Create, update, and delete individual files

We're following in the footsteps of's ability to edit and create files in your web browser. Starting today, the Repository Contents API will let you easily create, update, and even delete individual files.

Happy editing!

Repository Statistics

Today we're happy to open our Repository Statistics API to everyone. We're using repository statistics to power our graphs, but we can't wait to see what others can do with this information.

Starting today, these resources are available to you:


Commit Statuses Now Available for Branches and Tags

  • April 30, 2013
  • Avatar for foca foca

Last week we announced support for build statuses in the branches page. Now we are extending this to the API. The API endpoint for commit statuses has been extended to allow branch and tag names, as well as commit SHAs.



Improved Support for Submodules in the Repository Contents API

When you view a repository with a submodule on, you get useful links and information for the submodule.

Repository Contents with Submodule

Today we're making that data available in the Repository Contents API.


  "name": "qunit",
  "path": "test/qunit",
  "type": "submodule",
 "submodule_git_url": "git://",
 "sha": "6ca3721222109997540bd6d9ccd396902e0ad2f9",
 "size": 0,
 "url": "",
 "git_url": "",
 "html_url": "",
 "_links": {
   "self": "",
    "git": "",
    "html": ""

If you have any questions or feedback, please drop us a line.

Deprecating a Confusing Attribute in the Pull Request API

EDIT: As of January 2017, we have decided not to deprecate this field for REST API.

When you get the details for a Pull Request from the API, the response provides everything there is to know about that Pull Request. In addition to the useful information provided in the API response, the JSON also includes the merge_commit_sha attribute. This attribute is a frequent source of misunderstanding, and we aim to remove the confusion.

To help current API consumers, we've documented the attribute for improved understanding.

To protect future API consumers from this confusion, we have deprecated the merge_commit_sha attribute, and we will remove it in the next major version of the API.

As always, if you have any questions or feedback, please drop us a line.

User Agent now mandatory

After an almost six week grace period, we're now enforcing the User Agent header for all API requests. Most HTTP libraries (including cURL) set this header by default. If you're experiencing an increase in 403 responses, be sure and check your code.

If you have any questions or feedback, please drop us a line.

New Hookshot Changes

We are experimenting with changes to the "Hookshot" backend that powers service hooks. There were some significant networking changes with the new cluster, so there are some new IP whitelist rules for hooks:


These are in CIDR notation. They represent a significant range of GitHub addresses, meaning this should be the last IP change for a while. Once this cluster is activated and we shut the other cluster down, we will be removing the other entries.

We are currently testing the new backend with all repositories in the GitHub organization only, and expect to start testing it with user data next week.

This also means we should be able to start accepting GitHub Services pull requests very soon :)

Sortable Stars in Repository Starring API

As we announced on the GitHub blog, Stars now support sorting. The Repository Starring API now supports two new parameters when listing Stars: sort and direction.



Hookshot Load balancer

We had an issue with the Hookshot load balancer this morning, causing the majority of hooks to flow to a single node only. This lead to massive queue times. While fixing this, we're putting the old Services backend in use.

This means the old IPs are back in use. Use this Help guide if you already removed them from your firewall.

Some Hookshot Issues

We turned Hookshot (our new GitHub Services backend) on yesterday. Things have been pretty smooth, with one issue: Hooks going to other EC2 nodes come from the private IP addresses of our nodes in the 10...* range.

If your web hook servers are on EC2 and are missing hooks from GitHub due to an IP restriction, we recommend the following:

  1. Remove the IP white list.
  2. Fall back to HTTPS and Basic Auth to restrict pushes to authorized senders only.

We're currently working on solving this problem.