Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.
All products
API DE REST
The REST API is now versioned. For more information, see "About API versioning."

OIDC de Acciones de GitHub

Usa la API REST para interactuar con los JWT de las notificaciones de sujeto de OIDC en GitHub Actions.

Set the GitHub Actions OIDC custom issuer policy for an enterprise

Sets the GitHub Actions OpenID Connect (OIDC) custom issuer policy for an enterprise. You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

Parameters for "Set the GitHub Actions OIDC custom issuer policy for an enterprise"

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
enterprisestringRequired

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Body parameters
include_enterprise_slugboolean

Whether the enterprise customer requested a custom issuer URL.

HTTP response status codes for "Set the GitHub Actions OIDC custom issuer policy for an enterprise"

Status codeDescription
204

No Content

Code samples for "Set the GitHub Actions OIDC custom issuer policy for an enterprise"

put/enterprises/{enterprise}/actions/oidc/customization/issuer
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/actions/oidc/customization/issuer \ -d '{"include_enterprise_slug":true}'

Response

Status: 204

Get the customization template for an OIDC subject claim for an organization

Works with GitHub Apps

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_administration:write permission to use this endpoint.

Parameters for "Get the customization template for an OIDC subject claim for an organization"

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
orgstringRequired

The organization name. The name is not case sensitive.

HTTP response status codes for "Get the customization template for an OIDC subject claim for an organization"

Status codeDescription
200

A JSON serialized template for OIDC subject claim customization

Code samples for "Get the customization template for an OIDC subject claim for an organization"

get/orgs/{org}/actions/oidc/customization/sub
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/actions/oidc/customization/sub

A JSON serialized template for OIDC subject claim customization

Status: 200
{ "include_claim_keys": [ "repo", "context" ] }

Set the customization template for an OIDC subject claim for an organization

Works with GitHub Apps

Creates or updates the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the write:org scope to use this endpoint. GitHub Apps must have the admin:org permission to use this endpoint.

Parameters for "Set the customization template for an OIDC subject claim for an organization"

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
orgstringRequired

The organization name. The name is not case sensitive.

Body parameters
include_claim_keysarray of stringsRequired

Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

HTTP response status codes for "Set the customization template for an OIDC subject claim for an organization"

Status codeDescription
201

Empty response

403

Forbidden

404

Resource not found

Code samples for "Set the customization template for an OIDC subject claim for an organization"

put/orgs/{org}/actions/oidc/customization/sub
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/actions/oidc/customization/sub \ -d '{"include_claim_keys":["repo","context"]}'

Empty response

Status: 201

Get the customization template for an OIDC subject claim for a repository

Works with GitHub Apps

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the organization_administration:read permission to use this endpoint.

Parameters for "Get the customization template for an OIDC subject claim for a repository"

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

HTTP response status codes for "Get the customization template for an OIDC subject claim for a repository"

Status codeDescription
200

Status response

400

Bad Request

404

Resource not found

Code samples for "Get the customization template for an OIDC subject claim for a repository"

get/repos/{owner}/{repo}/actions/oidc/customization/sub
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub

Status response

Status: 200
{ "use_default": false, "include_claim_keys": [ "repo", "context" ] }

Set the customization template for an OIDC subject claim for a repository

Works with GitHub Apps

Sets the customization template and opt-in or opt-out flag for an OpenID Connect (OIDC) subject claim for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

Parameters for "Set the customization template for an OIDC subject claim for a repository"

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

Body parameters
use_defaultbooleanRequired

Whether to use the default template or not. If true, the include_claim_keys field is ignored.

include_claim_keysarray of strings

Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

HTTP response status codes for "Set the customization template for an OIDC subject claim for a repository"

Status codeDescription
201

Empty response

400

Bad Request

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Code samples for "Set the customization template for an OIDC subject claim for a repository"

put/repos/{owner}/{repo}/actions/oidc/customization/sub
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub \ -d '{"use_default":false,"include_claim_keys":["repo","context"]}'

Empty response

Status: 201