Integrations Pre-Release

Last September, we launched the Early Access program of GitHub Integrations, a new option for extending GitHub. Today, we're adding some new features and moving Integrations into pre-release so you can begin using Integrations within your production workflows.

Enabling users to login from your Integration

Users can now login via your Integration, using the OAuth protocol, allowing you to identify users and display data to them from the relevant installations.

An Integration can now make authorized API requests on behalf of a user, for example to deploy code or create an issue. When an Integration needs to fetch or create any information for a user, it should authenticate as that user to make these user-to-server requests. You can check which installations a user has access to via a new endpoint:

GET /user/installations?access_token=...

User via Integration action screenshot

More details can be found in Authenticating as a user via an Integration.

For regular server-to-server requests, for example creating a deployment status as the Integration, an Integration should continue to authenticate as itself for the specific installation.

Updating an Integration's permissions

When you create an Integration, you specify which permissions it needs, for example the ability to read issues or create deployments. You can now update the requested permissions, via Settings > Developer settings > Integrations, when the needs of your Integration change.

Accept permissions screenshot

Users will be prompted to accept these changes, and enable the new permissions on their installation.

You can check which permissions an installation has via the Integrations API, which now includes which permissions are available to each installation.

Post-Installation Setup

You can now configure a Setup URL for your Integration, to redirect users to after they install your integration, if additional setup is required on your end.

How can I try it?

To access Integrations, you must first sign the pre-release agreement.

Anyone can then register an Integration on GitHub via Settings > Developer settings > Integrations, and manage an existing Integration from the same place.

More information on getting started can be found in our developer documentation.

To access the Integrations API functionality during the Pre-release, you’ll need to provide the following custom media type in the Accept header:

application/vnd.github.machine-man-preview+json

Give us your feedback

Come talk to us, in the new Platform forum.

Protected Branches API - Dismiss Stale Reviews

Today we're introducing an addition to the Protected Branches API preview. You will now be able to turn on and off the ability to dismiss stale reviews.

To access Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Announcing the new GitHub Developer Program

Iteration is an essential part of building anything, be it an application, a company...even a developer program. Over the past few months we've had conversations with thousands of developers from all over the globe. Thanks to the insights and feedback shared with us, today we're announcing two exciting changes to the program.

First, we're opening access to the Developer Program to users without a paid account. That means almost any developer, at any stage of production, can take advantage of this opportunity. Second, we've introduced participation levels that will allow members to receive not only benefits from GitHub and our partners, but a path to successful development for your next great application.

Here's how the levels work:

Level 1

If you're just getting started, or need a little help getting off the ground, this level provides you with tools to learn more about the GitHub API and join our integrator community, such as dedicated Developer Program content and events.

Level 2

At this crucial stage, you've already launched a successful app — now we'll help you grow by taking full advantage of level 1 benefits as well as GitHub.com credits and network discounts.

Level 3

At this level, you're maintaining your successful application, and thinking about how to grow. You'll receive level 1 and 2 benefits, as well as GDP member spotlights and consulting services to help you scale successfully, among other rewards.

If you're already enrolled in the GitHub Developer Program, no action is needed on your end. You will receive an email detailing your level, as well as your benefits. If you'd like to join the GitHub Developer Program, visit our homepage to sign up.

If you have any questions or feedback, please get in touch with us!

Protected Branches API Pull Request Review Dismissal Restrictions

Today we're releasing an addition to the Protected Branches API preview, the ability to restrict dismissals to a specific group of users and teams.

To access the Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Merge methods API is now official

We're making the Merge methods API part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.polaris-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

Note: During the preview period, we initially added a squash property in the payload to the pull request merge endpoint. This property was superseded by a merge_method property to support both "squash and merge" as well as "rebase and merge" operations. With the end of the preview period, support for the squash property was removed in favor of the merge_method property.

If you have any questions or feedback, please get in touch with us!

Organization Memberships API is now official

We're making the Organization Membership part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.korra-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

If you have any questions or feedback, please get in touch with us!

Protected Branches API Admin Enforcement Updates

Today we're releasing an addition to the Protected Branches API preview, the ability to turn on and off admin settings in one place!

This will be a breaking change in the near future. To make the transition easier, we're allowing you to set admin settings the old way by passing include_admins for required_status_checks or required_pull_request_reviews on the general update branch protection endpoint until ~April 21, 2017~ May 2, 2017. At that point, the only way to change your admin settings will be to pass enforce_admins, and passing include_admins will receive 404 responses.

To access Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Discontinue support for weak cryptographic standards

GitHub is announcing the immediate deprecation, and eventual disablement, of our use of the following cryptographic standards:

  • TLSv1/TLSv1.1 - This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
  • diffie-hellman-group1-sha1 - This applies to all SSH connections to github.com.
  • diffie-hellman-group14-sha1 - This applies to all SSH connections to github.com.

All of the above will be disabled on February 1, 2018.

For full details on the deprecation, please see our GitHub Engineering blog post.

As always, if you have any questions, please get in touch.

Community Health API Improvements

Based on initial feedback to our Community Health API, we have made some breaking changes to what the API returns in response to a request. These changes make available more detailed information about each of the files that contributes to the overall health score.

As before, you can access this API during the preview period by providing a custom media type in the Accept header:

application/vnd.github.black-panther-preview

For example:

curl "https://api.github.com/repos/github/hubot/community/profile" \
  -H 'Authorization: token TOKEN' \
  -H "Accept: application/vnd.github.black-panther-preview"

For details on the data returned from this endpoint, refer to the documentation.

If you have any questions or feedback, please let us know.

New user blocking APIs and webhook

You've been able to block users from your personal account and from organizations you administer for a while now. Starting today, you can block and unblock users via the API and can subscribe to receive a webhook when you do.

Blocking users from your personal account

Blocking a user denies them access to your activity and repositories, and prevents them from sending you notifications. With the user blocking API preview, you can block and unblock a particular user, see which users you've blocked, and check whether you've blocked a particular user.

For example, to block the @octocat user from your personal account:

curl https://api.github.com/user/blocks/octocat \
 -X PUT
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Blocking users from your organization

Organization owners can block users to remove their ability to collaborate on the organization's repositories. With the organization user blocking API, organization administrators can see which users the organization has blocked, check if a particular user is blocked, and of course, block or unblock users from the organization.

For example, to get a list of the users that the @atom organization has blocked:

curl https://api.github.com/orgs/atom/blocks \
 -X GET
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Accessing the user blocking API during the Early Access period

To access the user blocking API during the Early Access period, you must provide a custom media type in the Accept header:

application/vnd.github.giant-sentry-fist-preview+json

During the preview period, we may change aspects of these API methods based on developer feedback. If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.

New webhook: OrgBlockEvent

You can now subscribe to a new webhook event for when an organization blocks or unblocks a user. You'll automatically begin receiving these events if your organization has a webhook that is subscribed to wildcard events. As always, we continue to recommend listening for the actions in order to future-proof your code.

The new OrgBlockEvent contains the following payload:

  • action - Either blocked or unblocked
  • blocked_user - The user that was blocked or unblocked
  • organization - The organization that blocked or unblocked the user
  • sender - The user who sent the blocking/unblocking request on behalf of the organization

As always, if you have any questions or feedback, please get in touch with us.