Skip to main content
REST API 现已经过版本控制。 有关详细信息,请参阅“关于 API 版本控制”。

用于 OAuth 应用授权的 REST API 终结点

使用 REST API 管理 OAuth apps 对你的帐户的访问权限。

关于 OAuth 授权

可以使用 REST API 管理 OAuth apps 对你的帐户的访问权限。 只能使用用户名和密码(而非令牌)通过基本身份验证访问这些终结点。

List your grants

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

You can use this API to list the set of OAuth applications that have been granted access to your account. Unlike the list your authorizations API, this API does not manage individual tokens. This API will return one entry for each OAuth application that has been granted access to your account, regardless of the number of tokens an application has generated for your user. The list of OAuth applications returned matches what is shown on the application authorizations settings screen within GitHub. The scopes returned are the union of scopes authorized for the application. For example, if an application has one token with repo scope and another token with user scope, the grant will return ["repo", "user"].

“List your grants”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“List your grants”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

查询参数
名称, 类型, 说明
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

默认: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

默认: 1

client_id string

The client ID of your GitHub app.

“List your grants”的 HTTP 响应状态代码

状态代码说明
200

OK

304

Not modified

401

Requires authentication

403

Forbidden

404

Resource not found

“List your grants”的示例代码

请求示例

get/applications/grants
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/applications/grants

Response

Status: 200
[ { "id": 1, "url": "https://HOSTNAME/applications/grants/1", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "created_at": "2011-09-06T17:26:27Z", "updated_at": "2011-09-06T20:39:23Z", "scopes": [ "public_repo" ] } ]

Get a single grant

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

“Get a single grant”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Get a single grant”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
grant_id integer 必须

The unique identifier of the grant.

“Get a single grant”的 HTTP 响应状态代码

状态代码说明
200

OK

304

Not modified

401

Requires authentication

403

Forbidden

“Get a single grant”的示例代码

请求示例

get/applications/grants/{grant_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/applications/grants/GRANT_ID

Response

Status: 200
{ "id": 1, "url": "https://HOSTNAME/applications/grants/1", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "created_at": "2011-09-06T17:26:27Z", "updated_at": "2011-09-06T20:39:23Z", "scopes": [ "public_repo" ] }

Delete a grant

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

Deleting an OAuth application's grant will also delete all OAuth tokens associated with the application for your user. Once deleted, the application has no access to your account and is no longer listed on the application authorizations settings screen within GitHub.

“Delete a grant”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Delete a grant”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
grant_id integer 必须

The unique identifier of the grant.

“Delete a grant”的 HTTP 响应状态代码

状态代码说明
204

No Content

304

Not modified

401

Requires authentication

403

Forbidden

“Delete a grant”的示例代码

请求示例

delete/applications/grants/{grant_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/applications/grants/GRANT_ID

Response

Status: 204

List your authorizations

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

“List your authorizations”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“List your authorizations”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

查询参数
名称, 类型, 说明
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

默认: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

默认: 1

client_id string

The client ID of your GitHub app.

“List your authorizations”的 HTTP 响应状态代码

状态代码说明
200

OK

304

Not modified

401

Requires authentication

403

Forbidden

404

Resource not found

“List your authorizations”的示例代码

请求示例

get/authorizations
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations

Response

Status: 200
[ { "id": 2, "url": "https://enterprise.octocat.com/api/v3/authorizations/2", "app": { "name": "My personal access token", "url": "https://docs.github.com/enterprise/rest/enterprise-admin/users#list-personal-access-tokens", "client_id": "00000000000000000000" }, "token": "ghp_16C7e42F292c6912E7710c838347Ae178B4a", "hashed_token": "23cffb2fab1b0a62747863eba88cb9327e561f2f7a0c8661c0d9b83146cb8d45", "token_last_eight": "Ae178B4a", "note": "My personal access token", "note_url": null, "created_at": "2019-04-24T21:49:02Z", "updated_at": "2019-04-24T21:49:02Z", "scopes": [ "admin:business", "admin:gpg_key", "admin:org", "admin:org_hook", "admin:pre_receive_hook", "admin:public_key", "admin:repo_hook", "delete_repo", "gist", "notifications", "repo", "user", "write:discussion" ], "fingerprint": null } ]

Create a new authorization

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.

Creates OAuth tokens using Basic Authentication. If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."

To create tokens for a particular OAuth application using this endpoint, you must authenticate as the user you want to create an authorization for and provide the app's client ID and secret, found on your OAuth application's settings page. If your OAuth application intends to create multiple tokens for one user, use fingerprint to differentiate between them.

You can also create tokens on GitHub Enterprise Server from the personal access tokens settings page. Read more about these tokens in the GitHub Help documentation.

Organizations that enforce SAML SSO require personal access tokens to be allowed. For more information, see "About identity and access management with SAML single sign-on" in the GitHub Enterprise Cloud documentation.

“Create a new authorization”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Create a new authorization”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

正文参数
名称, 类型, 说明
scopes array of strings or null

A list of scopes that this authorization is in.

note string

A note to remind you what the OAuth token is for.

note_url string

A URL to remind you what app the OAuth token is for.

client_id string

The OAuth app client key for which to create the token.

client_secret string

The OAuth app client secret for which to create the token.

fingerprint string

A unique string to distinguish an authorization from others created for the same client ID and user.

“Create a new authorization”的 HTTP 响应状态代码

状态代码说明
201

Created

304

Not modified

401

Requires authentication

403

Forbidden

410

Gone

422

Validation failed, or the endpoint has been spammed.

“Create a new authorization”的示例代码

请求示例

post/authorizations
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations \ -d '{"scopes":["public_repo"],"note":"optional note","note_url":"http://optional/note/url","client_id":"abcde12345fghij67890","client_secret":"3ef4ad510c59ad37bac6bb4f80047fb3aee3cc7f"}'

Response

Status: 201
{ "id": 1, "url": "https://HOSTNAME/authorizations/1", "scopes": [ "public_repo" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "expires_at": "2011-10-06T17:26:27Z", "fingerprint": "jklmnop12345678" }

Get-or-create an authorization for a specific app

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.

Creates a new authorization for the specified OAuth application, only if an authorization for that application doesn't already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

“Get-or-create an authorization for a specific app”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Get-or-create an authorization for a specific app”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the OAuth app.

正文参数
名称, 类型, 说明
client_secret string 必须

The OAuth app client secret for which to create the token.

scopes array of strings or null

A list of scopes that this authorization is in.

note string

A note to remind you what the OAuth token is for.

note_url string

A URL to remind you what app the OAuth token is for.

fingerprint string

A unique string to distinguish an authorization from others created for the same client ID and user.

“Get-or-create an authorization for a specific app”的 HTTP 响应状态代码

状态代码说明
200

if returning an existing token

201

Deprecation Notice: GitHub will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

304

Not modified

401

Requires authentication

403

Forbidden

422

Validation failed, or the endpoint has been spammed.

“Get-or-create an authorization for a specific app”的示例代码

请求示例

put/authorizations/clients/{client_id}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations/clients/abcde12345fghij67890 \ -d '{"client_secret":"3ef4ad510c59ad37bac6bb4f80047fb3aee3cc7f","scopes":["public_repo"],"note":"optional note","note_url":"http://optional/note/url"}'

if returning an existing token

Status: 200
{ "id": 1, "url": "https://HOSTNAME/authorizations/1", "scopes": [ "public_repo" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "expires_at": "2011-10-06T17:26:27Z", "fingerprint": "" }

Get-or-create an authorization for a specific app and fingerprint

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

Warning: Apps must use the web application flow to obtain OAuth tokens that work with GitHub Enterprise Server SAML organizations. OAuth tokens created using the Authorizations API will be unable to access GitHub Enterprise Server SAML organizations. For more information, see the blog post.

This method will create a new authorization for the specified OAuth application, only if an authorization for that application and fingerprint do not already exist for the user. The URL includes the 20 character client ID for the OAuth app that is requesting the token. fingerprint is a unique string to distinguish an authorization from others created for the same client ID and user. It returns the user's existing authorization for the application if one is present. Otherwise, it creates and returns a new one.

If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."

“Get-or-create an authorization for a specific app and fingerprint”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Get-or-create an authorization for a specific app and fingerprint”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the OAuth app.

fingerprint string 必须
正文参数
名称, 类型, 说明
client_secret string 必须

The OAuth app client secret for which to create the token.

scopes array of strings or null

A list of scopes that this authorization is in.

note string

A note to remind you what the OAuth token is for.

note_url string

A URL to remind you what app the OAuth token is for.

“Get-or-create an authorization for a specific app and fingerprint”的 HTTP 响应状态代码

状态代码说明
200

if returning an existing token

201

Response if returning a new token

422

Validation failed, or the endpoint has been spammed.

“Get-or-create an authorization for a specific app and fingerprint”的示例代码

请求示例

put/authorizations/clients/{client_id}/{fingerprint}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations/clients/abcde12345fghij67890/FINGERPRINT \ -d '{"client_secret":"3ef4ad510c59ad37bac6bb4f80047fb3aee3cc7f","scopes":["public_repo"],"note":"optional note","note_url":"http://optional/note/url"}'

if returning an existing token

Status: 200
{ "id": 1, "url": "https://HOSTNAME/authorizations/1", "scopes": [ "public_repo" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "expires_at": "2011-10-06T17:26:27Z", "fingerprint": "jklmnop12345678" }

Get a single authorization

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

“Get a single authorization”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Get a single authorization”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
authorization_id integer 必须

The unique identifier of the authorization.

“Get a single authorization”的 HTTP 响应状态代码

状态代码说明
200

OK

304

Not modified

401

Requires authentication

403

Forbidden

“Get a single authorization”的示例代码

请求示例

get/authorizations/{authorization_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations/AUTHORIZATION_ID

Response

Status: 200
{ "id": 1, "url": "https://HOSTNAME/authorizations/1", "scopes": [ "public_repo" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "expires_at": "2011-10-06T17:26:27Z", "fingerprint": "jklmnop12345678" }

Update an existing authorization

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

If you have two-factor authentication setup, Basic Authentication for this endpoint requires that you use a one-time password (OTP) and your username and password instead of tokens. For more information, see "Working with two-factor authentication."

You can only send one of these scope keys at a time.

“Update an existing authorization”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Update an existing authorization”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
authorization_id integer 必须

The unique identifier of the authorization.

正文参数
名称, 类型, 说明
scopes array of strings or null

A list of scopes that this authorization is in.

add_scopes array of strings

A list of scopes to add to this authorization.

remove_scopes array of strings

A list of scopes to remove from this authorization.

note string

A note to remind you what the OAuth token is for.

note_url string

A URL to remind you what app the OAuth token is for.

fingerprint string

A unique string to distinguish an authorization from others created for the same client ID and user.

“Update an existing authorization”的 HTTP 响应状态代码

状态代码说明
200

OK

422

Validation failed, or the endpoint has been spammed.

“Update an existing authorization”的示例代码

请求示例

patch/authorizations/{authorization_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations/AUTHORIZATION_ID \ -d '{"add_scopes":["public_repo"],"remove_scopes":["user"],"note":"optional note"}'

Response

Status: 200
{ "id": 1, "url": "https://HOSTNAME/authorizations/1", "scopes": [ "public_repo" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "abcde12345fghij67890" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "expires_at": "2011-10-06T17:26:27Z", "fingerprint": "jklmnop12345678" }

Delete an authorization

Deprecation Notice: GitHub Enterprise Server will discontinue the OAuth Authorizations API, which is used by integrations to create personal access tokens and OAuth tokens, and you must now create these tokens using our web application flow. The OAuth Authorizations API will be removed on November, 13, 2020. For more information, including scheduled brownouts, see the blog post.

“Delete an authorization”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Delete an authorization”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
authorization_id integer 必须

The unique identifier of the authorization.

“Delete an authorization”的 HTTP 响应状态代码

状态代码说明
204

No Content

304

Not modified

401

Requires authentication

403

Forbidden

“Delete an authorization”的示例代码

请求示例

delete/authorizations/{authorization_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/authorizations/AUTHORIZATION_ID

Response

Status: 204