Learn how to get started with the GitHub REST API.
This article describes how to quickly get started with the GitHub REST API using GitHub CLI, JavaScript, or cURL. For a more detailed guide, see "Getting started with the REST API."
Getting started using GitHub CLI
Using GitHub CLI in the command line
GitHub CLI is the easiest way to use the GitHub REST API from the command line.
Install GitHub CLI if you haven't installed it yet. For installation instructions, see the GitHub CLI repository.
You can also use GitHub CLI in your GitHub Actions workflows. For more information, see "Using GitHub CLI in workflows."
Instead of using the gh auth login command, pass an access token as an environment variable called GH_TOKEN. GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." For more information about secrets, see "Encrypted secrets."
on:workflow_dispatch:jobs:use_api:runs-on:ubuntu-latestpermissions:issues:readsteps:-env:GH_TOKEN:${{secrets.GITHUB_TOKEN}}run:|
gh api repos/octocat/Spoon-Knife/issues
If you are authenticating with a GitHub App, you can create an installation access token within your workflow:
Store your GitHub App's ID as a secret. In the following example, replace APP_ID with the name of the secret. You can find your app ID on the settings page for your app or through the App API. For more information, see "Apps." For more information about secrets, see "Encrypted secrets."
Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. For more information, see "Authenticating with GitHub Apps."
Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. For example:
# This workflow uses actions that are not certified by GitHub.# They are provided by a third-party and are governed by# separate terms of service, privacy policy, and support# documentation.on:workflow_dispatch:jobs:track_pr:runs-on:ubuntu-lateststeps:-name:Generatetokenid:generate_tokenuses:tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0with:app_id:${{secrets.APP_ID}}private_key:${{secrets.APP_PEM}}-name:UseAPIenv:GH_TOKEN:${{steps.generate_token.outputs.token}}run:|
gh api repos/octocat/Spoon-Knife/issues
Getting started using JavaScript
You can use Octokit.js to interact with the GitHub REST API in your JavaScript scripts. For more information, see the Octokit.js README.
To keep your token secure, you can store your token as a secret and run your script through GitHub Actions. For more information, see the "Using Octokit.js in GitHub Actions" section.
If these options are not possible, consider using another service such as the 1Password CLI to store your token securely.
Install octokit. For example, npm install octokit. For other ways to install or load octokit, see the Octokit.js README.
Import octokit in your script. For example, import { Octokit } from "octokit";. For other ways to import octokit, see the Octokit.js README.
Create an instance of Octokit with your token. Replace YOUR-TOKEN with your token.
Use octokit.request to execute your request. Send the HTTP method and path as the first argument. Specify any path, query, and body parameters in an object as the second argument. For example, in the following request the HTTP method is GET, the path is /repos/{owner}/{repo}/issues, and the parameters are owner: "octocat" and repo: "Spoon-Knife".
You can also execute your JavaScript scripts in your GitHub Actions workflows. For more information, see "Workflow syntax for GitHub Actions."
GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." For more information about secrets, see "Encrypted secrets."
The following example workflow:
Checks out the repository content
Sets up Node.js
Installs octokit
Stores the value of GITHUB_TOKEN as an environment variable called TOKEN and runs .github/actions-scripts/use-the-api.mjs, which can access that environment variable as process.env.TOKEN
If you are authenticating with a GitHub App, you can create an installation access token within your workflow:
Store your GitHub App's ID as a secret. In the following example, replace APP_ID with the name of the secret. You can find your app ID on the settings page for your app or through the App API. For more information, see "Apps." For more information about secrets, see "Encrypted secrets."
Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. For more information, see "Authenticating with GitHub Apps."
Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. For example:
# This workflow uses actions that are not certified by GitHub.# They are provided by a third-party and are governed by# separate terms of service, privacy policy, and support# documentation.on:workflow_dispatch:jobs:use_api_via_script:runs-on:ubuntu-lateststeps:-name:Checkoutrepocontentuses:actions/checkout@v2-name:SetupNodeuses:actions/setup-node@v2with:node-version:'16.17.0'cache:npm-name:Installdependenciesrun:npminstalloctokit-name:Generatetokenid:generate_tokenuses:tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0with:app_id:${{secrets.APP_ID}}private_key:${{secrets.APP_PEM}}-name:Runscriptrun:|
node .github/actions-scripts/use-the-api.mjs
env:TOKEN:${{steps.generate_token.outputs.token}}
Getting started using cURL
Using cURL in the command line
Note: If you want to make API requests from the command line, GitHub recommends that you use GitHub CLI, which simplifies authentication and requests. For more information about getting started with the REST API using GitHub CLI, see the GitHub CLI version of this article.
Install cURL if cURL isn't already installed on your machine. To check if cURL is installed, execute curl --version in the command line. If the output is information about the cURL version, cURL is installed. If you get a message similar to command not found: curl, you need to download and install cURL. For more information, see the cURL project download page.
You can also use GitHub CLI instead of cURL. GitHub CLI will take care of authentication for you. For more information, see the GitHub CLI version of this page.
If these options are not possible, consider using another service such as the 1Password CLI to store your token securely.
Use the cURL command to make your request. Pass your token in an Authorization header. Replace YOUR-TOKEN with your token.
Note: In most cases, you can use Authorization: Bearer or Authorization: token to pass a token. However, if you are passing a JSON web token (JWT), you must use Authorization: Bearer.
Using cURL in GitHub Actions
You can also use cURL in your GitHub Actions workflows.
GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." For more information about secrets, see "Encrypted secrets."
If you are authenticating with a GitHub App, you can create an installation access token within your workflow:
Store your GitHub App's ID as a secret. In the following example, replace APP_ID with the name of the secret. You can find your app ID on the settings page for your app or through the App API. For more information, see "Apps." For more information about secrets, see "Encrypted secrets."
Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. For more information, see "Authenticating with GitHub Apps."
Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. For example:
# This workflow uses actions that are not certified by GitHub.# They are provided by a third-party and are governed by# separate terms of service, privacy policy, and support# documentation.on:workflow_dispatch:jobs:use_api:runs-on:ubuntu-lateststeps:-name:Generatetokenid:generate_tokenuses:tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0with:app_id:${{secrets.APP_ID}}private_key:${{secrets.APP_PEM}}-name:UseAPIenv:GH_TOKEN:${{steps.generate_token.outputs.token}}run:|
curl --request GET \
--url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer $GH_TOKEN"