AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
API v3 has been in place for nearly a year. We’ve seen a large increase in
the amount of API consumers and have ambitious future plans for it. However,
at some point we have to let the old code go. A single codebase will allow
us to provide a more reliable and secure API.
We will terminate API v1 and API v2 in 1 month on June 1st, 2012. (Note: The date was pushed back a month from the original date).
For those that depend on the API, we’re setting up a @githubapi Twitter account
for announcements. You can also follow changes to the API documentation
on its Git repository.
The motto for API v3 has been: “it’s not shipped if it’s not documented”.
- Versioning is done through a custom GitHub mime type.
We’re currently planning for the first API v3 mime type version change due to
some incompatible tweaks to the output JSON.
- Basic auth with tokens is not supported. You can create OAuth tokens for
internal scripts through the Authorizations API.
The benefit here is you can set OAuth scopes per token, and even attach notes
to tell you what function they’re serving.
Let us know through firstname.lastname@example.org or our
Contact form if API v3 is missing features that
you depend on for API v2. If you have a friend or Nagios alert that’s using API
v2, be sure to let them know too.