Skip to content

Brownout Notice: API Authentication via Query Parameters, and the OAuth Applications API for 24 hours

As previously communicated, on June 9th, 2021 at 14:00 UTC we will be conducting the second scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.

OAuth Application API

Please refer to this blog post on migrating to the replacement endpoints.


  • June 9, 2021: For 24 hours starting at 14:00 UTC


  • August 11 2021 at 14:00 UTC

Authentication via Query Parameters

Please refer to this blog post for authentication via headers.


  • June 9, 2021: For 24 hours starting at 14:00 UTC
  • August 11, 2021: For 48 hours starting at 14:00 UTC


  • September 8 2021 at 14:00 UTC

Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked API tokens and, via our partners, automatically notifying you and/or revoking them.

From today, GitHub will scan every commit to a public repository for exposed RubyGems, Adobe and OpenAI API keys. We will forward any keys we find to the relevant service, who will automatically disable them and notify their owners. The end-to-end process takes just a few seconds.

RubyGems, Adobe and OpenAI are just the latest GitHub secret scanning integrators – since 2018 GitHub has collaborated with 36 token issuers to help keep their customers secure. We continue to welcome new partners for public repo secret scanning. In addition, GitHub Advanced Security customers can also scan their private repositories for leaked secrets.

See more