The Codes of Conduct API preview, which was accessible with the scarlet-witch-preview header, is being deprecated.
On December 6th, 2021, the fields behind this API preview will no longer be accessible. We recommend using the Get community profile metrics endpoint to retrieve information about a repository's code of conduct.
Email notifications will be sent to active users of the API preview throughout the deprecation period.
If you have any questions, please contact GitHub Support.
GitHub will stop supporting API Authentication via Query Parameters with Actions on October 6th 2021 at 14:00 UTC. If you are passing credentials via query or path parameters, GitHub will respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Enterprise owners in GitHub Enterprise Cloud can now toggle Git LFS for a repository via API. Learn more about the API reference in our documentation.
The new GraphQL mutation createCommitOnBranch makes it easier to add, update, and delete files in a branch of a repository.
This new API offers a simpler way to commit changes compared to the existing Git database REST APIs. With the new createCommitOnBranch mutation, you do not need to manually create blobs and trees before creating the commit. This allows you to add, update, or delete multiple files in a single API call.
Commits authored using the new API are automatically GPG signed and are marked as verified in the GitHub UI. GitHub Apps can use the mutation to author commits directly or on behalf of users.
See the GraphQL API reference for more information on using createCommitOnBranch. You can also try it in the GraphQL API Explorer! If you need a refresher on how to use the GraphQL API, see our guide.
As previously announced, on September 8th 2021 at 14:00 UTC, GitHub will stop supporting API Authentication via Query Parameters.
If you are passing credentials via query or path parameters, GitHub will respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Please check the latest Enterprise release notes to learn in which version API Authentication via Query Parameters will be removed.
As previously announced, on August 11 2021 at 14:00 UTC, GitHub will be removing the OAuth Application API to avoid unintentional logging of in-transit access tokens.
Please refer to this blog post on migrating to the replacement endpoints.
Please check the latest Enterprise release notes to learn in which version the OAuth Application API will be removed.
As previously communicated, on August 11, 2021 at 14:00 UTC for 48 hours, GitHub will be conducting the third and final scheduled brownout for API Authentication via Query Parameters.
If you are passing credentials via query or path parameters, GitHub will intermittently respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Please check the latest Enterprise release notes to learn in which version API Authentication via Query Parameters will be removed.
API requests made by a GitHub App on behalf of a user that has authorized the app are known as user-to-server requests.
The resources that can be accessed by these requests are constrained to the set of private resources that both the App and the authorizing user can access.
GitHub is now extending this access model, allowing user-to-server requests to also read public resources over the REST API. This includes, for example, the ability to list a public repository's issues and pull requests, and to access a public repository's comments and content.
Read more about authorizing GitHub Apps.
You can now use the API (beta) to configure custom autolinks to external resources. The REST API now provides GET/POST/DELETE endpoints from which you can view, add or delete custom autolinks associated with a repository.
Learn more about custom autolinks or view the full API schema.
You can now set an expiration date on your new and existing personal access tokens.
Setting an expiration date on personal access tokens is highly recommended as this helps keep your information secure. GitHub will send you an email when it's time to renew a token that's about to expire. Tokens that have expired can be regenerated, giving you a duplicate token with the same properties as the original.
When using a personal access token with the GitHub API, you'll see a new response header, GitHub-Authentication-Token-Expiration, indicating the token's expiration date. You can use this in scripts, for example to log a warning message as the expiration date approaches.
Learn more about personal access tokens and how to use them.
You can now programmatically check the status and resend repository, organization, and Apps webhooks through the REST API, to complement functionality currently provided in the Settings user interface.
Using these new API endpoints, you can now list webhook delivery attempts from the last 30 days, read the status and payload of specific deliveries, and trigger a redelivery if needed.
To get started, see the documentation.
As previously communicated, on June 9th, 2021 at 14:00 UTC we will be conducting the second scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.
Please refer to this blog post on migrating to the replacement endpoints.
Please refer to this blog post for authentication via headers.
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
If your organization uses IP allow lists to restrict access, any API requests made with an installation access token for a GitHub App installed on your organization already respects those settings.
GitHub is extending this so that the API request to create the installation access token will also respect your organization's allowed IP addresses.
You can now react with emoji to all releases on GitHub!
For more information, see the GitHub Releases documentation.
