the pull_request key. Be aware that the id of a pull request returned from "Issues" endpoints will be an issue id. To find out the pull request id, use the "List pull requests" endpoint.

octokit.rest.issues.get({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.

Get an issue comment

octokit.rest.issues.getComment({
  owner,
  repo,
  comment_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
comment_id	yes	The unique identifier of the comment.

Get an issue event

octokit.rest.issues.getEvent({
  owner,
  repo,
  event_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
event_id	yes

Get a label

octokit.rest.issues.getLabel({
  owner,
  repo,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
name	yes

Get a milestone

octokit.rest.issues.getMilestone({
  owner,
  repo,
  milestone_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
milestone_number	yes	The number that identifies the milestone.

List issues assigned to the authenticated user

List issues assigned to the authenticated user across all visible repositories including owned repositories, member repositories, and organization repositories. You can use the filter query parameter to fetch issues that are not necessarily assigned to you.

octokit.rest.issues.list();

Parameters

name	required	description
filter	no	Indicates which sorts of issues to return. `assigned` means issues assigned to you. `created` means issues created by you. `mentioned` means issues mentioning you. `subscribed` means issues you're subscribed to updates for. `all` or `repos` means all issues you can see, regardless of participation or creation.
state	no	Indicates the state of the issues to return. Can be either `open`, `closed`, or `all`.
labels	no	A list of comma separated label names. Example: `bug,ui,@high`
sort	no	What to sort results by. Can be either `created`, `updated`, `comments`.
direction	no	The direction to sort the results by.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
collab	no
orgs	no
owned	no
pulls	no
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List assignees

Lists the available assignees for issues in a repository.

octokit.rest.issues.listAssignees({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List issue comments

Issue Comments are ordered by ascending ID.

octokit.rest.issues.listComments({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List issue comments for a repository

By default, Issue Comments are ordered by ascending ID.

octokit.rest.issues.listCommentsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
sort	no	The property to sort the results by. `created` means when the repository was starred. `updated` means when the repository was last pushed to.
direction	no	Either `asc` or `desc`. Ignored without the `sort` parameter.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List issue events

octokit.rest.issues.listEvents({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List issue events for a repository

octokit.rest.issues.listEventsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List timeline events for an issue

octokit.rest.issues.listEventsForTimeline({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List user account issues assigned to the authenticated user

List issues across owned and member repositories assigned to the authenticated user.

octokit.rest.issues.listForAuthenticatedUser();

Parameters

name	required	description
filter	no	Indicates which sorts of issues to return. `assigned` means issues assigned to you. `created` means issues created by you. `mentioned` means issues mentioning you. `subscribed` means issues you're subscribed to updates for. `all` or `repos` means all issues you can see, regardless of participation or creation.
state	no	Indicates the state of the issues to return. Can be either `open`, `closed`, or `all`.
labels	no	A list of comma separated label names. Example: `bug,ui,@high`
sort	no	What to sort results by. Can be either `created`, `updated`, `comments`.
direction	no	The direction to sort the results by.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization issues assigned to the authenticated user

List issues in an organization assigned to the authenticated user.

octokit.rest.issues.listForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
filter	no	Indicates which sorts of issues to return. `assigned` means issues assigned to you. `created` means issues created by you. `mentioned` means issues mentioning you. `subscribed` means issues you're subscribed to updates for. `all` or `repos` means all issues you can see, regardless of participation or creation.
state	no	Indicates the state of the issues to return. Can be either `open`, `closed`, or `all`.
labels	no	A list of comma separated label names. Example: `bug,ui,@high`
sort	no	What to sort results by. Can be either `created`, `updated`, `comments`.
direction	no	The direction to sort the results by.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repository issues

List issues in a repository.

octokit.rest.issues.listForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
milestone	no	If an `integer` is passed, it should refer to a milestone by its `number` field. If the string `*` is passed, issues with any milestone are accepted. If the string `none` is passed, issues without milestones are returned.
state	no	Indicates the state of the issues to return. Can be either `open`, `closed`, or `all`.
assignee	no	Can be the name of a user. Pass in `none` for issues with no assigned user, and `*` for issues assigned to any user.
creator	no	The user that created the issue.
mentioned	no	A user that's mentioned in the issue.
labels	no	A list of comma separated label names. Example: `bug,ui,@high`
sort	no	What to sort results by. Can be either `created`, `updated`, `comments`.
direction	no	The direction to sort the results by.
since	no	Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List labels for issues in a milestone

octokit.rest.issues.listLabelsForMilestone({
  owner,
  repo,
  milestone_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
milestone_number	yes	The number that identifies the milestone.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List labels for a repository

octokit.rest.issues.listLabelsForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List labels for an issue

octokit.rest.issues.listLabelsOnIssue({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List milestones

octokit.rest.issues.listMilestones({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
state	no	The state of the milestone. Either `open`, `closed`, or `all`.
sort	no	What to sort results by. Either `due_on` or `completeness`.
direction	no	The direction of the sort. Either `asc` or `desc`.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Lock an issue

Users with push access can lock an issue or pull request's conversation.

Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."

octokit.rest.issues.lock({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
lock_reason	no	The reason for locking the issue or pull request conversation. Lock will fail if you don't use one of these reasons: * `off-topic` * `too heated` * `resolved` * `spam`

Remove all labels from an issue

octokit.rest.issues.removeAllLabels({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.

Remove assignees from an issue

Removes one or more assignees from an issue.

octokit.rest.issues.removeAssignees({
  owner,
  repo,
  issue_number,
  assignees,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
assignees	yes	Usernames of assignees to remove from an issue. NOTE: Only users with push access can remove assignees from an issue. Assignees are silently ignored otherwise.

Remove a label from an issue

Removes the specified label from the issue, and returns the remaining labels on the issue. This endpoint returns a 404 Not Found status if the label does not exist.

octokit.rest.issues.removeLabel({
  owner,
  repo,
  issue_number,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
name	yes

Set labels for an issue

Removes any previous labels and sets the new labels for an issue.

octokit.rest.issues.setLabels({
        owner,
repo,
issue_number,
labels[].name
      })

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
labels	no
labels[].name	yes

Unlock an issue

Users with push access can unlock an issue's conversation.

octokit.rest.issues.unlock({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.

Update an issue

Issue owners and users with push access can edit an issue.

octokit.rest.issues.update({
  owner,
  repo,
  issue_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
issue_number	yes	The number that identifies the issue.
title	no	The title of the issue.
body	no	The contents of the issue.
assignee	no	Login for the user that this issue should be assigned to. This field is deprecated.
state	no	State of the issue. Either `open` or `closed`.
milestone	no
labels	no	Labels to associate with this issue. Pass one or more Labels to replace the set of Labels on this Issue. Send an empty array (`[]`) to clear all Labels from the Issue. NOTE: Only users with push access can set labels for issues. Labels are silently dropped otherwise.
assignees	no	Logins for Users to assign to this issue. Pass one or more user logins to replace the set of assignees on this Issue. Send an empty array (`[]`) to clear all assignees from the Issue. NOTE: Only users with push access can set assignees for new issues. Assignees are silently dropped otherwise.

Update an issue comment

octokit.rest.issues.updateComment({
  owner,
  repo,
  comment_id,
  body,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
comment_id	yes	The unique identifier of the comment.
body	yes	The contents of the comment.

Update a label

octokit.rest.issues.updateLabel({
  owner,
  repo,
  name,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
name	yes
new_name	no	The new name of the label. Emoji can be added to label names, using either native emoji or colon-style markup. For example, typing `:strawberry:` will render the emoji . For a full list of available emoji and codes, see "Emoji cheat sheet."
color	no	The hexadecimal color code for the label, without the leading `#`.
description	no	A short description of the label. Must be 100 characters or fewer.

Update a milestone

octokit.rest.issues.updateMilestone({
  owner,
  repo,
  milestone_number,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
milestone_number	yes	The number that identifies the milestone.
title	no	The title of the milestone.
state	no	The state of the milestone. Either `open` or `closed`.
description	no	A description of the milestone.
due_on	no	The milestone due date. This is a timestamp in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.

Licenses

Get a license

octokit.rest.licenses.get({
  license,
});

Parameters

name	required	description
license	yes

Get all commonly used licenses

octokit.rest.licenses.getAllCommonlyUsed();

Parameters

name	required	description
featured	no
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Get the license for a repository

This method returns the contents of the repository's license file, if one is detected.

Similar to Get repository content, this method also supports custom media types for retrieving the raw license content or rendered license HTML.

octokit.rest.licenses.getForRepo({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Markdown

Render a Markdown document

octokit.rest.markdown.render({
  text,
});

Parameters

name	required	description
text	yes	The Markdown text to render in HTML.
mode	no	The rendering mode. Can be either `markdown` or `gfm`.
context	no	The repository context to use when creating references in `gfm` mode. For example, setting `context` to `octo-org/octo-repo` will change the text `#42` into an HTML link to issue 42 in the `octo-org/octo-repo` repository.

Render a Markdown document in raw mode

You must send Markdown as plain text (using a Content-Type header of text/plain or text/x-markdown) to this endpoint, rather than using JSON format. In raw mode, GitHub Flavored Markdown is not supported and Markdown will be rendered in plain format like a README.md file. Markdown content must be 400 KB or less.

octokit.rest.markdown.renderRaw({
  data,
});

Parameters

name	required	description
data	yes	raw markdown text

Parameters

This endpoint has no parameters

Get Octocat

Get the octocat as ASCII art

octokit.rest.meta.getOctocat();

Parameters

name	required	description
s	no	The words to show in Octocat's speech bubble

Get the Zen of GitHub

Get a random sentence from the Zen of GitHub

octokit.rest.meta.getZen();

Parameters

This endpoint has no parameters

GitHub API Root

Get Hypermedia links to resources accessible in GitHub's REST API

octokit.rest.meta.root();

Parameters

This endpoint has no parameters

Migrations

Cancel an import

Stop an import for a repository.

octokit.rest.migrations.cancelImport({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Delete a user migration archive

Deletes a previous migration archive. Downloadable migration archives are automatically deleted after seven days. Migration metadata, which is returned in the List user migrations and Get a user migration status endpoints, will continue to be available even after an archive is deleted.

octokit.rest.migrations.deleteArchiveForAuthenticatedUser({
  migration_id,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.

Delete an organization migration archive

Deletes a previous migration archive. Migration archives are automatically deleted after seven days.

octokit.rest.migrations.deleteArchiveForOrg({
  org,
  migration_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
migration_id	yes	The unique identifier of the migration.

Download an organization migration archive

Fetches the URL to a migration archive.

octokit.rest.migrations.downloadArchiveForOrg({
  org,
  migration_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
migration_id	yes	The unique identifier of the migration.

Download a user migration archive

Fetches the URL to download the migration archive as a tar.gz file. Depending on the resources your repository uses, the migration archive can contain JSON files with data for these objects:

attachments
bases
commit_comments
issue_comments
issue_events
issues
milestones
organizations
projects
protected_branches
pull_request_reviews
pull_requests
releases
repositories
review_comments
schema
users

The archive will also contain an attachments directory that includes all attachment files uploaded to GitHub.com and a repositories directory that contains the repository's Git data.

octokit.rest.migrations.getArchiveForAuthenticatedUser({
  migration_id,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.

Get commit authors

Each type of source control system represents authors in a different way. For example, a Git commit author has a display name and an email address, but a Subversion commit author just has a username. The GitHub Importer will make the author information valid, but the author might not be correct. For example, it will change the bare Subversion username hubot into something like hubot <hubot@12341234-abab-fefe-8787-fedcba987654>.

This endpoint and the Map a commit author endpoint allow you to provide correct Git author information.

octokit.rest.migrations.getCommitAuthors({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
since	no	A user ID. Only return users with an ID greater than this ID.

Get an import status

View the progress of an import.

Import status

This section includes details about the possible values of the status field of the Import Progress response.

An import that does not have errors will progress through these steps:

detecting - the "detection" step of the import is in progress because the request did not include a vcs parameter. The import is identifying the type of source control present at the URL.
importing - the "raw" step of the import is in progress. This is where commit data is fetched from the original repository. The import progress response will include commit_count (the total number of raw commits that will be imported) and percent (0 - 100, the current progress through the import).
mapping - the "rewrite" step of the import is in progress. This is where SVN branches are converted to Git branches, and where author updates are applied. The import progress response does not include progress information.
pushing - the "push" step of the import is in progress. This is where the importer updates the repository on GitHub. The import progress response will include push_percent, which is the percent value reported by git push when it is "Writing objects".
complete - the import is complete, and the repository is ready on GitHub.

If there are problems, you will see one of these in the status field:

auth_failed - the import requires authentication in order to connect to the original repository. To update authentication for the import, please see the Update an import section.
error - the import encountered an error. The import progress response will include the failed_step and an error message. Contact GitHub Support for more information.
detection_needs_auth - the importer requires authentication for the originating repository to continue detection. To update authentication for the import, please see the Update an import section.
detection_found_nothing - the importer didn't recognize any source control at the URL. To resolve, Cancel the import and retry with the correct URL.
detection_found_multiple - the importer found several projects or repositories at the provided URL. When this is the case, the Import Progress response will also include a project_choices field with the possible project choices as values. To update project choice, please see the Update an import section.

The project_choices field

When multiple projects are found at the provided URL, the response hash will include a project_choices field, the value of which is an array of hashes each representing a project choice. The exact key/value pairs of the project hashes will differ depending on the version control type.

Git LFS related fields

This section includes details about Git LFS related fields that may be present in the Import Progress response.

use_lfs - describes whether the import has been opted in or out of using Git LFS. The value can be opt_in, opt_out, or undecided if no action has been taken.
has_large_files - the boolean value describing whether files larger than 100MB were found during the importing step.
large_files_size - the total size in gigabytes of files larger than 100MB found in the originating repository.
large_files_count - the total number of files larger than 100MB found in the originating repository. To see a list of these files, make a "Get Large Files" request.

octokit.rest.migrations.getImportStatus({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get large files

List files larger than 100MB found during the import

octokit.rest.migrations.getLargeFiles({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.

Get a user migration status

Fetches a single user migration. The response includes the state of the migration, which can be one of the following values:

pending - the migration hasn't started yet.
exporting - the migration is in progress.
exported - the migration finished successfully.
failed - the migration failed.

Once the migration has been exported you can download the migration archive.

octokit.rest.migrations.getStatusForAuthenticatedUser({
  migration_id,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.
exclude	no

Get an organization migration status

Fetches the status of a migration.

The state of a migration can be one of the following values:

pending, which means the migration hasn't started yet.
exporting, which means the migration is in progress.
exported, which means the migration finished successfully.
failed, which means the migration failed.

octokit.rest.migrations.getStatusForOrg({
  org,
  migration_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
migration_id	yes	The unique identifier of the migration.
exclude	no	Exclude attributes from the API response to improve performance

List user migrations

Lists all migrations a user has started.

octokit.rest.migrations.listForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization migrations

Lists the most recent migrations.

octokit.rest.migrations.listForOrg({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.
exclude	no	Exclude attributes from the API response to improve performance

List repositories for a user migration

Lists all the repositories for this user migration.

octokit.rest.migrations.listReposForAuthenticatedUser({
  migration_id,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories in an organization migration

List all the repositories for this organization migration.

octokit.rest.migrations.listReposForOrg({
  org,
  migration_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
migration_id	yes	The unique identifier of the migration.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List repositories for a user migration

Deprecated: This method has been renamed to migrations.listReposForAuthenticatedUser

Lists all the repositories for this user migration.

octokit.rest.migrations.listReposForUser({
  migration_id,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Map a commit author

Update an author's identity for the import. Your application can continue updating authors any time before you push new commits to the repository.

octokit.rest.migrations.mapCommitAuthor({
  owner,
  repo,
  author_id,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
author_id	yes
email	no	The new Git author email.
name	no	The new Git author name.

Update Git LFS preference

You can import repositories from Subversion, Mercurial, and TFS that include files larger than 100MB. This ability is powered by Git LFS. You can learn more about our LFS feature and working with large files on our help site.

octokit.rest.migrations.setLfsPreference({
  owner,
  repo,
  use_lfs,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
use_lfs	yes	Whether to store large files during the import. `opt_in` means large files will be stored using Git LFS. `opt_out` means large files will be removed during the import.

Start a user migration

Initiates the generation of a user migration archive.

octokit.rest.migrations.startForAuthenticatedUser({
  repositories,
});

Parameters

name	required	description
lock_repositories	no	Lock the repositories being migrated at the start of the migration
exclude_metadata	no	Indicates whether metadata should be excluded and only git source should be included for the migration.
exclude_git_data	no	Indicates whether the repository git data should be excluded from the migration.
exclude_attachments	no	Do not include attachments in the migration
exclude_releases	no	Do not include releases in the migration
exclude_owner_projects	no	Indicates whether projects owned by the organization or users should be excluded.
org_metadata_only	no	Indicates whether this should only include organization metadata (repositories array should be empty and will ignore other flags).
exclude	no	Exclude attributes from the API response to improve performance
repositories	yes

Start an organization migration

Initiates the generation of a migration archive.

octokit.rest.migrations.startForOrg({
  org,
  repositories,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
repositories	yes	A list of arrays indicating which repositories should be migrated.
lock_repositories	no	Indicates whether repositories should be locked (to prevent manipulation) while migrating data.
exclude_metadata	no	Indicates whether metadata should be excluded and only git source should be included for the migration.
exclude_git_data	no	Indicates whether the repository git data should be excluded from the migration.
exclude_attachments	no	Indicates whether attachments should be excluded from the migration (to reduce migration archive file size).
exclude_releases	no	Indicates whether releases should be excluded from the migration (to reduce migration archive file size).
exclude_owner_projects	no	Indicates whether projects owned by the organization or users should be excluded. from the migration.
org_metadata_only	no	Indicates whether this should only include organization metadata (repositories array should be empty and will ignore other flags).
exclude	no

Start an import

Start a source import to a GitHub repository using GitHub Importer.

octokit.rest.migrations.startImport({
  owner,
  repo,
  vcs_url,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
vcs_url	yes	The URL of the originating repository.
vcs	no	The originating VCS type. Without this parameter, the import job will take additional time to detect the VCS type before beginning the import. This detection step will be reflected in the response.
vcs_username	no	If authentication is required, the username to provide to `vcs_url`.
vcs_password	no	If authentication is required, the password to provide to `vcs_url`.
tfvc_project	no	For a tfvc import, the name of the project that is being imported.

Unlock a user repository

Unlocks a repository. You can lock repositories when you start a user migration. Once the migration is complete you can unlock each repository to begin using it again or delete the repository if you no longer need the source data. Returns a status of 404 Not Found if the repository is not locked.

octokit.rest.migrations.unlockRepoForAuthenticatedUser({
  migration_id,
  repo_name,
});

Parameters

name	required	description
migration_id	yes	The unique identifier of the migration.
repo_name	yes	repo_name parameter

Unlock an organization repository

Unlocks a repository that was locked for migration. You should unlock each migrated repository and delete them when the migration is complete and you no longer need the source data.

octokit.rest.migrations.unlockRepoForOrg({
  org,
  migration_id,
  repo_name,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
migration_id	yes	The unique identifier of the migration.
repo_name	yes	repo_name parameter

Update an import

An import can be updated with credentials or a project choice by passing in the appropriate parameters in this API request. If no parameters are provided, the import will be restarted.

Some servers (e.g. TFS servers) can have several projects at a single URL. In those cases the import progress will have the status detection_found_multiple and the Import Progress response will include a project_choices array. You can select the project to import by providing one of the objects in the project_choices array in the update request.

octokit.rest.migrations.updateImport({
  owner,
  repo,
});

Parameters

name	required	description
owner	yes	The account owner of the repository. The name is not case sensitive.
repo	yes	The name of the repository. The name is not case sensitive.
vcs_username	no	The username to provide to the originating repository.
vcs_password	no	The password to provide to the originating repository.
vcs	no	The type of version control system you are migrating from.
tfvc_project	no	For a tfvc import, the name of the project that is being imported.

Orgs

Block a user from an organization

octokit.rest.orgs.blockUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Cancel an organization invitation

Cancel an organization invitation. In order to cancel an organization invitation, the authenticated user must be an organization owner.

This endpoint triggers notifications.

octokit.rest.orgs.cancelInvitation({
  org,
  invitation_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
invitation_id	yes	The unique identifier of the invitation.

Check if a user is blocked by an organization

octokit.rest.orgs.checkBlockedUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Check organization membership for a user

Check if a user is, publicly or privately, a member of the organization.

octokit.rest.orgs.checkMembershipForUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Check public organization membership for a user

octokit.rest.orgs.checkPublicMembershipForUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Convert an organization member to outside collaborator

When an organization member is converted to an outside collaborator, they'll only have access to the repositories that their current team membership allows. The user will no longer be a member of the organization. For more information, see "Converting an organization member to an outside collaborator". Converting an organization member to an outside collaborator may be restricted by enterprise administrators. For more information, see "Enforcing repository management policies in your enterprise."

octokit.rest.orgs.convertMemberToOutsideCollaborator({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.
async	no	When set to `true`, the request will be performed asynchronously. Returns a 202 status code when the job is successfully queued.

Create an organization invitation

Invite people to an organization by using their GitHub user ID or their email address. In order to create invitations in an organization, the authenticated user must be an organization owner.

octokit.rest.orgs.createInvitation({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
invitee_id	no	Required unless you provide `email`. GitHub user ID for the person you are inviting.
email	no	Required unless you provide `invitee_id`. Email address of the person you are inviting, which can be an existing GitHub user.
role	no	The role for the new member. * `admin` - Organization owners with full administrative rights to the organization and complete access to all repositories and teams. * `direct_member` - Non-owner organization members with ability to see other members and join teams by invitation. * `billing_manager` - Non-owner organization members with ability to manage the billing settings of your organization.
team_ids	no	Specify IDs for the teams you want to invite new members to.

Create an organization webhook

Here's how you can create a hook that posts payloads in JSON format:

octokit.rest.orgs.createWebhook({
        org,
name,
config,
config.url
      })

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
name	yes	Must be passed as "web".
config	yes	Key/value pairs to provide settings for this webhook. These are defined below.
config.url	yes	The URL to which the payloads will be delivered.
config.content_type	no	The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
config.secret	no	If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
config.insecure_ssl	no
config.username	no
config.password	no
events	no	Determines what events the hook is triggered for.
active	no	Determines if notifications are sent when the webhook is triggered. Set to `true` to send notifications.

Delete an organization webhook

octokit.rest.orgs.deleteWebhook({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.

Get an organization

To see many of the organization response values, you need to be an authenticated organization owner with the admin:org scope. When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

GitHub Apps with the Organization plan permission can use this endpoint to retrieve information about an organization's GitHub plan. See "Authenticating with GitHub Apps" for details. For an example response, see 'Response with GitHub plan information' below."

octokit.rest.orgs.get({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get an organization membership for the authenticated user

octokit.rest.orgs.getMembershipForAuthenticatedUser({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

Get organization membership for a user

In order to get a user's membership with an organization, the authenticated user must be an organization member. The state parameter in the response can be used to identify the user's membership status.

octokit.rest.orgs.getMembershipForUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Get an organization webhook

Returns a webhook configured in an organization. To get only the webhook config properties, see "Get a webhook configuration for an organization."

octokit.rest.orgs.getWebhook({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.

Get a webhook configuration for an organization

Returns the webhook configuration for an organization. To get more information about the webhook, including the active state and events, use "Get an organization webhook ."

Access tokens must have the admin:org_hook scope, and GitHub Apps must have the organization_hooks:read permission.

octokit.rest.orgs.getWebhookConfigForOrg({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.

Get a webhook delivery for an organization webhook

Returns a delivery for a webhook configured in an organization.

octokit.rest.orgs.getWebhookDelivery({
  org,
  hook_id,
  delivery_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.
delivery_id	yes

List organizations

Lists all organizations, in the order that they were created on GitHub.

Note: Pagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of organizations.

octokit.rest.orgs.list();

Parameters

name	required	description
since	no	An organization ID. Only return organizations with an ID greater than this ID.
per_page	no	The number of results per page (max 100).

List app installations for an organization

Lists all GitHub Apps in an organization. The installation count includes all GitHub Apps installed on repositories in the organization. You must be an organization owner with admin:read scope to use this endpoint.

octokit.rest.orgs.listAppInstallations({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List users blocked by an organization

List the users blocked by an organization.

octokit.rest.orgs.listBlockedUsers({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.

List custom repository roles in an organization

List the custom repository roles available in this organization. In order to see custom repository roles in an organization, the authenticated user must be an organization owner.

For more information on custom repository roles, see "Managing custom repository roles for an organization".

octokit.rest.orgs.listCustomRoles({
  organization_id,
});

Parameters

name	required	description
organization_id	yes

List failed organization invitations

The return hash contains failed_at and failed_reason fields which represent the time at which the invitation failed and the reason for the failure.

octokit.rest.orgs.listFailedInvitations({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organizations for the authenticated user

List organizations for the authenticated user.

OAuth scope requirements

This only lists organizations that your authorization allows you to operate on in some way (e.g., you can list teams with read:org scope, you can publicize your organization membership with user scope, etc.). Therefore, this API requires at least user or read:org scope. OAuth requests with insufficient scope receive a 403 Forbidden response.

octokit.rest.orgs.listForAuthenticatedUser();

Parameters

name	required	description
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organizations for a user

List public organization memberships for the specified user.

This method only lists public memberships, regardless of authentication. If you need to fetch all of the organization memberships (public and private) for the authenticated user, use the List organizations for the authenticated user API instead.

octokit.rest.orgs.listForUser({
  username,
});

Parameters

name	required	description
username	yes	The handle for the GitHub user account.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization invitation teams

List all teams associated with an invitation. In order to see invitations in an organization, the authenticated user must be an organization owner.

octokit.rest.orgs.listInvitationTeams({
  org,
  invitation_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
invitation_id	yes	The unique identifier of the invitation.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization members

List all users who are members of an organization. If the authenticated user is also a member of this organization then both concealed and public members will be returned.

octokit.rest.orgs.listMembers({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
filter	no	Filter members returned in the list. `2fa_disabled` means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.
role	no	Filter members returned by their role.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List organization memberships for the authenticated user

octokit.rest.orgs.listMembershipsForAuthenticatedUser();

Parameters

name	required	description
state	no	Indicates the state of the memberships to return. Can be either `active` or `pending`. If not specified, the API returns both active and pending memberships.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List outside collaborators for an organization

List all users who are outside collaborators of an organization.

octokit.rest.orgs.listOutsideCollaborators({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
filter	no	Filter the list of outside collaborators. `2fa_disabled` means that only outside collaborators without two-factor authentication enabled will be returned.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List pending organization invitations

The return hash contains a role field which refers to the Organization Invitation role and will be one of the following values: direct_member, admin, billing_manager, hiring_manager, or reinstate. If the invitee is not a GitHub member, the login field in the return hash will be null.

octokit.rest.orgs.listPendingInvitations({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List public organization members

Members of an organization can choose to have their membership publicized or not.

octokit.rest.orgs.listPublicMembers({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

List deliveries for an organization webhook

Returns a list of webhook deliveries for a webhook configured in an organization.

octokit.rest.orgs.listWebhookDeliveries({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.
per_page	no	The number of results per page (max 100).
cursor	no	Used for pagination: the starting delivery from which the page of deliveries is fetched. Refer to the `link` header for the next and previous page cursors.

List organization webhooks

octokit.rest.orgs.listWebhooks({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
per_page	no	The number of results per page (max 100).
page	no	Page number of the results to fetch.

Ping an organization webhook

This will trigger a ping event to be sent to the hook.

octokit.rest.orgs.pingWebhook({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.

Redeliver a delivery for an organization webhook

Redeliver a delivery for a webhook configured in an organization.

octokit.rest.orgs.redeliverWebhookDelivery({
  org,
  hook_id,
  delivery_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.
delivery_id	yes

Remove an organization member

Removing a user from this list will remove them from all teams and they will no longer have any access to the organization's repositories.

octokit.rest.orgs.removeMember({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Remove organization membership for a user

In order to remove a user's membership with an organization, the authenticated user must be an organization owner.

If the specified user is an active member of the organization, this will remove them from the organization. If the specified user has been invited to the organization, this will cancel their invitation. The specified user will receive an email notification in both cases.

octokit.rest.orgs.removeMembershipForUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Remove outside collaborator from an organization

Removing a user from this list will remove them from all the organization's repositories.

octokit.rest.orgs.removeOutsideCollaborator({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Remove public organization membership for the authenticated user

octokit.rest.orgs.removePublicMembershipForAuthenticatedUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Set organization membership for a user

Only authenticated organization owners can add a member to the organization or update the member's role.

If the authenticated user is adding a member to the organization, the invited user will receive an email inviting them to the organization. The user's membership status will be pending until they accept the invitation.
Authenticated users can update a user's membership by passing the role parameter. If the authenticated user changes a member's role to admin, the affected user will receive an email notifying them that they've been made an organization owner. If the authenticated user changes an owner's role to member, no email will be sent.

Rate limits

To prevent abuse, the authenticated user is limited to 50 organization invitations per 24 hour period. If the organization is more than one month old or on a paid plan, the limit is 500 invitations per 24 hour period.

octokit.rest.orgs.setMembershipForUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.
role	no	The role to give the user in the organization. Can be one of: * `admin` - The user will become an owner of the organization. * `member` - The user will become a non-owner member of the organization.

Set public organization membership for the authenticated user

The user can publicize their own membership. (A user cannot publicize the membership for another user.)

Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."

octokit.rest.orgs.setPublicMembershipForAuthenticatedUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Unblock a user from an organization

octokit.rest.orgs.unblockUser({
  org,
  username,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
username	yes	The handle for the GitHub user account.

Update an organization

Parameter Deprecation Notice: GitHub will replace and discontinue members_allowed_repository_creation_type in favor of more granular permissions. The new input parameters are members_can_create_public_repositories, members_can_create_private_repositories for all organizations and members_can_create_internal_repositories for organizations associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. For more information, see the blog post.

Enables an authenticated organization owner with the admin:org scope to update the organization's profile and member privileges.

octokit.rest.orgs.update({
  org,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
billing_email	no	Billing email address. This address is not publicized.
company	no	The company name.
email	no	The publicly visible email address.
twitter_username	no	The Twitter username of the company.
location	no	The location.
name	no	The shorthand name of the company.
description	no	The description of the company.
has_organization_projects	no	Whether an organization can use organization projects.
has_repository_projects	no	Whether repositories that belong to the organization can use repository projects.
default_repository_permission	no	Default permission level members have for organization repositories.
members_can_create_repositories	no	Whether of non-admin organization members can create repositories. Note: A parameter can override this parameter. See `members_allowed_repository_creation_type` in this table for details.
members_can_create_internal_repositories	no	Whether organization members can create internal repositories, which are visible to all enterprise members. You can only allow members to create internal repositories if your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. For more information, see "Restricting repository creation in your organization" in the GitHub Help documentation.
members_can_create_private_repositories	no	Whether organization members can create private repositories, which are visible to organization members with permission. For more information, see "Restricting repository creation in your organization" in the GitHub Help documentation.
members_can_create_public_repositories	no	Whether organization members can create public repositories, which are visible to anyone. For more information, see "Restricting repository creation in your organization" in the GitHub Help documentation.
members_allowed_repository_creation_type	no	Specifies which types of repositories non-admin organization members can create. `private` is only available to repositories that are part of an organization on GitHub Enterprise Cloud. Note: This parameter is deprecated and will be removed in the future. Its return value ignores internal repositories. Using this parameter overrides values set in `members_can_create_repositories`. See the parameter deprecation notice in the operation description for details.
members_can_create_pages	no	Whether organization members can create GitHub Pages sites. Existing published sites will not be impacted.
members_can_create_public_pages	no	Whether organization members can create public GitHub Pages sites. Existing published sites will not be impacted.
members_can_create_private_pages	no	Whether organization members can create private GitHub Pages sites. Existing published sites will not be impacted.
members_can_fork_private_repositories	no	Whether organization members can fork private organization repositories.
blog	no

Update an organization membership for the authenticated user

octokit.rest.orgs.updateMembershipForAuthenticatedUser({
  org,
  state,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
state	yes	The state that the membership should be in. Only `"active"` will be accepted.

Update an organization webhook

Updates a webhook configured in an organization. When you update a webhook, the secret will be overwritten. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "Update a webhook configuration for an organization."

octokit.rest.orgs.updateWebhook({
        org,
hook_id,
config.url
      })

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.
config	no	Key/value pairs to provide settings for this webhook. These are defined below.
config.url	yes	The URL to which the payloads will be delivered.
config.content_type	no	The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
config.secret	no	If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
config.insecure_ssl	no
events	no	Determines what events the hook is triggered for.
active	no	Determines if notifications are sent when the webhook is triggered. Set to `true` to send notifications.
name	no

Update a webhook configuration for an organization

Updates the webhook configuration for an organization. To update more information about the webhook, including the active state and events, use "Update an organization webhook ."

Access tokens must have the admin:org_hook scope, and GitHub Apps must have the organization_hooks:write permission.

octokit.rest.orgs.updateWebhookConfigForOrg({
  org,
  hook_id,
});

Parameters

name	required	description
org	yes	The organization name. The name is not case sensitive.
hook_id	yes	The unique identifier of the hook.
url	no	The URL to which the payloads will be delivered.
content_type	no	The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
secret	no	If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
insecure_ssl	no

Packages

Delete a package for the authenticated user

Deletes a package owned by the authenticated user. You cannot delete a public package if any version of the package has more than 5,000 downloads. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must authenticate using an access token with the packages:read and packages:delete scopes. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.deletePackageForAuthenticatedUser({
  package_type,
  package_name,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.

Delete a package for an organization

Deletes an entire package in an organization. You cannot delete a public package if any version of the package has more than 5,000 downloads. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must have admin permissions in the organization and authenticate using an access token with the packages:read and packages:delete scopes. In addition:

If package_type is not container, your token must also include the repo scope.
If package_type is container, you must also have admin permissions to the container you want to delete.

octokit.rest.packages.deletePackageForOrg({
  package_type,
  package_name,
  org,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
org	yes	The organization name. The name is not case sensitive.

Delete a package for a user

Deletes an entire package for a user. You cannot delete a public package if any version of the package has more than 5,000 downloads. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must authenticate using an access token with the packages:read and packages:delete scopes. In addition:

If package_type is not container, your token must also include the repo scope.
If package_type is container, you must also have admin permissions to the container you want to delete.

octokit.rest.packages.deletePackageForUser({
  package_type,
  package_name,
  username,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
username	yes	The handle for the GitHub user account.

Delete a package version for the authenticated user

Deletes a specific package version for a package owned by the authenticated user. If the package is public and the package version has more than 5,000 downloads, you cannot delete the package version. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must have admin permissions in the organization and authenticate using an access token with the packages:read and packages:delete scopes. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.deletePackageVersionForAuthenticatedUser({
  package_type,
  package_name,
  package_version_id,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
package_version_id	yes	Unique identifier of the package version.

Delete package version for an organization

Deletes a specific package version in an organization. If the package is public and the package version has more than 5,000 downloads, you cannot delete the package version. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must have admin permissions in the organization and authenticate using an access token with the packages:read and packages:delete scopes. In addition:

If package_type is not container, your token must also include the repo scope.
If package_type is container, you must also have admin permissions to the container you want to delete.

octokit.rest.packages.deletePackageVersionForOrg({
  package_type,
  package_name,
  org,
  package_version_id,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
org	yes	The organization name. The name is not case sensitive.
package_version_id	yes	Unique identifier of the package version.

Delete package version for a user

Deletes a specific package version for a user. If the package is public and the package version has more than 5,000 downloads, you cannot delete the package version. In this scenario, contact GitHub support for further assistance.

To use this endpoint, you must authenticate using an access token with the packages:read and packages:delete scopes. In addition:

If package_type is not container, your token must also include the repo scope.
If package_type is container, you must also have admin permissions to the container you want to delete.

octokit.rest.packages.deletePackageVersionForUser({
  package_type,
  package_name,
  username,
  package_version_id,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
username	yes	The handle for the GitHub user account.
package_version_id	yes	Unique identifier of the package version.

Get all package versions for a package owned by an organization

Deprecated: This method has been renamed to packages.getAllPackageVersionsForPackageOwnedByOrg

Returns all package versions for a package owned by an organization.

To use this endpoint, you must authenticate using an access token with the packages:read scope. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.getAllPackageVersionsForAPackageOwnedByAnOrg({
  package_type,
  package_name,
  org,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
org	yes	The organization name. The name is not case sensitive.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
state	no	The state of the package, either active or deleted.

Get all package versions for a package owned by the authenticated user

Deprecated: This method has been renamed to packages.getAllPackageVersionsForPackageOwnedByAuthenticatedUser

Returns all package versions for a package owned by the authenticated user.

To use this endpoint, you must authenticate using an access token with the packages:read scope. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser(
  {
    package_type,
    package_name,
  }
);

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
state	no	The state of the package, either active or deleted.

Get all package versions for a package owned by the authenticated user

Returns all package versions for a package owned by the authenticated user.

To use this endpoint, you must authenticate using an access token with the packages:read scope. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.getAllPackageVersionsForPackageOwnedByAuthenticatedUser({
  package_type,
  package_name,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
page	no	Page number of the results to fetch.
per_page	no	The number of results per page (max 100).
state	no	The state of the package, either active or deleted.

Get all package versions for a package owned by an organization

Returns all package versions for a package owned by an organization.

To use this endpoint, you must authenticate using an access token with the packages:read scope. If package_type is not container, your token must also include the repo scope.

octokit.rest.packages.getAllPackageVersionsForPackageOwnedByOrg({
  package_type,
  package_name,
  org,
});

Parameters

name	required	description
package_type	yes	The type of supported package. Packages in GitHub's Gradle registry have the type `maven`. Docker images pushed to GitHub's Container registry (`ghcr.io`) have the type `container`. You can use the type `docker` to find images that were pushed to GitHub's Docker registry (`docker.pkg.github.com`), even if these have now been migrated to the Container registry.
package_name	yes	The name of the package.
org	yes