Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.
All products
REST API

이 버전의 GitHub Enterprise는 다음 날짜에 중단되었습니다. 2023-03-15. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 성능 향상, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

Authenticating to the REST API

이 문서의 내용

You can authenticate to the REST API to access more endpoints and have a higher rate limit.

About authentication

Many REST API endpoints require authentication or return additional information if you are authenticated. Additionally, you can make more requests per hour when you are authenticated.

You can authenticate your request by sending a token in the Authorization header of your request. In the following example, replace YOUR-TOKEN with a reference to your token:

curl --request GET \
--url "http(s)://HOSTNAME/api/v3/octocat" \
--header "Authorization: Bearer YOUR-TOKEN"

Note: 대부분의 경우 Authorization: Bearer 또는 Authorization: token을 사용하여 전달할 수 있습니다. 그러나 JWT(JSON 웹 토큰)를 전달하는 경우 Authorization: Bearer를 사용해야 합니다.

If you try to use a REST API endpoint without a token or with a token that has insufficient permissions, you will receive a 404 Not Found or 403 Forbidden response.

Authenticating with a personal access token

If you want to use the GitHub REST API for personal use, you can create a personal access token. For more information about creating a personal access token, see "개인용 액세스 토큰 만들기."

Authenticating with a token generated by an app

If you want to use the API for an organization or on behalf of another user, GitHub recommends that you use a GitHub App. For more information, see "GitHub 앱 인증 정보."

You can also create an OAuth token with an OAuth App to access the REST API. However, GitHub recommends that you use a GitHub App instead. GitHub Apps allow more control over the access and permission that the app has.

Using basic authentication

Some REST API endpoints for GitHub Apps and OAuth Apps require you to use basic authentication to access the endpoint. You will use the app's client ID as the username and the app's client secret as the password.

For example:

curl --request POST \
--url "http(s)://HOSTNAME/api/v3/authorizations"
--user CLIENT_ID:CLIENT_SECRET

You can find the client ID and generate a client secret on the settings page for your app. For user-owned GitHub Apps, the settings page is https://github.com/settings/apps/APP-SLUG. For organization-owned GitHub Apps, the settings page is https://github.com/organizations/ORGANIZATION/settings/apps/APP-SLUG. Replace APP-SLUG with the sluggified name of your app and ORGANIZATION with the sluggified name of your organization. For example, https://github.com/organizations/octo-org/settings/apps/octo-app.

Authenticating in a GitHub Actions workflow

If you want to use the API in a GitHub Actions workflow, GitHub recommends that you authenticate with the built-in GITHUB_TOKEN instead of creating a token. You can grant permissions to the GITHUB_TOKEN with the permissions key. For more information, see "자동 토큰 인증."

Authenticating with username and password

GitHub recommends that you use a token to authenticate to the REST API instead of your password. You have more control over what a token can do, and you can revoke a token at anytime. However, you can also authenticate to the REST API using your username and password for basic authentication. To do so, you will pass your username and password with the --user option:

curl --request GET \
--url "http(s)://HOSTNAME/api/v3/user"
--user USERNAME:PASSWORD