Merge methods API is now official

We're making the Merge methods API part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.polaris-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

Note: During the preview period, we initially added a squash property in the payload to the pull request merge endpoint. This property was superseded by a merge_method property to support both "squash and merge" as well as "rebase and merge" operations. With the end of the preview period, support for the squash property was removed in favor of the merge_method property.

If you have any questions or feedback, please get in touch with us!

Organization Memberships API is now official

We're making the Organization Membership part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.korra-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

If you have any questions or feedback, please get in touch with us!

Protected Branches API Admin Enforcement Updates

Today we're releasing an addition to the Protected Branches API preview, the ability to turn on and off admin settings in one place!

This will be a breaking change in the near future. To make the transition easier, we're allowing you to set admin settings the old way by passing include_admins for required_status_checks or required_pull_request_reviews on the general update branch protection endpoint until ~April 21, 2017~ May 2, 2017. At that point, the only way to change your admin settings will be to pass enforce_admins, and passing include_admins will receive 404 responses.

To access Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Discontinue support for weak cryptographic standards

GitHub is announcing the immediate deprecation, and eventual disablement, of our use of the following cryptographic standards:

  • TLSv1/TLSv1.1 - This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
  • diffie-hellman-group1-sha1 - This applies to all SSH connections to github.com.
  • diffie-hellman-group14-sha1 - This applies to all SSH connections to github.com.

All of the above will be disabled on February 1, 2018.

For full details on the deprecation, please see our GitHub Engineering blog post.

As always, if you have any questions, please get in touch.

Community Health API Improvements

Based on initial feedback to our Community Health API, we have made some breaking changes to what the API returns in response to a request. These changes make available more detailed information about each of the files that contributes to the overall health score.

As before, you can access this API during the preview period by providing a custom media type in the Accept header:

application/vnd.github.black-panther-preview

For example:

curl "https://api.github.com/repos/github/hubot/community/profile" \
  -H 'Authorization: token TOKEN' \
  -H "Accept: application/vnd.github.black-panther-preview"

For details on the data returned from this endpoint, refer to the documentation.

If you have any questions or feedback, please let us know.

New user blocking APIs and webhook

You've been able to block users from your personal account and from organizations you administer for a while now. Starting today, you can block and unblock users via the API and can subscribe to receive a webhook when you do.

Blocking users from your personal account

Blocking a user denies them access to your activity and repositories, and prevents them from sending you notifications. With the user blocking API preview, you can block and unblock a particular user, see which users you've blocked, and check whether you've blocked a particular user.

For example, to block the @octocat user from your personal account:

curl https://api.github.com/user/blocks/octocat \
 -X PUT
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Blocking users from your organization

Organization owners can block users to remove their ability to collaborate on the organization's repositories. With the organization user blocking API, organization administrators can see which users the organization has blocked, check if a particular user is blocked, and of course, block or unblock users from the organization.

For example, to get a list of the users that the @atom organization has blocked:

curl https://api.github.com/orgs/atom/blocks \
 -X GET
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Accessing the user blocking API during the Early Access period

To access the user blocking API during the Early Access period, you must provide a custom media type in the Accept header:

application/vnd.github.giant-sentry-fist-preview+json

During the preview period, we may change aspects of these API methods based on developer feedback. If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.

New webhook: OrgBlockEvent

You can now subscribe to a new webhook event for when an organization blocks or unblocks a user. You'll automatically begin receiving these events if your organization has a webhook that is subscribed to wildcard events. As always, we continue to recommend listening for the actions in order to future-proof your code.

The new OrgBlockEvent contains the following payload:

  • action - Either blocked or unblocked
  • blocked_user - The user that was blocked or unblocked
  • organization - The organization that blocked or unblocked the user
  • sender - The user who sent the blocking/unblocking request on behalf of the organization

As always, if you have any questions or feedback, please get in touch with us.

API changes for Community Health

GitHub cares about healthy communities forming and thriving around open source projects. To promote and support these kinds of projects, we are introducing Community Health metrics to the platform.

We've created a new GitHub endpoint to retrieve community health metrics for any public repository.

You can enable these changes during the preview period by providing a custom media type in the Accept header:

application/vnd.github.black-panther-preview

For example:

curl "https://api.github.com/repos/github/hubot/community/profile" \
  -H 'Authorization: token TOKEN' \
  -H "Accept: application/vnd.github.black-panther-preview"

If you have any questions or feedback, please let us know.

New Webhooks for Projects

We're releasing new webhook events for projects. You'll automatically begin receiving these events if you have a webhook that is subscribed to wildcard events. As always, we continue to recommend listening for the actions in order to future-proof your code.

The new events and actions are detailed below.

ProjectEvent

  • created: sent when a project is created.
  • edited: sent when a project's name and/or body are updated.
  • deleted: sent when a project is deleted.

ProjectColumnEvent

  • created: sent when a project column is created.
  • edited: sent when a project column's name is updated.
  • deleted: sent when a project column is deleted.
  • moved: sent when a project column is moved to new position.

ProjectCardEvent

  • created: sent when a project card is created.
  • edited: sent when a project card's note changes.
  • deleted: sent when a project card is deleted.
  • moved: sent when a project card is moved to a new position.
  • converted: sent when a project card that was a note is converted to an issue.

If you have any questions or feedback, please get in touch!

Audit outside collaborators for two-factor authentication

We've updated the Organization Memberships API preview to include a new filter for listing outside collaborators without two-factor authentication enabled:

curl -H "Authorization: token [yours]" \
       "https://api.github.com/orgs/[orgname]/outside_collaborators?filter=2fa_disabled"

Happy auditing and send us your feedback or questions.

Update to organization and team invitations APIs

We've updated the Organization Memberships API preview to include the inviter response attribute in the organization and team invitations APIs.

As always, if you have any questions or feedback, please get in touch.