The API supports Basic Authentication as defined in
RFC2617 with a few slight differences.
The main difference is that the RFC requires unauthenticated requests to be
401 Unauthorized responses. In many places, this would disclose
the existence of user data. Instead, the GitHub AE API responds with
404 Not Found.
This may cause problems for HTTP libraries that assume a
response. The solution is to manually craft the
We recommend you use OAuth tokens to authenticate to the GitHub API. OAuth tokens include personal access tokens and enable the user to revoke access at any time.
$ curl -u username:token http(s)://[hostname]/api/v3/user
This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.