Breaking changes to creating webhooks via the API

August 9, 2017
gjtorikian
bswinnerton

An urgent fix was released today related to creating and editing webhooks for repositories and organizations. Before today, if an existing webhook was modified to accept an event that did not exist, the REST API would respond with a status code of 200 and all of the configuration settings would be wiped out.

This issue affected the following endpoints:

As of around 12:30PM EST today, if you pass an invalid event as part of the events array input to one of those endpoints, the REST API will respond with a 422 status code. A full list of valid events can be found on this page.

Prior to this fix, the REST API accepted webhook events that no longer exist. Those events were:

download
follow
fork_apply
gist

The API has not allowed new webhooks to be created with these events since September 2013. If your webhooks are being created or edited to accept these events, they too will now begin responding with a 422 status code.

Normally, we provide several months' advance notice before making changes to our API, but because of the security implications, we pushed this out as soon as possible. We have not noticed an increase of 422s as a result, but we apologize for any inconvenience this may cause.

This content may be out of date. For the newest content, see the API posts on the GitHub Blog.

All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.