Improved timezone handling in the API
We have improved support for handling timezones in our API. For example, if you create commits through the API, we now allow for specifying timezone information more accurately.
We apply the following rules, in order of priority, to determine timezone information for API calls:
Explicitly provide an ISO 8601 timestamp with timezone information
For API calls that allow for a timestamp to be specified, we use that exact
timestamp. An example of this is the Commits API which allows
for specifying the date
property.
{
"message": "my commit message",
"author": {
"name": "Dirkjan Bussink",
"email": "d.bussink@gmail.com",
"date": "2014-02-27T15:05:06+01:00"
},
"parents": [
"7d1b31e74ee336d15cbd21741bc88a537ed063a0"
],
"tree": "827efc6d56897b048c772eb4087f854f46256132"
}
Time-Zone
header
Using the It is possible to supply a Time-Zone
header which defines a timezone according
to the list of names from the Olson database.
curl -H "Time-Zone: Europe/Amsterdam" -X POST https://api.github.com/repos/github/linguist/contents/new_file.md
This means that we generate a timestamp for the moment your API call is made in the timezone this header defines. For example, the Contents API generates a git commit for each addition or change and uses the current time as the timestamp. This header will determine the timezone used for generating that current timestamp.
Using the last known timezone for the user
If no Time-Zone
header is specified and you make an authenticated call to the
API, we use the last known timezone for the authenticated user. The last know
timezone is updated whenever you browse the GitHub.com website.
UTC
If the steps above don't result in any information, we use UTC as the timezone to create the git commit.
If you have any questions or feedback, don't hesitate to contact us!
New Payload Format for Deployments
As we iterate on the preview for the new Deployments API, we're making sure that it's friendly to work with for the apps built on top of it.
Deserialize Deployment Payloads
To make the API even easier to use, we'll now return your custom payload as a JSON object along with the rest of the Deployment resource. No need to parse it as JSON again.
Code You Need to Update
You should only need to remove the JSON parsing if you're taking advantage of the custom payloads. The formats for creating Deployments remain unchanged.
As always, if you have any questions or feedback, please get in touch.
Query enhancements for listing issues and pull requests
We've made it even easier to list all issues and pull requests via the API.
The state
parameter now supports a value of all
that will return issues and
pull requests regardless of state.
curl https://api.github.com/repos/atom/vim-mode/issues\?state\=all
We've also introduced new sorting options for [listing pull requests]pull
requests. You can now sort pull requests by created
, updated
,
popularity
, and long-running
.
curl https://api.github.com/repos/rails/rails/pulls\?sort\=long-running\&direction\=desc
Happy querying. If you have any questions or feedback get in touch.
OAuth scopes for organization and team resources
As a follow up to the new scopes we announced yesterday, we've introduced even more OAuth scopes for working with organization and team resources:
-
read:org
provides read-only access to organizations, teams, and membership. -
write:org
allows an application to publicize and unpublicize an organization membership. -
admin:org
enables an application to fully manage organizations, teams, and memberships.
Check out the full list of OAuth scopes supported by the API to ensure your application asks for only the permissions it needs. As always, if you have any questions or feedback, get in touch.
Finer-grained OAuth scopes for SSH keys
As we announced, we've made some important changes to the way that API consumers manage SSH keys.
Finer-grained OAuth scopes
To help third party applications request only permissions that they need, the API now supports three new scopes for working with a user's public SSH keys.
-
read:public_key
provides read access to the user's SSH keys -
write:public_key
allows an app to read existing keys and create new ones -
admin:public_key
enables an app to read, write, and delete keys
user
scope
Changes to Historically, user
scope has provided full access to manage a user's SSH keys. Now that we have dedicated scopes for managing a user's SSH keys, we have removed those permissions from the user
scope. Now user
scope will no longer provide access to SSH keys. Applications that need this access should request one of the new scopes described above.
Keys are now immutable
To simplify the security audit trail for SSH keys, we're making keys immutable. API consumers can continue to create keys and delete keys as needed, but keys can no longer be changed. To change an existing key, API consumers should delete the existing key and create a new one with the desired attributes. This change applies both to a user's SSH keys and a repository's deploy keys.
Deleting keys when revoking a token
Also any keys created via an OAuth token from this point forward will be deleted when that token is revoked.
As always, if you have any questions or feedback, please get in touch.
Wildcard Event for Webhooks
We've made a small change to make it easier for webhook integrators to receive "everything".
Instead of adding every event to your webhook, you can now opt-in to all events (including
all new events in the future) by using the wildcard event (*
).
If you add this event to an existing webhook, we'll remove the existing specific events and send you payloads for all supported events. As we add new events, you'll automatically begin receiving those too.
Gist raw file URI change
The raw host for all Gist files is changing immediately. This change was made to further isolate user content from trusted GitHub applications.
The new host is https://gist.githubusercontent.com
. Existing URIs will redirect to the new host.
Repository Contributors and Empty Repositories
We've made a small change to the Repository Contributors API in the way empty repositories are handled. Previously, the API returned a 404 Not Found
status when the list of contributors was fetched for an empty repository. To improve consistency with other API endpoints and reduce confusion, the API now returns a 204 No Content
status instead.
If you notice any strangeness, just let us know.
Introducing the Pages API
We've created a new API to GitHub Pages. This API is accessible by owners of a Pages repo, whether it's owned by an individual or an organization.
With the Pages API, you can get information about your site, as well as details on previous Pages builds.
Enjoy!
New scopes for managing repository hooks
Many third party services need to set up hooks in order to act upon events in your repositories. Today, we've introduced three new scopes that provide more granular access to your repository hooks without allowing access to your repository contents:
-
read:repo_hook
grants read and ping access to hooks in public or private repositories. -
write:repo_hook
grants read, write, and ping access to hooks in public or private repositories. -
admin:repo_hook
grants read, write, ping, and delete access to hooks in public or private repositories.
As always, if you have any questions or feedback, get in touch.