client_idstringrequired
The client ID of your GitHub app.
Check a token
OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.
post
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
Body
application/json
Body
application/json
access_tokenstringrequired
The access_token of the OAuth application.
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
post/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "access_token"
}
application/json
Reset a token
OAuth applications can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the “token” property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
patch
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The access_token of the OAuth application.
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
patch/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "access_token"
}
application/json
Delete an app token
OAuth application owners can revoke a single token for an OAuth application. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password.
delete
{protocol}://{hostname}/api/v3/applications/{client_id}/token
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The OAuth access token used to authenticate to the GitHub API.
Response
Response
Response
delete/applications/{client_id}/token
Path Parameters
Body
{
"access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a"
}
Create a scoped access token
Use a non-scoped user-to-server OAuth access token to create a repository scoped and/or permission scoped user-to-server OAuth access token. You can specify which repositories the token can access and which permissions are granted to the token. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
post
{protocol}://{hostname}/api/v3/applications/{client_id}/token/scoped
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
Body
application/json
Body
application/json
access_tokenstringrequired
The OAuth access token used to authenticate to the GitHub API.
Example:e72e16c7e42f292c6912e7710c838347ae178b4a
targetstring
The name of the user or organization to scope the user-to-server access token to. Required unless target_id is specified.
Example:octocat
target_idinteger
The ID of the user or organization to scope the user-to-server access token to. Required unless target is specified.
Example:1
repositoriesarray[string]
The list of repository names to scope the user-to-server access token to. repositories may not be specified if repository_ids is specified.
Example:rails
repository_idsarray[integer]
The list of repository IDs to scope the user-to-server access token to. repository_ids may not be specified if repositories is specified.
Example:[1]
permissionsobject
The permissions granted to the user-to-server access token.
Example:{"contents":"read","issues":"read","deployments":"write","single_file":"read"}
Show Child Parameters
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
post/applications/{client_id}/token/scoped
Path Parameters
Body
{
"access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a"
}
application/json
Check an authorization
DEPRECATEDDeprecation Notice: GitHub Enterprise Server will discontinue OAuth endpoints that contain access_token in the path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving access_token to the request body. For more information, see the blog post.
OAuth applications can use a special API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
get
{protocol}://{hostname}/api/v3/applications/{client_id}/tokens/{access_token}
Path Parameters
client_idstringrequired
The client ID of your GitHub app.
access_tokenstringrequired
Response
application/json
Response
application/json
Response
Authorization
The authorization for an OAuth app, GitHub App, or a Personal Access Token.
idintegerrequired
urlstring(uri)required
scopesarray | null[string]required
A list of scopes that this authorization is in.
tokenstringrequired
token_last_eightstring | nullrequired
hashed_tokenstring | nullrequired
appobjectrequired
Show Child Parameters
notestring | nullrequired
note_urlstring | null(uri)required
updated_atstring(date-time)required
created_atstring(date-time)required
fingerprintstring | nullrequired
userobject | null
Simple User
Show Child Parameters
installationobject | null
Show Child Parameters
get/applications/{client_id}/tokens/{access_token}
Path Parameters
application/json