Learn how to resolve the most common problems people encounter in the REST API.

If you're encountering some oddities in the API, here's a list of resolutions to some of the problems you may be experiencing.

404 error for an existing repository

Typically, we send a 404 error when your client isn't properly authenticated. You might expect to see a 403 Forbidden in these cases. However, since we don't want to provide any information about private repositories, the API returns a 404 error instead.

To troubleshoot, ensure you're authenticating correctly, your OAuth access token has the required scopes, third-party application restrictions are not blocking access, and that the token has not expired or been revoked.

Not all results returned

Most API calls accessing a list of resources (e.g., users, issues, etc.) support pagination. If you're making requests and receiving an incomplete set of results, you're probably only seeing the first page. You'll need to request the remaining pages in order to get more results.

It's important to not try and guess the format of the pagination URL. Not every API call uses the same structure. Instead, extract the pagination information from the Link Header, which is sent with every request.

Basic authentication errors

On November 13, 2020 username and password authentication to the REST API and the OAuth Authorizations API were deprecated and no longer work.

Using username/password for basic authentication

If you're using username and password for API calls, then they are no longer able to authenticate. For example:

curl -u my_user:my_password

Instead, use a personal access token when testing endpoints or doing local development:

curl -H 'Authorization: token my_access_token'

For OAuth Apps, you should use the web application flow to generate an OAuth token to use in the API call's header:

curl -H 'Authorization: token my-oauth-token'

Calls to OAuth Authorizations API

If you're making OAuth Authorization API calls to manage your OAuth app's authorizations or to generate access tokens, similar to this example:

curl -u my_username:my_password -X POST "" -d '{"scopes":["public_repo"], "note":"my token", "client_id":"my_client_id", "client_secret":"my_client_secret"}'

Then you must switch to the web application flow to generate access tokens.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.