To authenticate we recommend using OAuth tokens, such a personal access token through the OAuth web flow.
Basic Authentication
The API supports Basic Authentication as defined in
RFC2617 with a few slight differences.
The main difference is that the RFC requires unauthenticated requests to be
answered with 401 Unauthorized
responses. In many places, this would disclose
the existence of user data. Instead, the GitHub AE API responds with 404 Not Found
.
This may cause problems for HTTP libraries that assume a 401 Unauthorized
response. The solution is to manually craft the Authorization
header.
Via personal access tokens
We recommend you use personal access tokens to authenticate to the GitHub API.
$ curl -u USERNAME:TOKEN https://HOSTNAME/api/v3/user
This approach is useful if your tools only support Basic Authentication but you want to take advantage of personal access token security features.