User Agent mandatory from March 4th 2013

  • January 31, 2013
  • Avatar for agh agh

Following on from our previous post about requiring requests to include a valid User Agent header we will soon be changing our API servers to return HTTP 403 to any clients not providing a valid User Agent header.

We will be making this change on Monday, March 4th 2013.

Setting this helps us identify requests from you, and get in touch with people who are using the API in a way which causes disruption to GitHub. Most HTTP libraries and tools like cURL already provide a valid header for you, and allow you to customize it, so this will not require many of our users to make any changes whatsoever.

If you have any questions or feedback, please drop us a line.

New User scopes

We've added a few new user scopes for 3rd party applications that want very specific user functionality. The user:email scope gives apps read-only access to a user's private email addresses. The user:follow scope lets a user follow and unfollow other users.

This should help keep applications from requiring the user scope, which can be potentially dangerous.

We also added a read-only endpoint to get a user's public SSH keys.


Diff and patch media types

Starting today, you can get .diff and .patch content directly from the API for the following resources:

Simply use the same resource URL and send either application/vnd.github.diff or application/vnd.github.patch in the Accept header:

curl -H "Accept: application/vnd.github.diff" $
diff --git a/tmux/tmux.conf.symlink b/tmux/tmux.conf.symlink
index 1f599cb..abaf625 100755
--- a/tmux/tmux.conf.symlink
+++ b/tmux/tmux.conf.symlink
@@ -111,6 +111,7 @@ set-option -g base-index 1
 ## enable mouse
 set-option -g mouse-select-pane on
 set-option -g mouse-select-window on
+set-option -g mouse-resize-pane on
 set-window-option -g mode-keys vi
 set-window-option -g mode-mouse on
 # set-window-option -g monitor-activity off

Pagination for Organization Repository lists now paginates properly

  • December 9, 2012
  • Avatar for rick rick


Improvements continue to the Organizations Repository listing endpoint. Today we're improving pagination so that it works as documented. Now you can expect Link headers to navigate through the results space, regardless of what you send in the type parameter.

The docs for Organization Repositories queries are still here:

EDIT: Link headers are our preferred navigation technique.

Finding sources and fork repositories for organizations

  • December 8, 2012
  • Avatar for rick rick

We've made a couple of changes today to the Organization repositories listing to bring it a bit closer to the functionality of the Organization repositories tab. We now let you retrieve repositories which are forks of another repository, as well as those repositories which are sources (not forks).

# Grab all fork Repositories for an Organization
curl ""
# Grab all source Repositories for an Organization
curl ""

Check out the docs for sorting and filtering options:

Create an OAuth authorization for an app

The Authorizations API is an easy way to create an OAuth authorization using Basic Auth. Just POST your desired scopes and optional note and you get a token back:

curl -u pengwynn -d '{"scopes": ["user", "gist"]}' \

This call creates a token for the authenticated user tied to a special "API" OAuth application.

We now support creating tokens for your own OAuth application by passing your twenty character client_id and forty character client_secret as found in the settings page for your OAuth application.

curl -u pengwynn -d '{ \
                     "scopes": ["user", "gist"], \
                     "client_id": "abcdeabcdeabcdeabcdeabcde" \
                     "client_secret": "abcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcde" \
                    }' \ '

No more implementing the web flow just to get a token tied to your app's rate limit.

Per-repository Review and Issue Comment listing

You've always been able to grab all the commit comments for an entire repository via the API, but to get Issue comments and Pull Request Review Comments, you could only fetch the comments for a single Issue or Pull Request.

Today, we're introducing two new methods to grab all Issue Comments and Review Comments for a repository.

# Grab all Issue Comments
# Grab all Review Comments

Check out the docs for sorting and filtering options:

Gitignore Templates API

We recently made it easy to initialize a repository when you create it via the API. One of the options you can pass when creating a repository is gitignore_template. This value is the name of one of the templates from the public GitHub .gitignore repository.

The Gitignore Templates API makes it easy to list those templates:

HTTP/1.1 200 OK

If you'd like to view the source, you can also fetch a single template.

curl -H 'Accept: application/vnd.github.raw' \
HTTP/1.1 200 OK
# Xcode

Forking to Organizations

We made a slight change to the way you fork a repository. By default, you can fork my repository through an HTTP POST to the repository's fork resource.

curl -X POST

This repository forks to your personal account. However, there are cases when you want to fork to one of your organizations instead. The previous method required a ?org query parameter:

curl -X POST /repos/technoweenie/faraday/forks?org=mycompany

Query parameters on POST requests are unusual in APIs, and definitely inconsistent with the rest of the GitHub API. You should be able to post a JSON body like every other POST endpoint. Now, you can! Only, now we're calling the field organization.

curl /repos/technoweenie/faraday/forks?org=mycompany \
 -d '{"organization": "mycompany"}'

Don't worry, we are committed to maintaining the legacy behavior until the next major change of the GitHub API.

Gist comment URIs

The URIs of all gist comments are changing immediately. The new URI pattern for gist comments is /gists/{gist-id}/comments/{id}. (See gist comments section of the docs for more details.) This change is necessary because the auto-incremented ids of gist comments are easy to guess. This predictability allows anyone to view comments on private Gists with relative ease. Obviously, comments on private gists should be just as private as the gist itself.

Adding the gist id to the URI of comments makes it impossible, in practical terms, to guess that URI because the id of private gists are very large random numbers. This is, unfortunately, a breaking change but one that cannot be avoided because of the security implications of the current URIs. We apologize for the inconvenience.

We have also added a comments_url member to the Gist documents. The comments_url link provides access to the comments of a Gist in a way that will insulate clients from changes in the URI patterns used by the GitHub API. We are increasing our use of links in order to make changes such as this one less damaging to clients. We strongly encourage using url and *_url properties, where possible, rather than constructing URIs using the patterns published on this site. Doing so will result in clients that break less often.