Rate limit changes for unauthenticated requests

To ensure a high quality of service for all API consumers, we’ve reduced the default rate limit for unauthenticated requests. To enjoy the default rate limit of 5,000 requests per hour, you’ll need to authenticate via Basic Auth or OAuth. Unauthenticated requests will be limited to 60 per hour unless you include your OAuth client and secret.

We’ll soon require all requests to include a valid User Agent header. Setting a unique value for this header helps us identify requests and get in touch with developers who are abusing the API. Most HTTP libraries, wrapper libraries, and even cURL provide a valid header for you already and allow you to change it to something unique to your application.

If you have any questions or feedback, please drop us a line at support@github.com.