You can use this API to manage the access OAuth applications have to your account. You can only access this API via Basic Authentication using your username and password, not tokens.
If you or your users have two-factor authentication enabled, make sure you understand how to work with two-factor authentication.
List your grants
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
You can use this API to list the set of OAuth applications that have been granted access to your account. Unlike the list your authorizations API, this API does not manage individual tokens. This API will return one entry for each OAuth application that has been granted access to your account, regardless of the number of tokens an application has generated for your user. The list of OAuth applications returned matches what is shown on the application authorizations settings screen within GitHub. The scopes
returned are the union of scopes authorized for the application. For example, if an application has one token with repo
scope and another token with user
scope, the grant will return ["repo", "user"]
.
get /applications/grants
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
per_page |
integer | query |
Results per page (max 100) Default:30 |
page |
integer | query |
Page number of the results to fetch. Default:1 |
client_id |
string | query |
The client ID of your GitHub app. |
Code samples
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/applications/grants
JavaScript (@octokit/core.js)
await octokit.request('GET /applications/grants')
Response
Status: 200 OK
[
{
"id": 1,
"url": "https://api.github.com/applications/grants/1",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"created_at": "2011-09-06T17:26:27Z",
"updated_at": "2011-09-06T20:39:23Z",
"scopes": [
"public_repo"
]
}
]
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Resource not found
Status: 404 Not Found
Get a single grant
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
get /applications/grants/{grant_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
grant_id |
integer | path |
grant_id parameter |
Code samples
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/applications/grants/42
JavaScript (@octokit/core.js)
await octokit.request('GET /applications/grants/{grant_id}', {
grant_id: 42
})
Response
Status: 200 OK
{
"id": 1,
"url": "https://api.github.com/applications/grants/1",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"created_at": "2011-09-06T17:26:27Z",
"updated_at": "2011-09-06T20:39:23Z",
"scopes": [
"public_repo"
]
}
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Delete a grant
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for your user. Once deleted, the application has no access to your account and is no longer listed on the application authorizations settings screen within GitHub.
delete /applications/grants/{grant_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
grant_id |
integer | path |
grant_id parameter |
Code samples
Shell
curl \
-X DELETE \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/applications/grants/42
JavaScript (@octokit/core.js)
await octokit.request('DELETE /applications/grants/{grant_id}', {
grant_id: 42
})
Response
Status: 204 No Content
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
List your authorizations
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
get /authorizations
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
per_page |
integer | query |
Results per page (max 100) Default:30 |
page |
integer | query |
Page number of the results to fetch. Default:1 |
client_id |
string | query |
The client ID of your GitHub app. |
Code samples
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations
JavaScript (@octokit/core.js)
await octokit.request('GET /authorizations')
Response
Status: 200 OK
[
{
"id": 2,
"url": "https://enterprise.octocat.com/api/v3/authorizations/2",
"app": {
"name": "My personal access token",
"url": "https://docs.github.com/enterprise/rest/reference/enterprise-admin#list-personal-access-tokens",
"client_id": "00000000000000000000"
},
"token": "ghp_16C7e42F292c6912E7710c838347Ae178B4a",
"hashed_token": "23cffb2fab1b0a62747863eba88cb9327e561f2f7a0c8661c0d9b83146cb8d45",
"token_last_eight": "Ae178B4a",
"note": "My personal access token",
"note_url": null,
"created_at": "2019-04-24T21:49:02Z",
"updated_at": "2019-04-24T21:49:02Z",
"scopes": [
"admin:business",
"admin:gpg_key",
"admin:org",
"admin:org_hook",
"admin:pre_receive_hook",
"admin:public_key",
"admin:repo_hook",
"delete_repo",
"gist",
"notifications",
"repo",
"user",
"write:discussion"
],
"fingerprint": null
}
]
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Resource not found
Status: 404 Not Found
Create a new authorization
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.
Creates OAuth tokens using Basic Authentication. If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."
To create tokens for a particular OAuth application using this endpoint, you must authenticate as the user you want to create an authorization for and provide the app's client ID and secret, found on your OAuth application's settings page. If your OAuth application intends to create multiple tokens for one user, use fingerprint
to differentiate between them.
You can also create tokens on GitHub Enterprise Server from the personal access tokens settings page. Read more about these tokens in the GitHub Help documentation.
Organizations that enforce SAML SSO require personal access tokens to be allowed. Read more about allowing tokens in the GitHub Help documentation.
post /authorizations
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
scopes |
array of strings or nullable | body |
A list of scopes that this authorization is in. |
note |
string | body |
A note to remind you what the OAuth token is for. |
note_url |
string | body |
A URL to remind you what app the OAuth token is for. |
client_id |
string | body |
The OAuth app client key for which to create the token. |
client_secret |
string | body |
The OAuth app client secret for which to create the token. |
fingerprint |
string | body |
A unique string to distinguish an authorization from others created for the same client ID and user. |
Code samples
Shell
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations \
-d '{"scopes":["scopes"]}'
JavaScript (@octokit/core.js)
await octokit.request('POST /authorizations', {
scopes: [
'scopes'
]
})
Response
Status: 201 Created
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Gone
Status: 410 Gone
Validation failed
Status: 422 Unprocessable Entity
Get-or-create an authorization for a specific app
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.
Creates a new authorization for the specified OAuth application, only if an authorization for that application doesn't already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.
If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
put /authorizations/clients/{client_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
client_id |
string | path |
The client ID of your GitHub app. |
client_secret |
string | body |
Required. The OAuth app client secret for which to create the token. |
scopes |
array of strings or nullable | body |
A list of scopes that this authorization is in. |
note |
string | body |
A note to remind you what the OAuth token is for. |
note_url |
string | body |
A URL to remind you what app the OAuth token is for. |
fingerprint |
string | body |
A unique string to distinguish an authorization from others created for the same client ID and user. |
Code samples
Shell
curl \
-X PUT \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations/clients/CLIENT_ID \
-d '{"client_secret":"client_secret"}'
JavaScript (@octokit/core.js)
await octokit.request('PUT /authorizations/clients/{client_id}', {
client_id: 'client_id',
client_secret: 'client_secret'
})
if returning an existing token
Status: 200 OK
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": ""
}
Deprecation Notice: GitHub will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
Status: 201 Created
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Validation failed
Status: 422 Unprocessable Entity
Get-or-create an authorization for a specific app and fingerprint
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.
This method will create a new authorization for the specified OAuth application, only if an authorization for that application and fingerprint do not already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. fingerprint
is a unique string to distinguish an authorization from others created for the same client ID and user. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.
If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."
put /authorizations/clients/{client_id}/{fingerprint}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
client_id |
string | path |
The client ID of your GitHub app. |
fingerprint |
string | path | |
client_secret |
string | body |
Required. The OAuth app client secret for which to create the token. |
scopes |
array of strings or nullable | body |
A list of scopes that this authorization is in. |
note |
string | body |
A note to remind you what the OAuth token is for. |
note_url |
string | body |
A URL to remind you what app the OAuth token is for. |
Code samples
Shell
curl \
-X PUT \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations/clients/CLIENT_ID/FINGERPRINT \
-d '{"client_secret":"client_secret"}'
JavaScript (@octokit/core.js)
await octokit.request('PUT /authorizations/clients/{client_id}/{fingerprint}', {
client_id: 'client_id',
fingerprint: 'fingerprint',
client_secret: 'client_secret'
})
if returning an existing token
Status: 200 OK
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Response if returning a new token
Status: 201 Created
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Validation failed
Status: 422 Unprocessable Entity
Get a single authorization
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
get /authorizations/{authorization_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
authorization_id |
integer | path |
authorization_id parameter |
Code samples
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations/42
JavaScript (@octokit/core.js)
await octokit.request('GET /authorizations/{authorization_id}', {
authorization_id: 42
})
Response
Status: 200 OK
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden
Update an existing authorization
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."
You can only send one of these scope keys at a time.
patch /authorizations/{authorization_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
authorization_id |
integer | path |
authorization_id parameter |
scopes |
array of strings or nullable | body |
A list of scopes that this authorization is in. |
add_scopes |
array of strings | body |
A list of scopes to add to this authorization. |
remove_scopes |
array of strings | body |
A list of scopes to remove from this authorization. |
note |
string | body |
A note to remind you what the OAuth token is for. |
note_url |
string | body |
A URL to remind you what app the OAuth token is for. |
fingerprint |
string | body |
A unique string to distinguish an authorization from others created for the same client ID and user. |
Code samples
Shell
curl \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations/42 \
-d '{"scopes":["scopes"]}'
JavaScript (@octokit/core.js)
await octokit.request('PATCH /authorizations/{authorization_id}', {
authorization_id: 42,
scopes: [
'scopes'
]
})
Response
Status: 200 OK
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Validation failed
Status: 422 Unprocessable Entity
Delete an authorization
Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.
delete /authorizations/{authorization_id}
Parameters
Name | Type | In | Description |
---|---|---|---|
accept |
string | header |
Setting to
|
authorization_id |
integer | path |
authorization_id parameter |
Code samples
Shell
curl \
-X DELETE \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/authorizations/42
JavaScript (@octokit/core.js)
await octokit.request('DELETE /authorizations/{authorization_id}', {
authorization_id: 42
})
Response
Status: 204 No Content
Not modified
Status: 304 Not Modified
Requires authentication
Status: 401 Unauthorized
Forbidden
Status: 403 Forbidden