プッシュ保護バイパス要求用の REST API エンドポイント

List bypass requests for secret scanning for an enterprise

List requests to bypass secret scanning push protection in an enterprise.

Delegated bypass must be enabled on repositories in the enterprise and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

no_fine_grained_access

"List bypass requests for secret scanning for an enterprise" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`enterprise` string 必須 The slug version of the enterprise name.

クエリパラメーター
名前, タイプ, 説明
`organization_name` string The name of the organization to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). デフォルト: `day` 次のいずれかにできます: `hour`, `day`, `week`, `month`
`request_status` string The status of the bypass request to filter on. When specified, only requests with this status will be returned. デフォルト: `all` 次のいずれかにできます: `completed`, `cancelled`, `approved`, `expired`, `deleted`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: `1`

http_status_code

status_code	説明
`200`	OK
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/enterprises/{enterprise}/bypass-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/enterprises/ENTERPRISE/bypass-requests/secret-scanning

Response

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "used_in_tests",
        "path": "/tests/README.md:16:0",
        "branch": "refs/heads/main"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
    "html_url": "https://github.com/octo-org/smile/exemptions/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "fix_later",
        "path": "README.md:17:0",
        "branch": "refs/heads/my-branch"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2",
    "html_url": "https://github.com/octo-org/smile/exemptions/2"
  }
]

List bypass requests for secret scanning for an org

List requests to bypass secret scanning push protection in an org.

Delegated bypass must be enabled on repositories in the org and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)

"List bypass requests for secret scanning for an org" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.

クエリパラメーター
名前, タイプ, 説明
`repository_name` string The name of the repository to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). デフォルト: `day` 次のいずれかにできます: `hour`, `day`, `week`, `month`
`request_status` string The status of the bypass request to filter on. When specified, only requests with this status will be returned. デフォルト: `all` 次のいずれかにできます: `completed`, `cancelled`, `approved`, `expired`, `deleted`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: `1`

http_status_code

status_code	説明
`200`	OK
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/orgs/{org}/bypass-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/bypass-requests/secret-scanning

Response

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "used_in_tests",
        "path": "/tests/README.md:16:0",
        "branch": "refs/heads/main"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
    "html_url": "https://github.com/octo-org/smile/exemptions/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "fix_later",
        "path": "README.md:17:0",
        "branch": "refs/heads/my-branch"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2",
    "html_url": "https://github.com/octo-org/smile/exemptions/2"
  }
]

List bypass requests for secret scanning for a repository

Lists requests to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_sets:

"Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)
"Secret scanning alerts" repository permissions (read) and "Secret scanning push protection bypass requests" repository permissions (read)

"List bypass requests for secret scanning for a repository" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.

クエリパラメーター
名前, タイプ, 説明
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). デフォルト: `day` 次のいずれかにできます: `hour`, `day`, `week`, `month`
`request_status` string The status of the bypass request to filter on. When specified, only requests with this status will be returned. デフォルト: `all` 次のいずれかにできます: `completed`, `cancelled`, `approved`, `expired`, `deleted`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: `1`

http_status_code

status_code	説明
`200`	A list of the bypass requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/bypass-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning

A list of the bypass requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "used_in_tests",
        "path": "/tests/README.md:16:0",
        "branch": "refs/heads/main"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
    "html_url": "https://github.com/octo-org/smile/exemptions/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "fix_later",
        "path": "README.md:17:0",
        "branch": "refs/heads/my-branch"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2",
    "html_url": "https://github.com/octo-org/smile/exemptions/2"
  }
]

Get a bypass request for secret scanning

Gets a specific request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)

"Get a bypass request for secret scanning" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_request_number` integer 必須 The number that identifies the bypass request in a repository.

http_status_code

status_code	説明
`200`	A single bypass request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER

A single bypass request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "secret_scanning",
  "data": [
    {
      "secret_type": "adafruit_io_key",
      "bypass_reason": "used_in_tests",
      "path": "/tests/README.md:16:0",
      "branch": "refs/heads/main"
    }
  ],
  "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
  "status": "denied",
  "requester_comment": "Test token used in the readme as an example",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [
    {
      "id": 42,
      "reviewer": {
        "actor_id": 4,
        "actor_name": "octocat"
      },
      "status": "denied",
      "created_at": "2024-07-02T08:43:04Z"
    }
  ],
  "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
  "html_url": "https://github.com/octo-org/smile/exemptions/1"
}

Review a bypass request for secret scanning

Approve or deny a request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_sets:

"Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (write)
"Secret scanning alerts" repository permissions (read) and "Secret scanning push protection bypass requests" repository permissions (write)

"Review a bypass request for secret scanning" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_request_number` integer 必須 The number that identifies the bypass request in a repository.

ボディパラメータ
名前, タイプ, 説明
`status` string 必須 The review action to perform on the bypass request. 次のいずれかにできます: `approve`, `reject`
`message` string 必須 A message to include with the review. Has a maximum character length of 2048.

http_status_code

status_code	説明
`200`	The review of the bypass request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

code_samples

data_residency_notice

request_example

patch/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER \
  -d '{"status":"reject","message":"This secret has not been revoked."}'

The review of the bypass request.

Status: 200

{
  "bypass_review_id": 1
}

Dismiss a response on a bypass request for secret scanning

Dissmiss a response given to a bypass request for secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Secret scanning alerts" repository permissions (read)

"Dismiss a response on a bypass request for secret scanning" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_response_id` integer 必須 ID of the bypass response.

http_status_code

status_code	説明
`204`	Review was successfully dismissed.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

code_samples

data_residency_notice

request_example

delete/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/bypass-responses/secret-scanning/BYPASS_RESPONSE_ID

Review was successfully dismissed.

Status: 204