This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.
REST API endpoints for team members
Use the REST API to create and manage membership of teams in your GitHub Enterprise Server organization.
About team members
These endpoints are only available to authenticated members of the team's organization. OAuth access tokens require the read:org
scope. GitHub generates the team's slug
from the team name
.
Where pull
and push
permissions are accepted, these will map to the Read and Write roles for an organization repository. For more information about repository roles, see "Repository roles for an organization."
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API to make changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Managing team synchronization for your organization."
List team members
Team members will include the members of child teams.
To list members in a team, the team must be visible to the authenticated user.
Parameters for "List team members"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
org string RequiredThe organization name. The name is not case sensitive. |
team_slug string RequiredThe slug of the team name. |
Name, Type, Description |
---|
role string Filters members returned by their role in the team. Default: Can be one of: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: |
HTTP response status codes for "List team members"
Status code | Description |
---|---|
200 | OK |
Code samples for "List team members"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/orgs/ORG/teams/TEAM_SLUG/members
Response
Status: 200
[
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
}
]
Get team membership for a user
Team members will include the members of child teams.
To get a user's membership with a team, the team must be visible to the authenticated user.
Note
You can also specify a team by org_id
and team_id
using the route GET /organizations/{org_id}/team/{team_id}/memberships/{username}
.
Note
The response contains the state
of the membership and the member's role
.
The role
for organization owners is set to maintainer
. For more information about maintainer
roles, see Create a team.
Parameters for "Get team membership for a user"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
org string RequiredThe organization name. The name is not case sensitive. |
team_slug string RequiredThe slug of the team name. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Get team membership for a user"
Status code | Description |
---|---|
200 | OK |
404 | if user has no team membership |
Code samples for "Get team membership for a user"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/orgs/ORG/teams/TEAM_SLUG/memberships/USERNAME
Response if user is a team maintainer
Status: 200
{
"url": "https://HOSTNAME/teams/1/memberships/octocat",
"role": "maintainer",
"state": "active"
}
Add or update team membership for a user
Adds an organization member to a team. An authenticated organization owner or team maintainer can add organization members to a team.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
An organization owner can add someone who is not part of the team's organization to a team. When an organization owner adds someone to a team who is not an organization member, this endpoint will send an invitation to the person via email. This newly-created membership will be in the "pending" state until the person accepts the invitation, at which point the membership will transition to the "active" state and the user will be added as a member of the team.
If the user is already a member of the team, this endpoint will update the role of the team member's role. To update the membership of a team member, the authenticated user must be an organization owner or a team maintainer.
Note
You can also specify a team by org_id
and team_id
using the route PUT /organizations/{org_id}/team/{team_id}/memberships/{username}
.
Parameters for "Add or update team membership for a user"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
org string RequiredThe organization name. The name is not case sensitive. |
team_slug string RequiredThe slug of the team name. |
username string RequiredThe handle for the GitHub user account. |
Name, Type, Description |
---|
role string The role that this user should have in the team. Default: Can be one of: |
HTTP response status codes for "Add or update team membership for a user"
Status code | Description |
---|---|
200 | OK |
403 | Forbidden if team synchronization is set up |
422 | Unprocessable Entity if you attempt to add an organization to a team |
Code samples for "Add or update team membership for a user"
Request example
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/orgs/ORG/teams/TEAM_SLUG/memberships/USERNAME \
-d '{"role":"maintainer"}'
Response if user's membership with team is now pending
Status: 200
{
"url": "https://HOSTNAME/teams/1/memberships/octocat",
"role": "member",
"state": "pending"
}
Remove team membership for a user
To remove a membership between a user and a team, the authenticated user must have 'admin' permissions to the team or be an owner of the organization that the team is associated with. Removing team membership does not delete the user, it just removes their membership from the team.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
Note
You can also specify a team by org_id
and team_id
using the route DELETE /organizations/{org_id}/team/{team_id}/memberships/{username}
.
Parameters for "Remove team membership for a user"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
org string RequiredThe organization name. The name is not case sensitive. |
team_slug string RequiredThe slug of the team name. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Remove team membership for a user"
Status code | Description |
---|---|
204 | No Content |
403 | Forbidden if team synchronization is set up |
Code samples for "Remove team membership for a user"
Request example
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/orgs/ORG/teams/TEAM_SLUG/memberships/USERNAME
Response
Status: 204
List team members (Legacy)
Warning
Endpoint closing down notice: This endpoint route is closing down and will be removed from the Teams API. We recommend migrating your existing code to use the new List team members
endpoint.
Team members will include the members of child teams.
Parameters for "List team members (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
Name, Type, Description |
---|
role string Filters members returned by their role in the team. Default: Can be one of: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: |
HTTP response status codes for "List team members (Legacy)"
Status code | Description |
---|---|
200 | OK |
404 | Resource not found |
Code samples for "List team members (Legacy)"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/members
Response
Status: 200
[
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
}
]
Get team member (Legacy)
The "Get team member" endpoint (described below) is closing down.
We recommend using the Get team membership for a user endpoint instead. It allows you to get both active and pending memberships.
To list members in a team, the team must be visible to the authenticated user.
Fine-grained access tokens for "Get team member (Legacy)"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Members" organization permissions (read)
Parameters for "Get team member (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Get team member (Legacy)"
Status code | Description |
---|---|
204 | if user is a member |
404 | if user is not a member |
Code samples for "Get team member (Legacy)"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/members/USERNAME
if user is a member
Status: 204
Add team member (Legacy)
The "Add team member" endpoint (described below) is closing down.
We recommend using the Add or update team membership for a user endpoint instead. It allows you to invite new organization members to your teams.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
To add someone to a team, the authenticated user must be an organization owner or a team maintainer in the team they're changing. The person being added to the team must be a member of the team's organization.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
Note that you'll need to set Content-Length
to zero when calling out to this endpoint. For more information, see "HTTP method."
Fine-grained access tokens for "Add team member (Legacy)"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Members" organization permissions (write)
Parameters for "Add team member (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Add team member (Legacy)"
Status code | Description |
---|---|
204 | No Content |
403 | Forbidden |
404 | Not Found if team synchronization is set up |
422 | Unprocessable Entity if you attempt to add an organization to a team or you attempt to add a user to a team when they are not a member of at least one other team in the same organization |
Code samples for "Add team member (Legacy)"
Request example
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/members/USERNAME
Response
Status: 204
Remove team member (Legacy)
The "Remove team member" endpoint (described below) is closing down.
We recommend using the Remove team membership for a user endpoint instead. It allows you to remove both active and pending memberships.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
To remove a team member, the authenticated user must have 'admin' permissions to the team or be an owner of the org that the team is associated with. Removing a team member does not delete the user, it just removes them from the team.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
Fine-grained access tokens for "Remove team member (Legacy)"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Members" organization permissions (write)
Parameters for "Remove team member (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Remove team member (Legacy)"
Status code | Description |
---|---|
204 | No Content |
404 | Not Found if team synchronization is setup |
Code samples for "Remove team member (Legacy)"
Request example
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/members/USERNAME
Response
Status: 204
Get team membership for a user (Legacy)
Warning
Endpoint closing down notice: This endpoint route is closing down and will be removed from the Teams API. We recommend migrating your existing code to use the new Get team membership for a user endpoint.
Team members will include the members of child teams.
To get a user's membership with a team, the team must be visible to the authenticated user.
Note:
The response contains the state
of the membership and the member's role
.
The role
for organization owners is set to maintainer
. For more information about maintainer
roles, see Create a team.
Parameters for "Get team membership for a user (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Get team membership for a user (Legacy)"
Status code | Description |
---|---|
200 | OK |
404 | Resource not found |
Code samples for "Get team membership for a user (Legacy)"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/memberships/USERNAME
Response if user is a team maintainer
Status: 200
{
"url": "https://HOSTNAME/teams/1/memberships/octocat",
"role": "maintainer",
"state": "active"
}
Add or update team membership for a user (Legacy)
Warning
Endpoint closing down notice: This endpoint route is closing down and will be removed from the Teams API. We recommend migrating your existing code to use the new Add or update team membership for a user endpoint.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
If the user is already a member of the team's organization, this endpoint will add the user to the team. To add a membership between an organization member and a team, the authenticated user must be an organization owner or a team maintainer.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
If the user is unaffiliated with the team's organization, this endpoint will send an invitation to the user via email. This newly-created membership will be in the "pending" state until the user accepts the invitation, at which point the membership will transition to the "active" state and the user will be added as a member of the team. To add a membership between an unaffiliated user and a team, the authenticated user must be an organization owner.
If the user is already a member of the team, this endpoint will update the role of the team member's role. To update the membership of a team member, the authenticated user must be an organization owner or a team maintainer.
Parameters for "Add or update team membership for a user (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
Name, Type, Description |
---|
role string The role that this user should have in the team. Default: Can be one of: |
HTTP response status codes for "Add or update team membership for a user (Legacy)"
Status code | Description |
---|---|
200 | OK |
403 | Forbidden if team synchronization is set up |
404 | Resource not found |
422 | Unprocessable Entity if you attempt to add an organization to a team |
Code samples for "Add or update team membership for a user (Legacy)"
Request example
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/memberships/USERNAME \
-d '{"role":"member"}'
Response if user's membership with team is now pending
Status: 200
{
"url": "https://HOSTNAME/teams/1/memberships/octocat",
"role": "member",
"state": "pending"
}
Remove team membership for a user (Legacy)
Warning
Endpoint closing down notice: This endpoint route is closing down and will be removed from the Teams API. We recommend migrating your existing code to use the new Remove team membership for a user endpoint.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
To remove a membership between a user and a team, the authenticated user must have 'admin' permissions to the team or be an owner of the organization that the team is associated with. Removing team membership does not delete the user, it just removes their membership from the team.
Note
When you have team synchronization set up for a team with your organization's identity provider (IdP), you will see an error if you attempt to use the API for making changes to the team's membership. If you have access to manage group membership in your IdP, you can manage GitHub Enterprise Server team membership through your identity provider, which automatically adds and removes team members in an organization. For more information, see "Synchronizing teams between your identity provider and GitHub Enterprise Server."
Parameters for "Remove team membership for a user (Legacy)"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
team_id integer RequiredThe unique identifier of the team. |
username string RequiredThe handle for the GitHub user account. |
HTTP response status codes for "Remove team membership for a user (Legacy)"
Status code | Description |
---|---|
204 | No Content |
403 | if team synchronization is set up |
Code samples for "Remove team membership for a user (Legacy)"
Request example
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/teams/TEAM_ID/memberships/USERNAME
Response
Status: 204