Lists the merged pull request that introduced the commit to the repository. If the commit is not present in the default branch, additionally returns open pull requests associated with the commit. The results may include open and closed pull requests. Additional preview headers may be required to see certain details for associated pull requests, such as whether a pull request is in a draft state. For more information about previews that might affect this endpoint, see the List pull requests endpoint.

Returns the contents of a single commit reference. You must have read access for the repository to use this endpoint.

Note: If there are more than 300 files in the commit diff, the response will include pagination link headers for the remaining files, up to a limit of 3000 files. Each page contains the static commit information, and the only changes are to the file listing.

You can pass the appropriate media type to fetch diff and patch formats. Diffs with binary data will have no patch property.

To return only the SHA-1 hash of the commit reference, you can provide the sha custom media type in the Accept header. You can use this endpoint to check if a remote reference’s SHA-1 hash is the same as your local reference’s SHA-1 hash by providing the local SHA-1 reference as the ETag.

Signature verification object

The response will include a verification object that describes the result of verifying the commit’s signature. The following fields are included in the verification object:

Name	Type	Description
verified	boolean	Indicates whether GitHub considers the signature in this commit to be verified.
reason	string	The reason for verified value. Possible values and their meanings are enumerated in table below.
signature	string	The signature that was extracted from the commit.
payload	string	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
expired_key	The key that made the signature is expired.
not_signing_key	The “signing” flag is not among the usage flags in the GPG key that made the signature.
gpgverify_error	There was an error communicating with the signature verification service.
gpgverify_unavailable	The signature verification service is currently unavailable.
unsigned	The object does not include a signature.
unknown_signature_type	A non-PGP signature was found in the commit.
no_user	No user was associated with the committer email address in the commit.
unverified_email	The committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
bad_email	The committer email address in the commit is not included in the identities of the PGP key that made the signature.
unknown_key	The key that made the signature has not been registered with any user’s account.
malformed_signature	There was an error parsing the signature.
invalid	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
valid	None of the above errors applied, so the signature is considered to be verified.

Users with pull access in a repository can access a combined view of commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name.

Additionally, a combined state is returned. The state is one of:

• failure if any of the contexts report as error or failure
• pending if there are no statuses or a context is pending
• success if the latest status for all contexts is success

Users with pull access in a repository can view commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name. Statuses are returned in reverse chronological order. The first status in the list will be the latest one.

This resource is also available via a legacy route: GET /repos/:owner/:repo/statuses/:ref.

The basehead param is comprised of two parts: base and head. Both must be branch names in repo. To compare branches across other repositories in the same network as repo, use the format <USERNAME>:branch.

The response from the API is equivalent to running the git log base..head command; however, commits are returned in chronological order. Pass the appropriate media type to fetch diff and patch formats.

The response also includes details on the files that were changed between the two commits. This includes the status of the change (for example, if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a renamed status have a previous_filename field showing the previous filename of the file, and files with a modified status have a patch field showing the changes made to the file.

Working with large comparisons

The response will include a comparison of up to 250 commits. If you are working with a larger commit range, you can use the List commits to enumerate all commits in the range.

For comparisons with extremely large diffs, you may receive an error response indicating that the diff took too long
to generate. You can typically resolve this error by using a smaller commit range.

Signature verification object

The response will include a verification object that describes the result of verifying the commit’s signature. The following fields are included in the verification object:

Name	Type	Description
verified	boolean	Indicates whether GitHub considers the signature in this commit to be verified.
reason	string	The reason for verified value. Possible values and their meanings are enumerated in table below.
signature	string	The signature that was extracted from the commit.
payload	string	The value that was signed.

These are the possible values for reason in the verification object:

Value	Description
expired_key	The key that made the signature is expired.
not_signing_key	The “signing” flag is not among the usage flags in the GPG key that made the signature.
gpgverify_error	There was an error communicating with the signature verification service.
gpgverify_unavailable	The signature verification service is currently unavailable.
unsigned	The object does not include a signature.
unknown_signature_type	A non-PGP signature was found in the commit.
no_user	No user was associated with the committer email address in the commit.
unverified_email	The committer email address in the commit was associated with a user, but the email address is not verified on her/his account.
bad_email	The committer email address in the commit is not included in the identities of the PGP key that made the signature.
unknown_key	The key that made the signature has not been registered with any user’s account.
malformed_signature	There was an error parsing the signature.
invalid	The signature could not be cryptographically verified using the key whose key-id was found in the signature.
valid	None of the above errors applied, so the signature is considered to be verified.