As part of our ongoing commitment to protect our users and ensure responsible use of our platform, the Notifications team will soon introduce access restrictions to several public API endpoints and related UI views.

What’s changing

Access to the following public API endpoints will be limited to admins and collaborators:

We will deprecate the endpoint and remove access to the underlying information:

During the deprecation period, the endpoint will remain accessible but will return empty responses. Full removal will occur in a subsequent phase.

The following UI views will also be affected:

  • Repository stargazers view: /stargazers
  • Repository “You Know” stargazers view: /stargazers/you_know
  • Repository watchers view: /watchers

Some users may begin receiving empty responses or a 403 Forbidden status when accessing the endpoints or views listed above.

Why we are making this change

These endpoints and views currently expose public lists of stargazers and watchers, and this information has increasingly been misused to collect user data for spam activities which negatively impacts user experience and platform trust.

By restricting access, we aim to reduce misuse of public data, prevent user data from being leveraged for spam, and strengthen overall platform security.

We will continue monitoring usage patterns and evaluating additional safeguards to ensure a safe and reliable environment for all users.