Add a single repository to an installation. The authenticated user must have admin access to the repository.
You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.
octokit.apps.addRepoToInstallation({installation_id,repository_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
| repository_id | yes |
See also: GitHub Developer Guide documentation.
OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.
octokit.apps.checkToken({client_id,access_token,});
| name | required | description |
|---|---|---|
| client_id | yes | The client ID of your GitHub app. |
| access_token | yes | The access_token of the OAuth application. |
See also: GitHub Developer Guide documentation.
Creates an attachment under a content reference URL in the body or comment of an issue or pull request. Use the id of the content reference from the content_reference event to create an attachment.
The app must create a content attachment within six hours of the content reference URL being posted. See "Using content attachments" for details about content attachments.
You must use an installation access token to access this endpoint.
octokit.apps.createContentAttachment({content_reference_id,title,body,});
| name | required | description |
|---|---|---|
| content_reference_id | yes | |
| title | yes | The title of the attachment |
| body | yes | The body of the attachment |
See also: GitHub Developer Guide documentation.
Use this endpoint to complete the handshake necessary when implementing the GitHub App Manifest flow. When you create a GitHub App with the manifest flow, you receive a temporary code used to retrieve the GitHub App's id, pem (private key), and webhook_secret.
octokit.apps.createFromManifest({code,});
| name | required | description |
|---|---|---|
| code | yes |
See also: GitHub Developer Guide documentation.
Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access. To restrict the access to specific repositories, you can provide the repository_ids when creating the token. When you omit repository_ids, the response does not contain the repositories key.
You must use a JWT to access this endpoint.
octokit.apps.createInstallationAccessToken({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
| repositories | no | List of repository names that the token should have access to |
| repository_ids | no | List of repository IDs that the token should have access to |
| permissions | no | The permissions granted to the user-to-server access token. |
| permissions.actions | no | The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be one of: |
| permissions.administration | no | The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be one of: |
| permissions.checks | no | The level of permission to grant the access token for checks on code. Can be one of: |
| permissions.content_references | no | The level of permission to grant the access token for notification of content references and creation content attachments. Can be one of: |
| permissions.contents | no | The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be one of: |
| permissions.deployments | no | The level of permission to grant the access token for deployments and deployment statuses. Can be one of: |
| permissions.environments | no | The level of permission to grant the access token for managing repository environments. Can be one of: |
| permissions.issues | no | The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be one of: |
| permissions.metadata | no | The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be one of: |
| permissions.packages | no | The level of permission to grant the access token for packages published to GitHub Packages. Can be one of: |
| permissions.pages | no | The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. Can be one of: |
| permissions.pull_requests | no | The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. Can be one of: |
| permissions.repository_hooks | no | The level of permission to grant the access token to manage the post-receive hooks for a repository. Can be one of: |
| permissions.repository_projects | no | The level of permission to grant the access token to manage repository projects, columns, and cards. Can be one of: |
| permissions.secret_scanning_alerts | no | The level of permission to grant the access token to view and manage secret scanning alerts. Can be one of: |
| permissions.secrets | no | The level of permission to grant the access token to manage repository secrets. Can be one of: |
| permissions.security_events | no | The level of permission to grant the access token to view and manage security events like code scanning alerts. Can be one of: |
| permissions.single_file | no | The level of permission to grant the access token to manage just a single file. Can be one of: |
| permissions.statuses | no | The level of permission to grant the access token for commit statuses. Can be one of: |
| permissions.vulnerability_alerts | no | The level of permission to grant the access token to retrieve Dependabot alerts. Can be one of: |
| permissions.workflows | no | The level of permission to grant the access token to update GitHub Actions workflow files. Can be one of: |
| permissions.members | no | The level of permission to grant the access token for organization teams and members. Can be one of: |
| permissions.organization_administration | no | The level of permission to grant the access token to manage access to an organization. Can be one of: |
| permissions.organization_hooks | no | The level of permission to grant the access token to manage the post-receive hooks for an organization. Can be one of: |
| permissions.organization_plan | no | The level of permission to grant the access token for viewing an organization's plan. Can be one of: |
| permissions.organization_projects | no | The level of permission to grant the access token to manage organization projects, columns, and cards. Can be one of: |
| permissions.organization_secrets | no | The level of permission to grant the access token to manage organization secrets. Can be one of: |
| permissions.organization_self_hosted_runners | no | The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. Can be one of: |
| permissions.organization_user_blocking | no | The level of permission to grant the access token to view and manage users blocked by the organization. Can be one of: |
| permissions.team_discussions | no | The level of permission to grant the access token to manage team discussions and related comments. Can be one of: |
See also: GitHub Developer Guide documentation.
OAuth application owners can revoke a grant for their OAuth application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.
octokit.apps.deleteAuthorization({client_id,});
| name | required | description |
|---|---|---|
| client_id | yes | The client ID of your GitHub app. |
| access_token | no | The OAuth access token used to authenticate to the GitHub API. |
See also: GitHub Developer Guide documentation.
Uninstalls a GitHub App on a user, organization, or business account. If you prefer to temporarily suspend an app's access to your account's resources, then we recommend the "Suspend an app installation" endpoint.
You must use a JWT to access this endpoint.
octokit.apps.deleteInstallation({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
See also: GitHub Developer Guide documentation.
OAuth application owners can revoke a single token for an OAuth application. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password.
octokit.apps.deleteToken({client_id,});
| name | required | description |
|---|---|---|
| client_id | yes | The client ID of your GitHub app. |
| access_token | no | The OAuth access token used to authenticate to the GitHub API. |
See also: GitHub Developer Guide documentation.
Returns the GitHub App associated with the authentication credentials used. To see how many app installations are associated with this GitHub App, see the installations_count in the response. For more details about your app's installations, see the "List installations for the authenticated app" endpoint.
You must use a JWT to access this endpoint.
octokit.apps.getAuthenticated();
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Note: The :app_slug is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., https://github.com/settings/apps/:app_slug).
If the GitHub App you specify is public, you can access this endpoint without authenticating. If the GitHub App you specify is private, you must authenticate with a personal access token or an installation access token to access this endpoint.
octokit.apps.getBySlug({app_slug,});
| name | required | description |
|---|---|---|
| app_slug | yes |
See also: GitHub Developer Guide documentation.
Enables an authenticated GitHub App to find an installation's information using the installation id. The installation's account type (target_type) will be either an organization or a user account, depending which account the repository belongs to.
You must use a JWT to access this endpoint.
octokit.apps.getInstallation({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
See also: GitHub Developer Guide documentation.
Enables an authenticated GitHub App to find the organization's installation information.
You must use a JWT to access this endpoint.
octokit.apps.getOrgInstallation({org,});
| name | required | description |
|---|---|---|
| org | yes |
See also: GitHub Developer Guide documentation.
Enables an authenticated GitHub App to find the repository's installation information. The installation's account type will be either an organization or a user account, depending which account the repository belongs to.
You must use a JWT to access this endpoint.
octokit.apps.getRepoInstallation({owner,repo,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes |
See also: GitHub Developer Guide documentation.
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.getSubscriptionPlanForAccount({account_id,});
| name | required | description |
|---|---|---|
| account_id | yes | account_id parameter |
See also: GitHub Developer Guide documentation.
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.getSubscriptionPlanForAccountStubbed({account_id,});
| name | required | description |
|---|---|---|
| account_id | yes | account_id parameter |
See also: GitHub Developer Guide documentation.
Enables an authenticated GitHub App to find the user’s installation information.
You must use a JWT to access this endpoint.
octokit.apps.getUserInstallation({username,});
| name | required | description |
|---|---|---|
| username | yes |
See also: GitHub Developer Guide documentation.
Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."
You must use a JWT to access this endpoint.
octokit.apps.getWebhookConfigForApp();
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Returns user and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.listAccountsForPlan({plan_id,});
| name | required | description |
|---|---|---|
| plan_id | yes | plan_id parameter |
| sort | no | One of |
| direction | no | To return the oldest accounts first, set to |
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Returns repository and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.listAccountsForPlanStubbed({plan_id,});
| name | required | description |
|---|---|---|
| plan_id | yes | plan_id parameter |
| sort | no | One of |
| direction | no | To return the oldest accounts first, set to |
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
List repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access for an installation.
The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.
You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint.
The access the user has to each repository is included in the hash under the permissions key.
octokit.apps.listInstallationReposForAuthenticatedUser({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
You must use a JWT to access this endpoint.
The permissions the installation has are included under the permissions key.
octokit.apps.listInstallations();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
| since | no | Only show notifications updated after the given time. This is a timestamp in ISO 8601 format: |
| outdated | no |
See also: GitHub Developer Guide documentation.
Lists installations of your GitHub App that the authenticated user has explicit permission (:read, :write, or :admin) to access.
You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint.
The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.
You can find the permissions for the installation under the permissions key.
octokit.apps.listInstallationsForAuthenticatedUser();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Lists all plans that are part of your GitHub Marketplace listing.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.listPlans();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Lists all plans that are part of your GitHub Marketplace listing.
GitHub Apps must use a JWT to access this endpoint. OAuth Apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.apps.listPlansStubbed();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
List repositories that an app installation can access.
You must use an installation access token to access this endpoint.
octokit.apps.listReposAccessibleToInstallation();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Lists the active subscriptions for the authenticated user. You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint. . OAuth Apps must authenticate using an OAuth token.
octokit.apps.listSubscriptionsForAuthenticatedUser();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Lists the active subscriptions for the authenticated user. You must use a user-to-server OAuth access token, created for a user who has authorized your GitHub App, to access this endpoint. . OAuth Apps must authenticate using an OAuth token.
octokit.apps.listSubscriptionsForAuthenticatedUserStubbed();
| name | required | description |
|---|---|---|
| per_page | no | Results per page (max 100) |
| page | no | Page number of the results to fetch. |
See also: GitHub Developer Guide documentation.
Remove a single repository from an installation. The authenticated user must have admin access to the repository.
You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.
octokit.apps.removeRepoFromInstallation({installation_id,repository_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
| repository_id | yes |
See also: GitHub Developer Guide documentation.
OAuth applications can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
octokit.apps.resetToken({client_id,access_token,});
| name | required | description |
|---|---|---|
| client_id | yes | The client ID of your GitHub app. |
| access_token | yes | The access_token of the OAuth application. |
See also: GitHub Developer Guide documentation.
Revokes the installation token you're using to authenticate as an installation and access this endpoint.
Once an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the "Create an installation access token for an app" endpoint.
You must use an installation access token to access this endpoint.
octokit.apps.revokeInstallationAccessToken();
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Exchanges a non-repository scoped user-to-server OAuth access token for a repository scoped user-to-server OAuth access token. You can specify which repositories the token can access and which permissions are granted to the token. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
octokit.apps.scopeToken({client_id,});
| name | required | description |
|---|---|---|
| client_id | yes | The client ID of your GitHub app. |
| access_token | no | Required. The OAuth access token used to authenticate to the GitHub API. |
| target | no | The name of the user or organization to scope the user-to-server access token to. Required unless |
| target_id | no | The ID of the user or organization to scope the user-to-server access token to. Required unless |
| repositories | no | The list of repository IDs to scope the user-to-server access token to. |
| repository_ids | no | The list of repository names to scope the user-to-server access token to. |
| permissions | no | The permissions granted to the user-to-server access token. |
| permissions.actions | no | The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be one of: |
| permissions.administration | no | The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be one of: |
| permissions.checks | no | The level of permission to grant the access token for checks on code. Can be one of: |
| permissions.content_references | no | The level of permission to grant the access token for notification of content references and creation content attachments. Can be one of: |
| permissions.contents | no | The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be one of: |
| permissions.deployments | no | The level of permission to grant the access token for deployments and deployment statuses. Can be one of: |
| permissions.environments | no | The level of permission to grant the access token for managing repository environments. Can be one of: |
| permissions.issues | no | The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be one of: |
| permissions.metadata | no | The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be one of: |
| permissions.packages | no | The level of permission to grant the access token for packages published to GitHub Packages. Can be one of: |
| permissions.pages | no | The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. Can be one of: |
| permissions.pull_requests | no | The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. Can be one of: |
| permissions.repository_hooks | no | The level of permission to grant the access token to manage the post-receive hooks for a repository. Can be one of: |
| permissions.repository_projects | no | The level of permission to grant the access token to manage repository projects, columns, and cards. Can be one of: |
| permissions.secret_scanning_alerts | no | The level of permission to grant the access token to view and manage secret scanning alerts. Can be one of: |
| permissions.secrets | no | The level of permission to grant the access token to manage repository secrets. Can be one of: |
| permissions.security_events | no | The level of permission to grant the access token to view and manage security events like code scanning alerts. Can be one of: |
| permissions.single_file | no | The level of permission to grant the access token to manage just a single file. Can be one of: |
| permissions.statuses | no | The level of permission to grant the access token for commit statuses. Can be one of: |
| permissions.vulnerability_alerts | no | The level of permission to grant the access token to retrieve Dependabot alerts. Can be one of: |
| permissions.workflows | no | The level of permission to grant the access token to update GitHub Actions workflow files. Can be one of: |
| permissions.members | no | The level of permission to grant the access token for organization teams and members. Can be one of: |
| permissions.organization_administration | no | The level of permission to grant the access token to manage access to an organization. Can be one of: |
| permissions.organization_hooks | no | The level of permission to grant the access token to manage the post-receive hooks for an organization. Can be one of: |
| permissions.organization_plan | no | The level of permission to grant the access token for viewing an organization's plan. Can be one of: |
| permissions.organization_projects | no | The level of permission to grant the access token to manage organization projects, columns, and cards. Can be one of: |
| permissions.organization_secrets | no | The level of permission to grant the access token to manage organization secrets. Can be one of: |
| permissions.organization_self_hosted_runners | no | The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. Can be one of: |
| permissions.organization_user_blocking | no | The level of permission to grant the access token to view and manage users blocked by the organization. Can be one of: |
| permissions.team_discussions | no | The level of permission to grant the access token to manage team discussions and related comments. Can be one of: |
See also: GitHub Developer Guide documentation.
Suspends a GitHub App on a user, organization, or business account, which blocks the app from accessing the account's resources. When a GitHub App is suspended, the app's access to the GitHub API or webhook events is blocked for that account.
You must use a JWT to access this endpoint.
octokit.apps.suspendInstallation({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
See also: GitHub Developer Guide documentation.
Removes a GitHub App installation suspension.
You must use a JWT to access this endpoint.
octokit.apps.unsuspendInstallation({installation_id,});
| name | required | description |
|---|---|---|
| installation_id | yes | installation_id parameter |
See also: GitHub Developer Guide documentation.
Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."
You must use a JWT to access this endpoint.
octokit.apps.updateWebhookConfigForApp();
| name | required | description |
|---|---|---|
| url | no | The URL to which the payloads will be delivered. |
| content_type | no | The media type used to serialize the payloads. Supported values include |
| secret | no | If provided, the |
| insecure_ssl | no | Determines whether the SSL certificate of the host for |
See also: GitHub Developer Guide documentation.