If you're encountering some oddities in the API, here's a list of resolutions to some of the problems you may be experiencing.
Typically, we send a
404 error when your client isn't properly authenticated.
You might expect to see a
403 Forbidden in these cases. However, since we don't
want to provide any information about private repositories, the API returns a
404 error instead.
To troubleshoot, ensure you're authenticating correctly, your OAuth access token has the required scopes, third-party application restrictions are not blocking access, and that the token has not expired or been revoked.
Most API calls accessing a list of resources (e.g., users, issues, etc.) support pagination. If you're making requests and receiving an incomplete set of results, you're probably only seeing the first page. You'll need to request the remaining pages in order to get more results.
It's important to not try and guess the format of the pagination URL. Not every API call uses the same structure. Instead, extract the pagination information from the Link Header, which is sent with every request.
On November 13, 2020 username and password authentication to the REST API and the OAuth Authorizations API were deprecated and no longer work.
If you're using
password for API calls, then they are no longer able to authenticate. For example:
curl -u my_user:my_password https://api.github.com/user/repos
Instead, use a personal access token when testing endpoints or doing local development:
curl -H 'Authorization: Bearer my_access_token' https://api.github.com/user/repos
For OAuth Apps, you should use the web application flow to generate an OAuth token to use in the API call's header:
curl -H 'Authorization: Bearer my-oauth-token' https://api.github.com/user/repos
If GitHub Enterprise Cloud takes more than 10 seconds to process an API request, GitHub Enterprise Cloud will terminate the request and you will receive a timeout response.