https://developer.github.com/GitHub API Changes2020-10-01T07:00:00Zhubothttps://github.com/hubottag:developer.github.com,2020-10-01:/changes/2020-10-01-graduate-antiope-preview/Antiope preview graduation2020-10-01T07:00:00Z2020-10-01T07:00:00Z<p>The <code>antiope</code> preview is now an official part of the API. These preview headers are no longer required. The Checks API endpoints no longer require the <code>antiope</code> preview header.</p>
<pre><code>application/vnd.github.antiope-preview+json
</code></pre>
<p>For more information, see the "<a href="https://docs.github.com/en/rest/reference/checks">Checks API</a>."</p>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2020-08-20:/changes/2020-08-20-graduate-machine-man-and-sailor-v-previews/Machine-man and sailor-v previews graduate2020-08-20T07:00:00Z2020-08-20T07:00:00Z<p>Some API previews have graduated and are now an official part of the API. These preview headers are no longer required.</p>
<h3>
<a id="machine-man-preview-graduates" class="anchor" href="#machine-man-preview-graduates" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><code>machine-man</code> preview graduates</h3>
<p>The GitHub App endpoints and endpoints that returned the <code>performed_via_github_app</code> property no longer require the <code>machine-man</code> preview.</p>
<pre><code>application/vnd.github.machine-man-preview+json
</code></pre>
<p>For more information, see the "<a href="https://docs.github.com/en/rest/reference/apps">GitHub Apps REST API</a>."</p>
<h3>
<a id="sailor-v-preview-graduates" class="anchor" href="#sailor-v-preview-graduates" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><code>sailor-v</code> preview graduates</h3>
<p>To add and view a lock reason to an issue, you no longer need to use the <code>sailor-v</code> preview.</p>
<pre><code>application/vnd.github.sailor-v-preview+json
</code></pre>
<p>For more information about the affected endpoints, see the "<a href="https://docs.github.com/en/rest/reference/pulls">Pull Requests</a>" and "<a href="https://docs.github.com/en/rest/reference/issues">Issues</a>" REST APIs.</p>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2020-05-15:/changes/2020-05-15-actions-api-workflow-usage/GitHub Actions API - Introducing workflow usage endpoints2020-05-15T07:00:00Z2020-05-15T07:00:00Z<div class="alert product"><p>
GitHub Actions is available with GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, and GitHub One. GitHub Actions is not available for private repositories owned by accounts using legacy per-repository plans. For more information, see <a href="https://help.github.com/github/getting-started-with-github/githubs-products">GitHub's products</a> in the GitHub Help documentation.
</p></div>
<p>We've added two new endpoints to the <a href="/v3/actions/">GitHub Actions API</a> that provide insight into the billable time used by your workflows.</p>
<p>The following endpoints are now available for you to use:</p>
<ul>
<li><a href="/v3/actions/workflows/#get-workflow-usage">Get workflow usage</a></li>
<li><a href="/v3/actions/workflow-runs/#get-workflow-run-usage">Get workflow run usage</a></li>
</ul>
<p>We've released these endpoints into public beta. We may change aspects of these endpoints based on developer feedback.
If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=actions+api+public+beta">let us know</a>!</p>tag:developer.github.com,2020-05-08:/changes/2020-05-08-skipped-conclusion/Introducing the skipped check run and check suite conclusion2020-05-08T07:00:00Z2020-05-08T07:00:00Z<p>If a check run or suite is never started, you'll see the <code>skipped</code> conclusion. This is a common check run conclusion for GitHub Actions that have a job using an <code>if</code> condition.</p>
<p>We created the <code>skipped</code> conclusion to help distinguish this type of scenario from when a check run or suite is <code>cancelled</code>. A check run or suite has the <code>cancelled</code> conclusion when the check run was planned or started but then stopped. For example, a <code>conclusion</code> can be <code>cancelled</code> due to manual intervention or possibly some service issues that cause the check run to stop.</p>tag:developer.github.com,2020-05-01:/changes/2020-05-01-suspending-a-github-app-installation/Suspending GitHub App installations2020-05-01T07:00:00Z2020-05-01T07:00:00Z<p>Before you could suspend a GitHub App, if an organization admin or user wanted to temporarily block an app's access to their repositories' resources, they could only uninstall the GitHub App completely. This has been particularly challenging for large organizations that may need thousands of people to reauthorize an app.</p>
<p>Now you can suspend a GitHub App's access to your resources for as long as you need and unsuspend the app's access when you're ready. When you suspend a GitHub App you've installed, the app cannot access your resources, the GitHub API, or webhook events.</p>
<p>The integrator who owns and maintains a GitHub app, also called a GitHub App owner, can suspend or unsuspend a GitHub App installation using these REST API endpoints with a JWT: </p>
<ul>
<li><a href="/v3/apps/#suspend-an-app-installation"><code>PUT /app/installations/:installation_id/suspended</code></a></li>
<li><a href="/v3/apps/#unsuspend-an-app-installation"><code>DELETE /app/installations/:installation_id/suspended</code></a></li>
</ul>
<p>People who have installed a GitHub App, also called installation owners, can suspend or unsuspend a GitHub App through their app's installation settings. Before people can suspend a GitHub app installation, the GitHub App owner must opt-in to the beta release. For more information, see "<a href="/apps/managing-github-apps/suspending-a-github-app-installation/">Suspending a GitHub App installation</a>."</p>tag:developer.github.com,2020-04-30:/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps/Expiring user-to-server access tokens for GitHub Apps2020-04-30T07:00:00Z2020-04-30T07:00:00Z<p>Starting today owners of GitHub Apps can choose to have their user-to-server access tokens expire after 8 hours. Expiring user-to-server access tokens help to enforce regular token rotation and reduce the impact of a compromised token.</p>
<p>You can opt-in to this security feature in your App's <strong>Settings</strong> page under the <strong>Beta Features</strong> tab.</p>
<p>Once enabled, GitHub will provide a refresh token when your app <a href="/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/">creates a user-to-server token</a>.</p>
<pre><code>{
"access_token": "accesstoken",
"expires_in": "28800",
"refresh_token": "r1.refreshme",
"refresh_token_expires_in": "15811200",
"scope": "",
"token_type": "bearer"
}
</code></pre>
<p>This refresh token is valid for 6 months and can be exchanged for a fresh user-to-server access token (valid for another 8 hours) and a new refresh token:</p>
<pre><code>POST /login/oauth/access_token HTTP/1.1
Host: github.com
grant_type=refresh_token
refresh_token=r1.refreshme
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
</code></pre>
<p>For more information, see "<a href="/apps/building-github-apps/refreshing-user-to-server-access-tokens/">Refreshing user-to-server access tokens</a>."</p>tag:developer.github.com,2020-04-15:/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/Replacing the integration_installation and integration_installation_repositories webhook events2020-04-15T07:00:00Z2020-04-15T07:00:00Z<p>We are announcing the deprecation of two legacy GitHub Apps-related webhook events:</p>
<ul>
<li><code>integration_installation</code></li>
<li><code>integration_installation_repositories</code></li>
</ul>
<p>These events have been undocumented for some time and will be removed on the following timeline.</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation Timeline</h2>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, the deprecated events will not be sent. The goal is to trigger alerts (assuming there are any) on our customers' services to help find unmigrated event subscriptions. If this brownout is causing significant disruptions for your service, please <a href="https://github.com/contact?form%5Bsubject%5D=Replacing+the+installation+and+installation+repositories+webhook+events">contact support</a>.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>August 1 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>September 1 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h3>
<a id="removal-date" class="anchor" href="#removal-date" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal date</h3>
<p>The legacy <code>integration_installation</code> and <code>integration_installation_repositories</code> events will no longer be sent after October 1 2020.</p>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p>Replace all uses of the <code>integration_installation</code> and <code>integration_installation_repositories</code> events with the new events:</p>
<ul>
<li><a href="/webhooks/event-payloads/#installation"><code>installation</code></a></li>
<li><a href="/webhooks/event-payloads/#installation_repositories"><code>installation_repositories</code></a></li>
</ul>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Replacing+the+installation+and+installation+repositories+webhook+events">let us know</a>!</p>tag:developer.github.com,2020-04-15:/changes/2020-04-15-replacing-create-installation-access-token-endpoint/Replacing the GitHub Apps "Creating an installation access token" endpoint2020-04-15T07:00:00Z2020-04-15T07:00:00Z<p>We are announcing the deprecation plan of the <a href="/changes/2018-08-16-renaming-and-deprecation-of-github-app-installation-access-token-route/">previously deprecated</a> "Create an installation access token" endpoint: <code>POST /installations/:installation_id/access_tokens</code>.</p>
<p>The supported replacement endpoint is named consistently with other GitHub Apps API endpoints and has been available since 2018.</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation Timeline</h2>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, calls to the old version of this endpoint will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help find unmigrated endpoint calls.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>August 1 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>September 1 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h3>
<a id="removal-date" class="anchor" href="#removal-date" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal Date</h3>
<p>The legacy "Create an installation access token" endpoint will be disabled at the earliest on October 1 2020.</p>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p>Replace all uses of the deprecated endpoint for creating an installation token for a GitHub App with the new endpoint:</p>
<p><a href="/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation"><code>POST /app/installations/:installation_id/access_tokens</code></a></p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+create+installation+access+tokens+api">let us know</a>!</p>tag:developer.github.com,2020-04-07:/changes/2020-04-07-graduated-previews/Shadow-cat and Gambit previews graduate2020-04-07T07:00:00Z2020-04-07T07:00:00Z<p>Some API previews have graduated and are now an official part of the API. These preview headers are no longer required.</p>
<h3>
<a id="gambit-preview-graduates" class="anchor" href="#gambit-preview-graduates" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><code>gambit</code> preview graduates</h3>
<p>The "Delete an installation" endpoint no longer requires the <code>gambit</code> preview.</p>
<pre><code> application/vnd.github.gambit-preview+json
</code></pre>
<p>For more information about this endpoint, see the "<a href="/v3/apps/#delete-an-installation-for-the-authenticated-app">Delete an installation for the authenticated app</a>."</p>
<h3>
<a id="shadow-cat-preview-graduates" class="anchor" href="#shadow-cat-preview-graduates" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><code>shadow-cat</code> preview graduates</h3>
<p>To create a draft pull request or see whether a pull request is in a draft state, you no longer need to use the <code>shadow-cat</code> preview.</p>
<pre><code>application/vnd.github.shadow-cat-preview+json
</code></pre>
<p>For more information about the affected endpoints, see the "<a href="/v3/pulls/">Pull Requests API</a>."</p>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2020-04-07:/changes/2020-04-07-expanding-rest-api-support-for-the-triage-and-maintain-roles/Expanding REST API support for triage and maintain roles2020-04-07T07:00:00Z2020-04-07T07:00:00Z<p>We are expanding support for the triage and maintain permissions in the REST API. Users with the triage or maintain permissions can now use endpoints that reflect what they can do in a repository, such as adding a label to an issue. Additionally, these new permissions can now be granted and managed via the API and will show up as assigned roles in API responses.</p>
<p>For more information about these roles, see "<a href="https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization#permission-levels-for-repositories-owned-by-an-organization">Repository permission levels for an organization</a>" in the GitHub Help documentation.</p>
<h3>
<a id="endpoints-you-can-access-with-the-triage-permission" class="anchor" href="#endpoints-you-can-access-with-the-triage-permission" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints you can access with the triage permission</h3>
<ul>
<li><a href="/v3/issues/labels/#add-labels-to-an-issue"><code>POST /repos/:owner/:repo/issues/:issue_number/labels</code></a></li>
<li><a href="/v3/issues/labels/#remove-a-label-from-an-issue"><code>DELETE /repos/:owner/:repo/issues/:issue_number/labels/:name</code></a></li>
<li><a href="/v3/issues/assignees/#add-assignees-to-an-issue"><code>POST /repos/:owner/:repo/issues/:issue_number/assignees</code></a></li>
<li><a href="/v3/issues/assignees/#remove-assignees-from-an-issue"><code>DELETE /repos/:owner/:repo/issues/:issue_number/assignees</code></a></li>
<li><a href="/v3/pulls/review_requests/#request-reviewers-for-a-pull-request"><code>POST /repos/:owner/:repo/pulls/:pull_number/requested_reviewers</code></a></li>
</ul>
<h3>
<a id="endpoints-you-can-access-with-the-maintain-permission" class="anchor" href="#endpoints-you-can-access-with-the-maintain-permission" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints you can access with the maintain permission</h3>
<ul>
<li><a href="/v3/repos/#replace-all-repository-topics"><code>PUT /repos/:owner/:repo/topics</code></a></li>
<li><a href="/v3/interactions/repos/#set-interaction-restrictions-for-a-repository"><code>PUT /repos/:owner/:repo/interaction-limits</code></a></li>
<li>All of the endpoints that you can use with the triage permission role:
<ul>
<li><a href="/v3/issues/labels/#add-labels-to-an-issue"><code>POST /repos/:owner/:repo/issues/:issue_number/labels</code></a></li>
<li><a href="/v3/issues/labels/#remove-a-label-from-an-issue"><code>DELETE /repos/:owner/:repo/issues/:issue_number/labels/:name</code></a></li>
<li><a href="/v3/issues/assignees/#add-assignees-to-an-issue"><code>POST /repos/:owner/:repo/issues/:issue_number/assignees</code></a></li>
<li><a href="/v3/issues/assignees/#remove-assignees-from-an-issue"><code>DELETE /repos/:owner/:repo/issues/:issue_number/assignees</code></a></li>
<li><a href="/v3/pulls/review_requests/#request-reviewers-for-a-pull-request"><code>POST /repos/:owner/:repo/pulls/:pull_number/requested_reviewers</code></a></li>
</ul>
</li>
</ul>
<h3>
<a id="endpoints-to-assign-update-or-view-permissions" class="anchor" href="#endpoints-to-assign-update-or-view-permissions" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints to assign, update, or view permissions</h3>
<p>These endpoints will now work to manage the triage and maintain permissions.</p>
<ul>
<li><a href="/v3/repos/collaborators/#add-a-repository-collaborator"><code>PUT /repos/:owner/:repo/collaborators/:username</code></a></li>
<li><a href="/v3/repos/invitations/#list-repository-invitations"><code>GET /repos/:owner/:repo/invitations</code></a></li>
<li><a href="/v3/repos/invitations/#update-a-repository-invitation"><code>PATCH /repos/:owner/:repo/invitations/:invitation_id</code></a></li>
<li><a href="/v3/repos/invitations/#list-repository-invitations-for-the-authenticated-user"><code>GET /user/repository_invitations</code></a></li>
<li><a href="/v3/teams/#check-team-permissions-for-a-repository"><code>GET /orgs/:org/teams/:team_slug/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#add-or-update-team-repository-permissions"><code>PUT /orgs/:org/teams/:team_slug/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#list-team-repositories"><code>GET /orgs/:org/teams/:team_slug/repos</code></a></li>
</ul>tag:developer.github.com,2020-03-23:/changes/2020-03-23-ActionsGA/Actions API GA2020-03-23T07:00:00Z2020-03-23T07:00:00Z<p>The Actions API is now generally available and out of Beta! For more information about this API, see the "<a href="/v3/actions">Actions API</a>."</p>
<p>Thank you to everyone who tried out this API and provided feedback during the beta period.</p>
<div class="alert product"><p>
GitHub Actions is available with GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, and GitHub One. GitHub Actions is not available for private repositories owned by accounts using legacy per-repository plans. For more information, see <a href="https://help.github.com/github/getting-started-with-github/githubs-products">GitHub's products</a> in the GitHub Help documentation.
</p></div>tag:developer.github.com,2020-03-20:/changes/2020-03-20-temporary-graphql-explorer-downtime/Temporary GraphQL Explorer downtime2020-03-20T07:00:00Z2020-03-20T07:00:00Z<p>We are temporarily removing access to <a href="/v4/explorer">GraphQL Explorer</a> so we can improve how it works in different browsers.</p>
<p>The downtime is scheduled for:</p>
<ul>
<li>March 20, 2020
<ul>
<li>From 15:00 UTC to 17:00 UTC</li>
</ul>
</li>
</ul>
<p>We apologize for any inconvenience during this time.</p>tag:developer.github.com,2020-03-06:/changes/2020-03-06-filtering-jobs-for-a-workflow-run/Filtering jobs for a workflow run2020-03-06T08:00:00Z2020-03-06T08:00:00Z<p>We are introducing a breaking change to the <a href="/v3/actions/workflow-jobs/#list-jobs-for-a-workflow-run">List jobs for a workflow run endpoint</a>.</p>
<p>The new default behavior will list jobs from the most recent execution of the workflow run. You can specify <code>all</code> with the <code>filter</code> parameter when you want to see all jobs for a particular workflow run, including from old executions of the workflow run.</p>
<p>Please update your code accordingly, and <a href="https://github.com/contact?form%5Bsubject%5D=API+Breaking+Change+List+Jobs+Workflow+Run">let us know</a> if you have any questions.</p>tag:developer.github.com,2020-02-26:/changes/2020-02-26-new-delete-reactions-endpoints/Replacing the "Delete reactions" endpoint2020-02-26T08:00:00Z2020-02-26T08:00:00Z<p>We are announcing a new set of "Deleting reactions" endpoints in the Reactions API to replace the existing "Delete reactions" endpoint <a href="/v3/reactions/#delete-a-reaction-legacy"><code>DELETE /reactions/:reaction_id</code></a>.</p>
<p>The new endpoints will allow us to scale and support the Reactions API long-term.</p>
<h3>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h3>
<p>The existing "Delete reaction" endpoint <a href="/v3/reactions/#delete-a-reaction-legacy">deleting a reaction</a> will be disabled a year from now at the earliest on February 1st 2021.</p>
<h3>
<a id="replacement-endpoints" class="anchor" href="#replacement-endpoints" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Replacement endpoints</h3>
<p>These are the new replacement Reaction API endpoints for deleting reactions:</p>
<ul>
<li>Delete a commit comment reaction
<ul>
<li><a href="/v3/reactions/#delete-a-commit-comment-reaction"><code>DELETE /repos/:owner/:repo/comments/:comment_id/reactions/:reaction_id</code></a></li>
</ul>
</li>
<li>Delete an issue reaction
<ul>
<li><a href="/v3/reactions/#delete-an-issue-reaction"><code>DELETE /repos/:owner/:repo/issues/:issue_number/reactions/:reaction_id</code></a></li>
</ul>
</li>
<li>Delete a reaction to a commit comment
<ul>
<li><a href="/v3/reactions/#delete-an-issue-comment-reaction"><code>DELETE /repos/:owner/:repo/issues/comments/:comment_id/reactions/:reaction_id</code></a></li>
</ul>
</li>
<li>Delete a pull request comment reaction
<ul>
<li><a href="/v3/reactions/#delete-a-pull-request-comment-reaction"><code>DELETE /repos/:owner/:repo/pulls/comments/:comment_id/reactions/:reaction_id</code></a></li>
</ul>
</li>
<li>Delete team discussion reaction
<ul>
<li><a href="/v3/reactions/#delete-team-discussion-reaction"><code>DELETE /orgs/:org/teams/:team_slug/discussions/:discussion_number/reactions/:reaction_id</code></a></li>
</ul>
</li>
<li>Delete team discussion comment reaction
<ul>
<li><a href="/v3/reactions/#delete-team-discussion-comment-reaction"><code>DELETE /orgs/:org/teams/:team_slug/discussions/:discussion_number/comments/:comment_number/reactions/:reaction_id</code></a></li>
</ul>
</li>
</ul>tag:developer.github.com,2020-02-14:/changes/2020-02-14-deprecating-password-auth/Deprecating password authentication2020-02-14T08:00:00Z2020-02-14T08:00:00Z<p>As mentioned in this <a href="/changes/2019-11-05-deprecated-passwords-and-authorizations-api">previous blog post</a>, GitHub no longer supports basic authentication using a username and password. Instead, we recommend using personal access tokens or the web application flow.</p>
<p>This deprecation has <strong><em>not</em></strong> been applied to GitHub Enterprise offerings yet. Please check the latest Enterprise <a href="https://enterprise.github.com/releases/">release notes</a> to learn when this deprecation is initiated and which version of GitHub Enterprise Server will have password authentication removed.</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h2>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, password authentication will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help find unmigrated endpoint calls.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>September 30, 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>October 28, 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h3>
<a id="removal" class="anchor" href="#removal" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal</h3>
<p>All password authentication will return a status code of <strong>401</strong> starting:</p>
<ul>
<li>November 13, 2020 at 16:00 UTC</li>
</ul>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p><strong>Using <code>username</code>/<code>password</code> for basic auth</strong></p>
<p>If you're using <code>username</code> and <code>password</code> to make API calls like:</p>
<pre class="highlight highlight-bash"><code>curl -u my_user:my_password https://api.github.com/user/repos
</code></pre>
<p>Instead, use a <a href="https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line">personal access token</a> when testing endpoints or doing local development:</p>
<pre class="highlight highlight-bash"><code>curl -H <span class="s1">'Authorization: token my_access_token'</span> https://api.github.com/user/repos
</code></pre>
<p>For OAuth Apps, you should use the <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a> to generate an OAuth token that's also used in the header:</p>
<pre class="highlight highlight-bash"><code>curl -H <span class="s1">'Authorization: token my-oauth-token'</span> https://api.github.com/user/repos
</code></pre>
<h2>
<a id="endpoints-affected" class="anchor" href="#endpoints-affected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints affected</h2>
<p><strong>All endpoints</strong> called using password authentication are affected.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+passwords+and+authorizations+api">let us know</a>!</p>tag:developer.github.com,2020-02-14:/changes/2020-02-14-deprecating-oauth-auth-endpoint/Deprecating OAuth Authorization API2020-02-14T08:00:00Z2020-02-14T08:00:00Z<p>As mentioned in this <a href="/changes/2019-11-05-deprecated-passwords-and-authorizations-api">previous blog post</a>, GitHub has deprecated the OAuth authorization endpoints and recommends that integrators switch to the <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a> to generate access tokens.</p>
<p>Since the OAuth Authorization API requires password authentication, this API will not work once <a href="/changes/2020-02-14-deprecating-password-auth">password authentication has been deprecated</a>.</p>
<p>This deprecation has <strong><em>not</em></strong> been applied to GitHub Enterprise offerings, yet. Though, we still recommend GHES customers to make the changes in their applications, if possible. Please check the latest Enterprise <a href="https://enterprise.github.com/releases/">release notes</a> to learn when deprecation is initiated and on which GHES version OAuth Authorization API will be removed.</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h2>
<h3>
<a id="removal-date" class="anchor" href="#removal-date" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal date</h3>
<p>All calls to the OAuth authorization endpoints will return a status code of 404 starting on:</p>
<ul>
<li>November 13, 2020 at 16:00 UTC</li>
</ul>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, calls to the old version of the OAuth Authorization API will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help find unmigrated endpoint calls.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>September 30, 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>October 28, 2020</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p><strong>Calls to OAuth Authorizations API</strong></p>
<p>If you're making <a href="/v3/oauth_authorizations/">OAuth Authorization API</a> calls to manage your OAuth app's authorizations or to create personal access or OAuth tokens like:</p>
<pre class="highlight highlight-bash"><code>curl -u my_username:my_password -X POST <span class="s2">"https://api.github.com/authorizations"</span> -d <span class="s1">'{"scopes":["public_repo"], "note":"my token", "client_id":"my_client_id", "client_secret":"my_client_secret"}'</span>
</code></pre>
<p>Then you must switch to the <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a> to generate access tokens.</p>
<h2>
<a id="endpoints-affected" class="anchor" href="#endpoints-affected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints affected</h2>
<p>The following list of <strong>OAuth authorization endpoints</strong> are deprecated:</p>
<ul>
<li><a href="/v3/oauth_authorizations/#list-your-authorizations"><code>GET /authorizations</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-a-single-authorization"><code>GET /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#create-a-new-authorization"><code>POST /authorizations</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-or-create-an-authorization-for-a-specific-app"><code>PUT /authorizations/clients/:client_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-or-create-an-authorization-for-a-specific-app-and-fingerprint"><code>PUT /authorizations/clients/:client_id/:fingerprint</code></a></li>
<li><a href="/v3/oauth_authorizations/#update-an-existing-authorization"><code>PATCH /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#delete-an-authorization"><code>DELETE /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#list-your-grants"><code>GET /applications/grants</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-a-single-grant"><code>GET /applications/grants/:grant_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#delete-a-grant"><code>DELETE /applications/grants/:grant_id</code></a></li>
</ul>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+passwords+and+authorizations+api">let us know</a>!</p>tag:developer.github.com,2020-02-14:/changes/2020-02-14-deprecating-oauth-app-endpoint/Deprecating OAuth Application API2020-02-14T08:00:00Z2020-02-14T08:00:00Z<p>As mentioned in this <a href="/changes/2019-11-05-deprecated-passwords-and-authorizations-api">previous blog post</a>, GitHub no longer supports the OAuth application endpoints and have replaced them with a version that moves the access token to the request body for improved security.</p>
<p>This deprecation has <strong><em>not</em></strong> been applied to GitHub Enterprise offerings yet. Please check the latest Enterprise <a href="https://enterprise.github.com/releases/">release notes</a> to learn when this deprecation is initiated and which version of GitHub Enterprise Server will have the OAuth Application API removed.</p>
<p>As an alternative to authorizing your app, you can use the web application flow or the device flow. The device flow doesn't require using the <code>client_secret</code> and can be used by headless apps. For more information, see "<a href="https://docs.github.com/en/developers/apps/authorizing-oauth-apps">Authorizing OAuth Apps</a>."</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h2>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, calls to the old version of OAuth application endpoints will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help find unmigrated endpoint calls.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>March 17, 2021</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>April 14, 2021</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h3>
<a id="removal-date" class="anchor" href="#removal-date" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal date</h3>
<p>All calls to the old version of the OAuth application endpoints will return a status code of 404 starting on:</p>
<ul>
<li>May 5, 2021 at 16:00 UTC</li>
</ul>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p><strong>Using calls to OAuth Application API</strong></p>
<p>If you're using the version of the <a href="/v3/apps/oauth_applications/">OAuth Application API</a> that includes <code>:access_token</code> in the path like:</p>
<pre class="highlight highlight-bash"><code>curl -u my_client_id:my_client_secret -X POST <span class="s2">"https://api.github.com/applications/123/tokens/my_access_token"</span>
</code></pre>
<p>Instead, you'll need to call the new version that moves <code>:access_token</code> in the request body:</p>
<pre class="highlight highlight-bash"><code>curl -u my_client_id:my_client_secret -X PATCH <span class="s2">"https://api.github.com/applications/123/token -d {"</span>access_token<span class="s2">": "</span>my_access_token<span class="s2">"}"</span>
</code></pre>
<p>See the list of OAuth application endpoints below that you'll need to replace with the new endpoints.</p>
<h2>
<a id="endpoints-affected" class="anchor" href="#endpoints-affected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints affected</h2>
<p>The following list of <strong>OAuth Application endpoints</strong> are deprecated and should be replaced with the new corresponding endpoints.</p>
<table>
<thead>
<tr>
<th>Deprecated Endpoint</th>
<th>Deprecated Path</th>
<th>New Endpoint</th>
<th>New Path</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="/v3/apps/oauth_applications/#check-an-authorization">Check an authorization</a></td>
<td><a href="/v3/apps/oauth_applications/#check-an-authorization"><code>GET /applications/:client_id/tokens/:access_token</code></a></td>
<td><a href="/v3/apps/oauth_applications/#check-a-token">Check a token</a></td>
<td><a href="/v3/apps/oauth_applications/#check-a-token"><code>POST /applications/:client_id/token</code></a></td>
</tr>
<tr>
<td><a href="/v3/apps/oauth_applications/#reset-an-authorization">Reset an authorization</a></td>
<td><a href="/v3/apps/oauth_applications/#reset-an-authorization"><code>POST /applications/:client_id/tokens/:access_token</code></a></td>
<td><a href="/v3/apps/oauth_applications/#reset-a-token">Reset a token</a></td>
<td><a href="/v3/apps/oauth_applications/#reset-a-token"><code>PATCH /applications/:client_id/token</code></a></td>
</tr>
<tr>
<td><a href="/v3/apps/oauth_applications/#revoke-an-authorization-for-an-application">Revoke app authorization</a></td>
<td><a href="/v3/apps/oauth_applications/#revoke-an-authorization-for-an-application"><code>DELETE /applications/:client_id/tokens/:access_token</code></a></td>
<td><a href="/v3/apps/oauth_applications/#delete-an-app-token">Delete app token</a></td>
<td><a href="/v3/apps/oauth_applications/#delete-an-app-token"><code>DELETE /applications/:client_id/token</code></a></td>
</tr>
<tr>
<td><a href="/v3/apps/oauth_applications/#revoke-a-grant-for-an-application">Revoke app grant</a></td>
<td><a href="/v3/apps/oauth_applications/#revoke-a-grant-for-an-application"><code>DELETE /applications/:client_id/grants/:access_token</code></a></td>
<td><a href="/v3/apps/oauth_applications/#delete-an-app-authorization">Delete app authorization</a></td>
<td><a href="/v3/apps/oauth_applications/#delete-an-app-authorization"><code>DELETE /applications/:client_id/grant</code></a></td>
</tr>
</tbody>
</table>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+passwords+and+authorizations+api">let us know</a>!</p>tag:developer.github.com,2020-02-10:/changes/2020-02-10-deprecating-auth-through-query-param/Deprecating API authentication through query parameters2020-02-10T08:00:00Z2020-02-10T08:00:00Z<p>As mentioned in this <a href="/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters">previous blog post</a>, GitHub no longer supports authentication through query parameters. Instead, we recommend users move the authentication in the header.</p>
<p>This deprecation has <strong><em>not</em></strong> been applied to GitHub Enterprise offerings yet. We still recommend GitHub Enterprise customers make changes in their applications if possible. Please check the latest Enterprise <a href="https://enterprise.github.com/releases/">release notes</a> to learn when this deprecation is initiated and which version of GitHub Enterprise Server will have authorization through query parameters removed.</p>
<h2>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h2>
<h3>
<a id="brownouts" class="anchor" href="#brownouts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Brownouts</h3>
<p>During a brownout, authentication using query parameters will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help them find unmigrated authentication calls.</p>
<p>The brownouts are scheduled for:</p>
<ul>
<li>
<p>March 17, 2021</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
<li>
<p>April 14, 2021</p>
<ul>
<li>From 07:00 UTC to 10:00 UTC</li>
<li>From 16:00 UTC to 19:00 UTC</li>
</ul>
</li>
</ul>
<h3>
<a id="removal-date" class="anchor" href="#removal-date" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Removal date</h3>
<p>All authentication using query parameters will return a status code of 401 like all other auth failures starting on:</p>
<ul>
<li>May 5, 2021 at 16:00 UTC</li>
</ul>
<h2>
<a id="changes-to-make" class="anchor" href="#changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Changes to make</h2>
<p>Starting on May 5, 2021, using <code>access_token</code> as a query parameter to access the API (as a user or as a GitHub App) or using <code>client_id</code>/<code>client_secret</code> to make OAuth app unauthenticated calls will be disabled. For examples, see below.</p>
<p>Common uses of <code>access_token</code> as a query param include:</p>
<ul>
<li>Direct calls to the GitHub API using <a href="https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line">personal access tokens</a>
</li>
<li>GitHub Apps that make <a href="/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/">user-to-server</a> calls on behalf of the user or with Apps using <a href="/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation">installation tokens</a> to manage repositories.</li>
</ul>
<p><strong>Using <code>access_token</code> as a query param</strong></p>
<p>If you're currently making an API call similar to</p>
<pre class="highlight highlight-bash"><code>curl <span class="s2">"https://api.github.com/user/repos?access_token=my_access_token"</span>
</code></pre>
<p>Instead, you should send the token in the header:</p>
<pre class="highlight highlight-bash"><code>curl -H <span class="s1">'Authorization: token my_access_token'</span> https://api.github.com/user/repos
</code></pre>
<p>For details on how to <em>generate</em> a token, see "<a href="https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line">Creating a personal access token</a>."</p>
<p>For details on how to <em>set</em> the token, see these <a href="/v3/#oauth2-token-sent-in-a-header">guidelines</a>.</p>
<p><strong>Using <code>client_id</code>/<code>client_secret</code> as a query param</strong></p>
<p>If you're using an OAuth app's <code>client_id</code> and <code>client_secret</code> to make unauthenticated calls with a higher rate limit similar to</p>
<pre class="highlight highlight-bash"><code>curl <span class="s2">"https://api.github.com/user/repos?client_id=my_client_id&client_secret=my_secret_id"</span>
</code></pre>
<p>Instead, you should use the following format:</p>
<pre class="highlight highlight-bash"><code>curl -u my_client_id:my_client_secret https://api.github.com/user/repos
</code></pre>
<h2>
<a id="endpoints-affected" class="anchor" href="#endpoints-affected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints affected</h2>
<p>All requests to endpoints that use the above style of authentication are affected.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+passwords+and+authorizations+api">let us know</a>!</p>tag:developer.github.com,2020-02-03:/changes/2020-02-03-stale-conclusion/Automatically marking old incomplete check runs as `stale`2020-02-03T08:00:00Z2020-02-03T08:00:00Z<p>If a check run is in an incomplete state for more than 14 days, GitHub will automatically change the check run's <code>conclusion</code> to <code>stale</code>. The new <code>stale</code> state will be denoted with the <span class="octicon octicon-issue-reopened" aria-label="The issue-reopened icon " title="The issue-reopened icon "></span> symbol and behaves similarly to the <code>timed_out</code> and <code>canceled</code> conclusions. When GitHub marks a check run as stale, a <a href="/webhooks/event-payloads/#check_run">check run webhook event</a> is triggered. </p>
<p>This will prevent old incomplete check runs from stopping apps that rely on the <code>completed</code> <a href="/webhooks/event-payloads/#check_suite">check suite event</a> to trigger a flow. </p>
<p>Only GitHub can mark check runs as <code>stale</code>. For more information about possible conclusions of a check run, see the <a href="/v3/checks/runs/#parameters"><code>conclusion</code> parameter</a>.</p>
<p>This new behavior will go into effect after February 26th, 2020. All incomplete check runs older than 14 days will be marked stale. This feature will roll out slowly over a couple of days.</p>tag:developer.github.com,2020-01-28:/changes/2020-01-28-actions-api/Actions API2020-01-28T08:00:00Z2020-01-28T08:00:00Z<div class="alert product"><p>
GitHub Actions is available with GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, and GitHub One. GitHub Actions is not available for private repositories owned by accounts using legacy per-repository plans. For more information, see <a href="https://help.github.com/github/getting-started-with-github/githubs-products">GitHub's products</a> in the GitHub Help documentation.
</p></div>
<p><strong>UPDATE (2020-02-19):</strong> The <a href="/v3/actions/">Actions API</a> now includes the new <a href="/v3/actions/artifacts/#list-artifacts-for-a-repository">List artifacts for a repository</a> endpoint.</p>
<p><strong>UPDATE (2020-02-18):</strong> The <a href="/v3/actions/workflow-runs/">Actions API for workflow runs</a> will replace <code>check_suite_id</code> with <code>check_suite_url</code> in responses to better adhere to API conventions.</p>
<p>The <a href="/v3/actions/">Actions API</a> enables you to manage GitHub Actions using the REST API. This
includes the management of Secrets and Self-hosted runners.</p>
<p>The following endpoints in the <a href="/v3/actions/">Actions API</a> are available for you to use:</p>
<ul>
<li><a href="/v3/actions/artifacts">Artifacts</a></li>
<li><a href="/v3/actions/secrets">Secrets</a></li>
<li><a href="/v3/actions/self-hosted-runners">Self-hosted runners</a></li>
<li><a href="/v3/actions/workflows">Workflows</a></li>
<li><a href="/v3/actions/workflow-jobs">Workflow Jobs</a></li>
<li><a href="/v3/actions/workflow-runs">Workflow Runs</a></li>
</ul>
<p>During the public beta period, we may change aspects of these APIs based on developer feedback.
If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=actions+api+public+beta">let us know</a>!</p>tag:developer.github.com,2020-01-22:/changes/2020-01-22-everest-preview-graduated/Creating a repository dispatch event now official part of GitHub API2020-01-22T08:00:00Z2020-01-22T08:00:00Z<p>The "Creating a repository dispatch event" endpoint no longer requires the <code>everest</code> preview.</p>
<pre><code> application/vnd.github.everest-preview+json
</code></pre>
<p>For more information about this endpoint, see the "<a href="/v3/repos/#create-a-repository-dispatch-event">Create a repository dispatch event</a>."</p>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2020-01-21:/changes/2020-01-21-moving-the-team-api-endpoints/Moving the teams API2020-01-21T08:00:00Z2020-01-21T08:00:00Z<p>We are announcing a new set of endpoints in the Teams API. The new endpoints will allow us to scale and support the Teams API long-term.</p>
<p>The Team APIs will be moving from a top-level path under <code>/teams/:team_id</code> to a scoped path under the organization that owns the team with a path like <code>/organizations/:org_id/team/:team_id</code>. In this move we also are adding support to making these APIs available under a named path as well with <code>/orgs/:org/teams/:team_slug</code>.</p>
<h3>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h3>
<p>The existing API endpoints will be disabled a year from now at the earliest on February 1st 2021.</p>
<h3>
<a id="what-changes-to-make" class="anchor" href="#what-changes-to-make" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>What changes to make</h3>
<p>If you're already using an API endpoint under <code>/teams/:team_id</code>, the easiest way to update your code is to switch to the <code>/organizations/:org_id/team/:team_id</code> endpoint. If you're unsure what <code>org_id</code> to use, you can find it by retrieving the current team under <code>/teams/:team_id</code>. You'll find the <code>org_id</code> inside the <code>organization</code> hash as the <code>id</code> field in the response.</p>
<div class="alert note">
<p><strong>Note:</strong> The endpoint routes using organization and team <code>id</code> use the singular <code>team</code>. The plural form of the route already exists. For example, <code>/organizations/:org_id/teams/:team_slug</code>.</p>
</div>
<h3>
<a id="endpoints-affected" class="anchor" href="#endpoints-affected" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Endpoints affected</h3>
<p>These endpoints are being deprecated:</p>
<ul>
<li><a href="/v3/teams/#get-a-team-legacy"><code>GET /teams/:team_id</code></a></li>
<li><a href="/v3/teams/#update-a-team-legacy"><code>PATCH /teams/:team_id</code></a></li>
<li><a href="/v3/teams/#delete-a-team-legacy"><code>DELETE /teams/:team_id</code></a></li>
<li><a href="/v3/teams/#list-child-teams-legacy"><code>GET /teams/:team_id/teams</code></a></li>
<li><a href="/v3/teams/#list-team-repositories-legacy"><code>GET /teams/:team_id/repos</code></a></li>
<li><a href="/v3/teams/#check-team-permissions-for-a-repository-legacy"><code>GET /teams/:team_id/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#add-or-update-team-repository-permissions-legacy"><code>PUT /teams/:team_id/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#remove-a-repository-from-a-team-legacy"><code>DELETE /teams/:team_id/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#list-team-projects-legacy"><code>GET /teams/:team_id/projects</code></a></li>
<li><a href="/v3/teams/#check-team-permissions-for-a-project-legacy"><code>GET /teams/:team_id/projects/:project_id</code></a></li>
<li><a href="/v3/teams/#add-or-update-team-project-permissions-legacy"><code>PUT /teams/:team_id/projects/:project_id</code></a></li>
<li><a href="/v3/teams/#remove-a-project-from-a-team-legacy"><code>DELETE /teams/:team_id/projects/:project_id</code></a></li>
</ul>
<p>These are the new replacement team API endpoints:</p>
<ul>
<li><a href="/v3/teams/#get-a-team-by-name"><code>GET /orgs/:org/teams/:team_slug</code></a></li>
<li><a href="/v3/teams/#update-a-team"><code>PATCH /orgs/:org/teams/:team_slug</code></a></li>
<li><a href="/v3/teams/#delete-a-team"><code>DELETE /orgs/:org/teams/:team_slug</code></a></li>
<li><a href="/v3/teams/#list-child-teams"><code>GET /orgs/:org/teams/:team_slug/teams</code></a></li>
<li><a href="/v3/teams/#list-team-repositories"><code>GET /orgs/:org/teams/:team_slug/repos</code></a></li>
<li><a href="/v3/teams/#check-team-permissions-for-a-repository"><code>GET /orgs/:org/teams/:team_slug/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#add-or-update-team-repository-permissions"><code>PUT /orgs/:org/teams/:team_slug/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#remove-a-repository-from-a-team"><code>DELETE /orgs/:org/teams/:team_slug/repos/:owner/:repo</code></a></li>
<li><a href="/v3/teams/#list-team-projects"><code>GET /orgs/:org/teams/:team_slug/projects</code></a></li>
<li><a href="/v3/teams/#check-team-permissions-for-a-project"><code>GET /orgs/:org/teams/:team_slug/projects/:project_id</code></a></li>
<li><a href="/v3/teams/#add-or-update-team-project-permissions"><code>PUT /orgs/:org/teams/:team_slug/projects/:project_id</code></a></li>
<li><a href="/v3/teams/#remove-a-project-from-a-team"><code>DELETE /orgs/:org/teams/:team_slug/projects/:project_id</code></a></li>
</ul>
<p>As mentioned, these new replacement team API endpoints are available both as <code>/orgs/:org/teams/:team_slug</code> for name based access, and as <code>/organizations/:org_id/team/:team_id</code> for <code>id</code> based access.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Moving+the+teams+API">let us know</a>!</p>tag:developer.github.com,2020-01-10:/changes/2020-01-10-revoke-installation-token/Revoke GitHub Apps installation tokens with the REST API2020-01-10T08:00:00Z2020-01-10T08:00:00Z<p>Now you can revoke GitHub App installation tokens using the REST API.</p>
<p>To access this new endpoint during the preview period, you must provide a custom <a href="/v3/media">media type</a> in the <code>Accept</code> header:</p>
<pre><code>application/vnd.github.gambit-preview+json
</code></pre>
<p>During the preview period, we may change aspects of these API endpoints based on developer feedback.
If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.</p>
<p>For more information, see the "<a href="/v3/apps/installations/#revoke-an-installation-access-token">Revoke an installation access token</a>" endpoint.</p>tag:developer.github.com,2020-01-08:/changes/2020-01-08-source-imports-now-official-part-of-API/The Source Import API ends preview2020-01-08T08:00:00Z2020-01-08T08:00:00Z<p>The Source Import API is now an official part of the GitHub API.</p>
<p>To use the Source Import API, you no longer need the <code>barred-rock</code> preview.</p>
<pre><code>application/vnd.github.barred-rock-preview
</code></pre>
<p>For more information about this API, see "<a href="/v3/migrations/source_imports/">Source Imports API</a>."</p>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2019-12-13:/changes/2019-12-13-graduated-previews-announced/Several API previews graduate2019-12-13T08:00:00Z2019-12-13T08:00:00Z<p>There are several features that are now officially part of the <a href="/v3/">GitHub REST API v3</a>.</p>
<p>To use the affected API endpoints, you no longer need to pass preview headers. Before these previews graduated, you had to include preview headers as a custom <a href="/v3/media">media type</a> in the <code>Accept</code> header to use these endpoints.</p>
<h3>
<a id="graduated-previews" class="anchor" href="#graduated-previews" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Graduated previews</h3>
<ul>
<li>
<p>To transfer a repository, you no longer need the Nightshade preview.</p>
<pre><code>application/vnd.github.nightshade-preview+json
</code></pre>
</li>
<li>
<p>To invite users to an organization, you no longer need to use the Dazzler preview.</p>
<pre><code>application/vnd.github.dazzler-preview+json
</code></pre>
</li>
<li>
<p>To access the Team Discussions API, you no longer need the Echo preview.</p>
<pre><code>application/vnd.github.echo-preview+json
</code></pre>
</li>
<li>
<p>To use emoji in label names, add descriptions to labels or search for labels in a repository, you no longer need to use the Symmetra preview.</p>
<pre><code>application/vnd.github.symmetra-preview+json
</code></pre>
</li>
<li>
<p>To retrieve someone's hovercard information in different contexts using the Hovercard API, you no longer need the Hagar preview.</p>
<pre><code>application/vnd.github.hagar-preview+json
</code></pre>
</li>
<li>
<p>To see nested teams in your responses or use the <a href="/v3/teams/#list-child-teams">Nested Teams API</a>, you no longer need the Hellcat preview.</p>
<pre><code>application/vnd.github.hellcat-preview+json
</code></pre>
</li>
</ul>
<p>Thanks again to everyone that tried out these API features during the preview period.</p>tag:developer.github.com,2019-12-03:/changes/2019-12-03-internal-visibility-changes/API changes to support internal repository visibility2019-12-03T08:00:00Z2019-12-03T08:00:00Z<p>Customers with an enterprise account using GitHub Enterprise Cloud and GitHub Enterprise Server 2.20+ have access to a third visibility option beyond public and private, called <a href="https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-repository-visibility#about-internal-repositories">internal</a>. We've made some recent API changes to support this option.</p>
<h3>
<a id="repository-creation-policy" class="anchor" href="#repository-creation-policy" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Repository Creation Policy</h3>
<p>The REST v3 and GraphQL v4 APIs now support setting and retrieving granular repository creation permissions.</p>
<h4>
<a id="rest-v3-api" class="anchor" href="#rest-v3-api" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>REST v3 API</h4>
<p>In the REST v3 API, <a href="/v3/orgs/#get-an-organization">Get an organization</a>
and <a href="/v3/orgs/#update-an-organization">Update an organization</a> endpoints have three
new fields added to the existing <code>surtur</code> preview:</p>
<ul>
<li><code>members_can_create_public_repositories</code></li>
<li><code>members_can_create_private_repositories</code></li>
<li><code>members_can_create_internal_repositories</code></li>
</ul>
<p>In <a href="/v3/orgs/#get-an-organization">Get an organization</a> and <a href="/v3/orgs/#update-an-organization">Update an organization</a>, the existing <code>members_allowed_repository_creation_type</code> field remains for backward compatibility but is deprecated and will be removed in the future. Its return value ignores internal repositories.</p>
<p>Values provided in the new fields while <a href="/v3/orgs/#update-an-organization">editing an organization</a> override the existing <code>members_allowed_repository_creation_type</code> field.</p>
<h4>
<a id="graphl-v4-api" class="anchor" href="#graphl-v4-api" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>GraphL v4 API</h4>
<p>Similar changes apply to the GraphQL v4 API. The <a href="/v4/object/enterpriseownerinfo/"><code>EnterpriseOwnerInfo</code> object</a> has three new fields indicating the policy setting for Enterprise accounts:</p>
<ul>
<li><code>membersCanCreatePublicRepositoriesSetting</code></li>
<li><code>membersCanCreatePrivateRepositoriesSetting</code></li>
<li><code>membersCanCreateInternalRepositoriesSetting</code></li>
</ul>
<p>These new fields coexist with the old <code>membersCanCreateRepositoriesSetting</code> which does not account for internal repository creation policy. This field is now deprecated and will be removed in the future.</p>
<p>The <a href="/v4/input_object/updateenterprisememberscancreaterepositoriessettinginput/"><code>UpdateEnterpriseMembersCanCreateRepositoriesSetting</code> mutation</a> includes four new input fields:</p>
<ul>
<li>
<code>membersCanCreateRepositoriesPolicyEnabled</code>, which toggles enterprise policy enforcement over organizations.</li>
<li><code>membersCanCreatePublicRepositories</code></li>
<li><code>membersCanCreatePrivateRepositories</code></li>
<li><code>membersCanCreateInternalRepositories</code></li>
</ul>
<p>These new fields coexist with the old <code>settingValue</code> which does not account for internal repository creation policy. This field is also deprecated and will be removed in the future.</p>
<h3>
<a id="repository-visibility-fields" class="anchor" href="#repository-visibility-fields" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Repository Visibility Fields</h3>
<p>You can now set and retrieve the visibility of a repository with a new field that accommodates <code>internal</code> repositories, which are available to enterprise accounts using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. In the REST v3 API, you will see the following changes:</p>
<p>These endpoints show <code>visibility</code> key in the response:</p>
<ul>
<li> <a href="/v3/repos/#list-repositories-for-the-authenticated-user">List repositories for the authenticated user</a>
</li>
<li> <a href="/v3/repos/#list-repositories-for-a-user">List repositories for a user</a>
</li>
<li><a href="/v3/repos/#list-organization-repositories">List organization repositories</a></li>
<li><a href="/v3/repos/#create-a-repository-for-the-authenticated-user">Create a repository for the authenticated user</a></li>
<li><a href="/v3/repos/#create-a-repository-using-a-template">Create a repository using a template</a></li>
<li><a href="/v3/repos/#get-a-repository">Get a repository</a></li>
<li><a href="/v3/repos/#update-a-repository">Update a repository</a></li>
</ul>
<p>These endpoints have new input parameters:</p>
<ul>
<li>
<a href="/v3/repos/#create-a-repository-for-the-authenticated-user">Create a repository for the authenticated user</a> has a new <code>visibility</code> field which can be <code>public</code>, <code>private</code>, or <code>internal</code>. A value provided here overrides any value set in the existing <code>private</code> field.</li>
<li>
<a href="/v3/repos/#update-a-repository">Update a repository</a> also has a new <code>visibility</code> field with the same behavior as the <a href="/v3/repos/#create-a-repository-for-the-authenticated-user">Create a repository for the authenticated user</a> endpoint.</li>
<li>
<a href="/v3/repos/#list-organization-repositories">List organization repositories</a> has a new <code>internal</code> input option for the <code>type</code> parameter.</li>
</ul>
<p>To access the <code>visibility</code> field for any of these endpoints, you must provide a custom media type in the Accept header:</p>
<pre><code>application/vnd.github.nebula-preview+json
</code></pre>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=API+changes+to+support+internal+repository+visibility">let us know</a>.</p>tag:developer.github.com,2019-11-12:/changes/2019-11-12-managing-enterprise-accounts/Introducing the "Managing enterprise accounts" GraphQL API2019-11-12T08:00:00Z2019-11-12T08:00:00Z<p>Now you can manage your enterprise account using the GraphQL API, which efficiently returns just the data you request. This API is designed to handle all of your enterprise account management needs, from monitoring account settings, access changes, and users within your enterprise. The Managing Enterprise Accounts API is available for GitHub Enterprise Cloud and for GitHub Enterprise Server.</p>
<p>For more information, see "<a href="/v4/guides/managing-enterprise-accounts">Managing enterprise accounts</a>."</p>tag:developer.github.com,2019-11-05:/changes/2019-11-05-deprecated-passwords-and-authorizations-api/Deprecated APIs and authentication2019-11-05T08:00:00Z2019-11-05T08:00:00Z<p>We are announcing deprecations that will improve the security of GitHub apps and APIs, but we haven't removed anything yet. We hope that communicating this information early will help you plan for the authentication and authorization changes you will need to make.</p>
<h3>
<a id="deprecation-timeline" class="anchor" href="#deprecation-timeline" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecation timeline</h3>
<p>We will provide more information during the following few months, including the exact timeline for discontinuing the support of these deprecations. While we are not removing anything right now, we will follow up with a blog post that outlines the changes and the timeline in which we will no longer support the following deprecated endpoints and authentication methods. </p>
<h3>
<a id="authenticating-using-passwords" class="anchor" href="#authenticating-using-passwords" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Authenticating using passwords</h3>
<p>GitHub is deprecating password authentication to the API. Instead of using password authentication, create a personal access token using your <a href="https://help.github.com/articles/creating-an-access-token-for-command-line-use">Personal access tokens settings page</a> in limited situations like testing. You should authenticate apps in production by using the web applications flow. For more information, see "<a href="/apps/building-oauth-apps/authorizing-oauth-apps/">Authorizing OAuth Apps</a>."</p>
<h3>
<a id="authenticating-using-query-parameters" class="anchor" href="#authenticating-using-query-parameters" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Authenticating using query parameters</h3>
<p>GitHub is deprecating authentication to the GitHub API using query parameters, such as using a <code>access_token</code> query parameter for OAuth user authentication or a <code>client_id</code>/<code>client_secret</code> query parameter for OAuth application authentication. All authentication to the GitHub API should be done using <a href="/v3/auth/#via-oauth-and-personal-access-tokens">HTTP basic authentication</a>.</p>
<h3>
<a id="authenticating-with-saml-organizations" class="anchor" href="#authenticating-with-saml-organizations" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Authenticating with SAML organizations</h3>
<p>Apps must use the <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a> to obtain OAuth tokens that work with GitHub SAML organizations. OAuth tokens created using the <a href="/v3/oauth_authorizations">Authorizations API</a> are unable to access resources for GitHub SAML organizations.</p>
<h3>
<a id="deprecating-and-adding-endpoints-for-the-oauth-authorizations-and-oauth-applications-apis" class="anchor" href="#deprecating-and-adding-endpoints-for-the-oauth-authorizations-and-oauth-applications-apis" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Deprecating and adding endpoints for the OAuth Authorizations and OAuth Applications APIs</h3>
<p>GitHub is deprecating the <a href="/v3/oauth_authorizations">Authorizations API</a>, which includes these endpoints:</p>
<ul>
<li><a href="/v3/oauth_authorizations/#list-your-authorizations"><code>GET /authorizations</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-a-single-authorization"><code>GET /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#create-a-new-authorization"><code>POST /authorizations</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-or-create-an-authorization-for-a-specific-app"><code>PUT /authorizations/clients/:client_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#get-or-create-an-authorization-for-a-specific-app-and-fingerprint"><code>PUT /authorizations/clients/:client_id/:fingerprint</code></a></li>
<li><a href="/v3/oauth_authorizations/#update-an-existing-authorization"><code>PATCH /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#delete-an-authorization"><code>DELETE /authorizations/:authorization_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#list-your-grants"><code>GET /applications/grants</code></a></li>
<li><a href="/v3//oauth_authorizations/#get-a-single-grant"><code>GET /applications/grants/:grant_id</code></a></li>
<li><a href="/v3/oauth_authorizations/#delete-a-grant"><code>DELETE /applications/grants/:grant_id</code></a></li>
</ul>
<p>Some client-side integrations use the deprecated Authorizations API to create personal access tokens and OAuth access tokens. These tokens must now be created using our <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a>. When appropriate, personal access tokens can still be created by the user on the <a href="https://github.com/settings/tokens">Personal access tokens</a> page. However, most integrations should <a href="https://github.com/settings/applications/new">register themselves</a> as an OAuth application and use the web application flow to obtain an OAuth access token.</p>
<p>GitHub has replaced several deprecated endpoints with new ones. You can now find both the deprecated and new endpoints in the <a href="/v3/apps/oauth_applications">OAuth Applications API</a>. Specifically, we have deprecated OAuth Applications API endpoints containing an OAuth token as a path parameter:</p>
<ul>
<li><a href="/v3/apps/oauth_applications/#check-an-authorization"><code>GET /applications/:client_id/tokens/:access_token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#reset-an-authorization"><code>POST /applications/:client_id/tokens/:access_token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#revoke-an-authorization-for-an-application"><code>DELETE /applications/:client_id/tokens/:access_token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#revoke-a-grant-for-an-application"><code>DELETE /applications/:client_id/grants/:access_token</code></a></li>
</ul>
<p>These new endpoints replace the deprecated endpoints:</p>
<ul>
<li><a href="/v3/apps/oauth_applications/#check-a-token"><code>POST /applications/:client_id/token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#reset-a-token"><code>PATCH /applications/:client_id/token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#delete-an-app-token"><code>DELETE /applications/:client_id/token</code></a></li>
<li><a href="/v3/apps/oauth_applications/#delete-an-app-authorization"><code>DELETE /applications/:client_id/grant</code></a></li>
</ul>
<h3>
<a id="updating-command-line-utilities-to-use-localhost-based-redirect-urls" class="anchor" href="#updating-command-line-utilities-to-use-localhost-based-redirect-urls" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Updating command-line utilities to use localhost-based redirect URLs</h3>
<p>Command-line tools now support a web-based flow by using localhost-based redirect URLs and specifying a port. We have extended our support for localhost-based redirect URLs to securely improve the experience of command-line utilities for client-side integrations. Historically these tools have relied on the Authorizations API, and they have not been able to easily register an OAuth URL callback to use with our OAuth <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">web application flow</a>. Please see our documentation on <a href="/apps/building-oauth-apps/authorizing-oauth-apps/#localhost-redirect-urls">redirect URLs</a> for more information.</p>
<p>If you have any questions or feedback, please <a href="https://github.com/contact?form%5Bsubject%5D=Deprecated+passwords+and+authorizations+api">let us know</a>!</p>tag:developer.github.com,2019-10-23:/changes/2019-10-23-get-installations-for-org/List GitHub App installations for an organization2019-10-23T07:00:00Z2019-10-23T07:00:00Z<p>Now as an organization owner, you can <a href="/v3/orgs/#list-app-installations-for-an-organization">list all GitHub App installations</a> for an organization using the REST API. You must be an organization owner with <code>admin:read</code> scope to use this endpoint. The installation count includes all GitHub Apps installed on repositories in the organization.</p>
<pre><code>GET /orgs/:org/installations
</code></pre>
<p>To list all GitHub App installations for an organization, you must provide the <code>machine-man</code> custom <a href="/v3/media">media type</a> in the <code>Accept</code> header:</p>
<pre><code>application/vnd.github.machine-man-preview+json
</code></pre>
<p>During the preview period, we may change aspects of these APIs based on developer feedback.</p>
<p>If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice. If you have any questions or feedback, <a href="https://github.com/contact?form%5Bsubject%5D=Feedback:+Listing+GitHub+App+installations+for+an+organization+via+the+API">let us know</a>.</p>tag:developer.github.com,2019-10-04:/changes/2019-10-04-end-mister-fantastic-preview/GitHub Pages features become an official part of the REST API2019-10-04T07:00:00Z2019-10-04T07:00:00Z<p>The features that are a part of the GitHub Pages <code>mister-fantastic-preview</code> are now available on GitHub.com and will be available in the next versions of GitHub Enterprise (2.19 and higher). You will no longer need to pass a preview header to use most GitHub Pages API endpoints.</p>
<h3>
<a id="preview-media-type-no-longer-needed" class="anchor" href="#preview-media-type-no-longer-needed" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Preview media type no longer needed</h3>
<p>Now that the preview period has ended (first announced in <a href="/changes/2016-07-06-github-pages-preview-api/">July 2016</a>), you no longer need to pass the <code>mister-fantastic-preview</code> custom media type. Instead, we recommend that you specify v3 as the version in the Accept header:</p>
<pre><code>application/vnd.github.v3+json
</code></pre>
<p>Please note that if you use GitHub Enterprise versions 2.8 to 2.18, you will still need to provide this custom media type in the Accept header:</p>
<pre><code>application/vnd.github.mister-fantastic-preview+json
</code></pre>
<p><strong><em>Onward!</em></strong>
Thanks again to everyone that tried out these GitHub Pages API features during the preview period.</p>