Now that we've got the hang of making authenticated calls, let's move along toĪlmost any meaningful use of the GitHub API will involve some level of Repository The tokens in these examples are fake and the names have Treat OAuth tokens like passwords! Don't share them with other users or store Redirects the user back to the application: Indicating the name of the app, as well as the level of access the app Will provide before authorizing a third party app Limited access: users can review the specific access that a token.Revokable access: users can revoke authorization to third party apps at any time.Using OAuth tokens for appsĪpps that need to read or write private information using the API on behalf of another user should use OAuth. For example, you'll see a plan object in the response which gives details about the GitHub plan for the account. Retrieved for earlier, you should also see the non-public information for your user profile. This time, in addition to the same set of public information we Your own user profile: $ curl -i -u your_username: your_token When properly authenticated, you can take advantage of the permissionsĪssociated with your account on. You can use the header in your scripts to provide a warning message when the token is close to its expiration date. To help keep your information secure, we highly recommend setting an expiration for your personal access tokens.ĪPI requests using an expiring personal access token will return that token's expiration date via the GitHub-Authentication-Token-Expiration header. You can easily create a personal access token using your Personal access tokens settings page: In addition to providing more calls per hour, authentication enables you to read and write private information using the API. When authenticating, you should see your rate limit bumped to 5,000 requests an hour, as indicated in the X-RateLimit-Limit header. You can use -u "your_username:$token" and set up a variable for token to avoid leaving your token in shell history, which should be avoided. When prompted, you can enter your OAuth token, but we recommend you set up a variable for it: Use a -u flag to set your username: $ curl -i -u your_username OAuth tokens include personal access tokens. The easiest and best way to authenticate with the GitHub API is by using Basic Authentication via OAuth tokens. In fact, doing anything interesting with the GitHub API requiresĪuthentication. To get more requests per hour, we'll need toĪuthenticate. Unauthenticated clients can make 60 requests per hour. Pair of headers indicate how many requests a client can make inĪ rolling time period (typically an hour) and how many of those requests the Take note of the X-RateLimit-Limit and X-RateLimit-Remaining headers.Media types have helped us version our output in API v3. This lets us know the media typeįor the response. X-GitHub-Media-Type has a value of github.v3.As expected, theĪny headers beginning with X- are custom headers, and are not included in the There are a few interesting bits in the response headers. > content-security-policy: default-src 'none' > referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin > strict-transport-security: max-age=31536000 includeSubdomains preload > access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset > x-github-media-type: github.v3 format=json > vary: Accept, Accept-Encoding, Accept, X-Requested-With > cache-control: public, max-age=60, s-maxage=60 > content-type: application/json charset=utf-8 Let's add the -i flag to include headers: $ curl -i Next, let's GET Chris Wanstrath's GitHub profile: # GET /users/defunkt The response will be a random selection from our design philosophies. If you are usingĪn alternative client, note that you are required to send a valid There's no easier way to kick the tires than through cURL. Of your choice, but it's important to familiarize yourself with the underlying API Most applications will use an existing wrapper library in the language Let's walk through core API concepts as we tackle some everyday use cases.