Get-or-create an authorization for a specific app and fingerprint

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.

Creates OAuth tokens using Basic Authentication. If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see “Working with two-factor authentication.”

To create tokens for a particular OAuth application using this endpoint, you must authenticate as the user you want to create an authorization for and provide the app’s client ID and secret, found on your OAuth application’s settings page. If your OAuth application intends to create multiple tokens for one user, use fingerprint to differentiate between them.

You can also create tokens on GitHub Enterprise Server from the personal access tokens settings page. Read more about these tokens in the GitHub Help documentation.

Organizations that enforce SAML SSO require personal access tokens to be allowed. Read more about allowing tokens in the GitHub Help documentation.

post

{protocol}://{hostname}/api/v3/authorizations

Body

application/json

scopesarray | null[string]

A list of scopes that this authorization is in.

Example:["public_repo","user"]

notestring

A note to remind you what the OAuth token is for.

Example:Update all gems

note_urlstring

A URL to remind you what app the OAuth token is for.

client_idstring

The OAuth app client key for which to create the token.

<= 20 characters

client_secretstring

The OAuth app client secret for which to create the token.

<= 40 characters

fingerprintstring

A unique string to distinguish an authorization from others created for the same client ID and user.

Response

application/json

Response

Authorization

The authorization for an OAuth app, GitHub App, or a Personal Access Token.

idintegerrequired

urlstring(uri)required

scopesarray | null[string]required

A list of scopes that this authorization is in.

tokenstringrequired

token_last_eightstring | nullrequired

hashed_tokenstring | nullrequired

appobjectrequired

Show Child Parameters

notestring | nullrequired

note_urlstring | null(uri)required

updated_atstring(date-time)required

created_atstring(date-time)required

fingerprintstring | nullrequired

userobject | null

Simple User

Show Child Parameters

installationobject | null

Show Child Parameters

post/authorizations

Path Parameters

Query Parameters

Headers

Body

{}

application/json

Creates a new authorization for the specified OAuth application, only if an authorization for that application doesn’t already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. It returns the user’s existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see “Working with two-factor authentication.”

put

{protocol}://{hostname}/api/v3/authorizations/clients/{client_id}

Path Parameters

client_idstringrequired

The client ID of your GitHub app.

Body

application/json

client_secretstringrequired

The OAuth app client secret for which to create the token.

<= 40 characters

scopesarray | null[string]

A list of scopes that this authorization is in.

Example:["public_repo","user"]

notestring

A note to remind you what the OAuth token is for.

Example:Update all gems

note_urlstring

A URL to remind you what app the OAuth token is for.

fingerprintstring

A unique string to distinguish an authorization from others created for the same client ID and user.

Response

application/json

if returning an existing token

Authorization

The authorization for an OAuth app, GitHub App, or a Personal Access Token.

idintegerrequired

urlstring(uri)required

scopesarray | null[string]required

A list of scopes that this authorization is in.

tokenstringrequired

token_last_eightstring | nullrequired

hashed_tokenstring | nullrequired

appobjectrequired

Show Child Parameters

notestring | nullrequired

note_urlstring | null(uri)required

updated_atstring(date-time)required

created_atstring(date-time)required

fingerprintstring | nullrequired

userobject | null

Simple User

Show Child Parameters

installationobject | null

Show Child Parameters

put/authorizations/clients/{client_id}

Path Parameters

Query Parameters

Headers

Body

Show only required parameters

{ "client_secret": "client_secret" }

application/json

This method will create a new authorization for the specified OAuth application, only if an authorization for that application and fingerprint do not already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. fingerprint is a unique string to distinguish an authorization from others created for the same client ID and user. It returns the user’s existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

put

{protocol}://{hostname}/api/v3/authorizations/clients/{client_id}/{fingerprint}

Path Parameters

client_idstringrequired

The client ID of your GitHub app.

fingerprintstringrequired

Body

application/json

client_secretstringrequired

The OAuth app client secret for which to create the token.

<= 40 characters

scopesarray | null[string]

A list of scopes that this authorization is in.

Example:["public_repo","user"]

notestring

A note to remind you what the OAuth token is for.

Example:Update all gems

note_urlstring

A URL to remind you what app the OAuth token is for.

Response

application/json

if returning an existing token

Authorization

The authorization for an OAuth app, GitHub App, or a Personal Access Token.

idintegerrequired

urlstring(uri)required

scopesarray | null[string]required

A list of scopes that this authorization is in.

tokenstringrequired

token_last_eightstring | nullrequired

hashed_tokenstring | nullrequired

appobjectrequired

Show Child Parameters

notestring | nullrequired

note_urlstring | null(uri)required

updated_atstring(date-time)required

created_atstring(date-time)required

fingerprintstring | nullrequired

userobject | null

Simple User

Show Child Parameters

installationobject | null

Show Child Parameters

put/authorizations/clients/{client_id}/{fingerprint}

Path Parameters

Query Parameters

Headers

Body

Show only required parameters

{ "client_secret": "client_secret" }

application/json

Path Parameters

authorization_idintegerrequired

authorization_id parameter

Response

application/json

Response

Authorization

The authorization for an OAuth app, GitHub App, or a Personal Access Token.

idintegerrequired

urlstring(uri)required

scopesarray | null[string]required

A list of scopes that this authorization is in.

tokenstringrequired

token_last_eightstring | nullrequired

hashed_tokenstring | nullrequired

appobjectrequired

Show Child Parameters

notestring | nullrequired

note_urlstring | null(uri)required

updated_atstring(date-time)required

created_atstring(date-time)required

fingerprintstring | nullrequired

userobject | null

Simple User

Show Child Parameters

installationobject | null

Show Child Parameters

get/authorizations/{authorization_id}

Path Parameters

Query Parameters

Headers

Body

application/json

You can only send one of these scope keys at a time.

patch

{protocol}://{hostname}/api/v3/authorizations/{authorization_id}

Path Parameters

authorization_idintegerrequired

authorization_id parameter

Body

application/json

scopesarray | null[string]

A list of scopes that this authorization is in.

Example:["public_repo","user"]

add_scopesarray[string]

A list of scopes to add to this authorization.

remove_scopesarray[string]

A list of scopes to remove from this authorization.

notestring

A note to remind you what the OAuth token is for.

Example:Update all gems

note_urlstring

A URL to remind you what app the OAuth token is for.

fingerprintstring

A unique string to distinguish an authorization from others created for the same client ID and user.

Response

application/json

Response

Authorization

The authorization for an OAuth app, GitHub App, or a Personal Access Token.

idintegerrequired

urlstring(uri)required

scopesarray | null[string]required

A list of scopes that this authorization is in.

tokenstringrequired

token_last_eightstring | nullrequired

hashed_tokenstring | nullrequired

appobjectrequired

Show Child Parameters

notestring | nullrequired

note_urlstring | null(uri)required

updated_atstring(date-time)required

created_atstring(date-time)required

fingerprintstring | nullrequired

userobject | null

Simple User

Show Child Parameters

installationobject | null

Show Child Parameters

patch/authorizations/{authorization_id}

Path Parameters

Query Parameters

Headers

Body

{}

application/json

Create a new authorization

Body

Response

Authorization

Path Parameters

Query Parameters

Headers

Body