ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

このバージョンの GitHub Enterprise はこの日付をもって終了となります: このバージョンの GitHub Enterprise はこの日付をもって終了となりました: 2020-08-20. 重大なセキュリティの問題に対してであっても、パッチリリースは作成されません。 パフォーマンスの向上、セキュリティの改善、新機能のためには、最新バージョンのGitHub Enterpriseにアップグレードしてください。 アップグレードに関する支援については、GitHub Enterprise supportに連絡してください。

記事のバージョン: Enterprise Server 2.18

Other authentication methods

You can use basic authentication for testing in a non-production environment.

ここには以下の内容があります:

Did this doc help you?

While the API provides multiple methods for authentication, we strongly recommend using OAuth for production applications. The other methods provided are intended to be used for scripts or testing (i.e., cases where full OAuth would be overkill). Third party applications that rely on GitHub Enterprise for authentication should not ask for or collect GitHub Enterprise credentials. Instead, they should use the OAuth web flow.

Basic Authentication

The API supports Basic Authentication as defined in RFC2617 with a few slight differences. The main difference is that the RFC requires unauthenticated requests to be answered with 401 Unauthorized responses. In many places, this would disclose the existence of user data. Instead, the GitHub Enterprise API responds with 404 Not Found. This may cause problems for HTTP libraries that assume a 401 Unauthorized response. The solution is to manually craft the Authorization header.

Via OAuth and personal access tokens

We recommend you use OAuth tokens to authenticate to the GitHub API. OAuth tokens include personal access tokens and enable the user to revoke access at any time.

$ curl -u username:token http(s)://[hostname]/api/v3/user

This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.

Via username and password

To use Basic Authentication with the GitHub Enterprise API, simply send the username and password associated with the account.

For example, if you're accessing the API via cURL, the following command would authenticate you if you replace <username> with your GitHub Enterprise username. (cURL will prompt you to enter the password.)

$ curl -u username http(s)://[hostname]/api/v3/user

If you have two-factor authentication enabled, make sure you understand how to work with two-factor authentication.

Working with two-factor authentication

When you have two-factor authentication enabled, Basic Authentication for most endpoints in the REST API requires that you use a personal access token or OAuth token instead of your username and password.

You can generate a new personal access token or use the "Create a new authorization" endpoint in the OAuth Authorizations API to generate a new OAuth token. For more information, see "Creating a personal access token for the command line". Then you would use these tokens to authenticate using OAuth token with the GitHub API. The only time you need to authenticate with your username and password is when you create your OAuth token or use the OAuth Authorizations API.

Using the OAuth Authorizations API with two-factor authentication

When you make calls to the OAuth Authorizations API, Basic Authentication requires that you use a one-time password (OTP) and your username and password instead of tokens. When you attempt to authenticate with the OAuth Authorizations API, the server will respond with a 401 Unauthorized and one of these headers to let you know that you need a two-factor authentication code:

X-GitHub-OTP: required; SMS or X-GitHub-OTP: required; app.

This header tells you how your account receives its two-factor authentication codes. Depending how you set up your account, you will either receive your OTP codes via SMS or you will use an application like Google Authenticator or 1Password. For more information, see "Configuring two-factor authentication." Pass the OTP in the header:

$ curl --request POST \
  --url https://api.github.com/authorizations \
  --header 'authorization: Basic PASSWORD' \
  --header 'content-type: application/json' \
  --header 'x-github-otp: OTP' \
  --data '{"scopes": ["public_repo"], "note": "test"}'

Did this doc help you?

担当者にお尋ねください

探しているものが見つからなかったでしょうか?

弊社にお問い合わせください