client_idstringrequired
The client ID of your GitHub app.
Delete an app authorization
OAuth application owners can revoke a grant for their OAuth application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token’s owner will be deleted.
Deleting an OAuth application’s grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user’s account and will no longer be listed on the application authorizations settings screen within GitHub.
delete
{protocol}://{hostname}/api/v3/applications/{client_id}/grant
Path Parameters
Body
application/json
Body
application/json
access_tokenstringrequired
The OAuth access token used to authenticate to the GitHub API.
Response
Response
Response
delete/applications/{client_id}/grant
Path Parameters
Body
{
"access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a"
}
Revoke a grant for an application
DEPRECATEDDeprecation Notice: GitHub Enterprise Server will discontinue OAuth endpoints that contain access_token in the path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving access_token to the request body. For more information, see the blog post.
OAuth application owners can revoke a grant for their OAuth application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. You must also provide a valid token as :access_token and the grant for the token’s owner will be deleted.
Deleting an OAuth application’s grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user’s account and will no longer be listed on the Applications settings page under “Authorized OAuth Apps” on GitHub Enterprise Server.
delete
{protocol}://{hostname}/api/v3/applications/{client_id}/grants/{access_token}
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
access_tokenstringrequired
Response
204
Response
204
Response
delete/applications/{client_id}/grants/{access_token}
Path Parameters
204
Check a token
OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.
post
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The access_token of the OAuth application.
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
post/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "access_token"
}
application/json
Reset a token
OAuth applications can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the “token” property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
patch
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The access_token of the OAuth application.
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
patch/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "access_token"
}
application/json
Delete an app token
OAuth application owners can revoke a single token for an OAuth application. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password.
delete
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The OAuth access token used to authenticate to the GitHub API.
Response
Response
Response
delete/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a"
}