This article describes how to quickly get started with the REST API using CLI, curl, or JavaScript. For a more detailed guide, see Getting started with the REST API.
CLI is the easiest way to use the REST API from the command line.
Install CLI on macOS, Windows, or Linux. For more information, see Installation in the CLI repository.
To authenticate to , run the following command from your terminal.
gh auth loginSelect where you want to authenticate to:
- If you access at .com, select .com.
- If you access at a different domain, select Other, then enter your hostname (for example:
octocorp.ghe.com).
Follow the rest of the on-screen prompts.
CLI automatically stores your Git credentials for you when you choose HTTPS as your preferred protocol for Git operations and answer "yes" to the prompt asking if you would like to authenticate to Git with your credentials. This can be useful as it allows you to use Git commands like
git pushandgit pullwithout needing to set up a separate credential manager or use SSH.Make a request using the CLI
apisubcommand, followed by the path. Use the--methodor-Xflag to specify the method. For more information, see the CLIapidocumentation.This example makes a request to the "Get Octocat" endpoint, which uses the method
GETand the path/octocat. For the full reference documentation for this endpoint, see REST API endpoints for meta data.Shell gh api /octocat --method GET
gh api /octocat --method GET
You can also use CLI in your Actions workflows. For more information, see Using CLI in workflows.
Instead of using the gh auth login command, pass an access token as an environment variable called GH_TOKEN. recommends that you use the built-in _TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace _TOKEN in the example below with the name of your secret. For more information about _TOKEN, see Automatic token authentication. For more information about secrets, see Using secrets in Actions.
The following example workflow uses the List repository issues endpoint, and requests a list of issues in a repository you specify. Replace HOSTNAME with the name of your Enterprise Server instance. Replace REPO-OWNER with the name of the account that owns the repository. Replace REPO-NAME with the name of the repository.
on:
workflow_dis:
jobs:
use_api:
runs-on: ubuntu-latest
permissions:
issues: read
steps:
- env:
GH_TOKEN: ${{ secrets._TOKEN }}
run: |
gh api http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues
on:
workflow_dis:
jobs:
use_api:
runs-on: ubuntu-latest
permissions:
issues: read
steps:
- env:
GH_TOKEN: ${{ secrets._TOKEN }}
run: |
gh api http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues
If you are authenticating with a App, you can create an installation access token within your workflow:
Store your App's ID as a configuration variable. In the following example, replace
APP_IDwith the name of the configuration variable. You can find your app ID on the settings page for your app or through the API. For more information, see REST API endpoints for Apps. For more information about configuration variables, see Store information in variables.Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including
-----BEGIN RSA PRIVATE KEY-----and-----END RSA PRIVATE KEY-----.) In the following example, replaceAPP_PEMwith the name of the secret. For more information, see Managing private keys for Apps. For more information about secrets, see Using secrets in Actions.Add a step to generate a token, and use that token instead of
_TOKEN. Note that this token will expire after 60 minutes. In the following example, replaceHOSTNAMEwith the name of your Enterprise Server instance. ReplaceREPO-OWNERwith the name of the account that owns the repository. ReplaceREPO-NAMEwith the name of the repository.YAML on: workflow_dis: jobs: track_pr: runs-on: ubuntu-latest steps: - name: Generate token id: generate-token uses: actions/create--app-token@v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PEM }} - name: Use API env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issueson: workflow_dis: jobs: track_pr: runs-on: ubuntu-latest steps: - name: Generate token id: generate-token uses: actions/create--app-token@v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PEM }} - name: Use API env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues
You can use Octokit.js to interact with the REST API in your JavaScript scripts. For more information, see Scripting with the REST API and JavaScript.
Create an access token. For example, create a personal access token or a App user access token. You will use this token to authenticate your request, so you should give it any scopes or permissions that are required to access that endpoint. For more information, see Authenticating to the REST API or Identifying and authorizing users for Apps.
Warning
Treat your access token like a password.
To keep your token secure, you can store your token as a secret and run your script through Actions. For more information, see the Using Octokit.js in Actions section.
If these options are not possible, consider using another CLI service to store your token securely.
Install
octokit. For example,npm install octokit. For other ways to install or loadoctokit, see the Octokit.js README.Import
octokitin your script. For example,import { Octokit } from "octokit";. For other ways to importoctokit, see the Octokit.js README.Create an instance of
Octokitwith your token. ReplaceHOSTNAMEwith the name of your Enterprise Server instance. ReplaceYOUR-TOKENwith your token.JavaScript const octokit = new Octokit({ baseUrl: "http(s)://HOSTNAME/api/v3", auth: 'YOUR-TOKEN' });const octokit = new Octokit({ baseUrl: "http(s)://HOSTNAME/api/v3", auth: 'YOUR-TOKEN' });Use
octokit.requestto execute your request. Send the HTTP method and path as the first argument. Specify any path, query, and body parameters in an object as the second argument. For more information about parameters, see Getting started with the REST API.For example, in the following request the HTTP method is
GET, the path is/repos/{owner}/{repo}/issues, and the parameters areowner: "REPO-OWNER"andrepo: "REPO-NAME". ReplaceREPO-OWNERwith the name of the account that owns the repository, andREPO-NAMEwith the name of the repository.JavaScript await octokit.request("GET /repos/{owner}/{repo}/issues", { owner: "REPO-OWNER", repo: "REPO-NAME", });await octokit.request("GET /repos/{owner}/{repo}/issues", { owner: "REPO-OWNER", repo: "REPO-NAME", });
You can also execute your JavaScript scripts in your Actions workflows. For more information, see Workflow syntax for Actions.
recommends that you use the built-in _TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace _TOKEN in the example below with the name of your secret. For more information about _TOKEN, see Automatic token authentication. For more information about secrets, see Using secrets in Actions.
The following example workflow:
- Checks out the repository content
- Sets up Node.js
- Installs
octokit - Stores the value of
_TOKENas an environment variable calledTOKENand runs./actions-scripts/use-the-api.mjs, which can access that environment variable asprocess.env.TOKEN
on:
workflow_dis:
jobs:
use_api_via_script:
runs-on: ubuntu-latest
permissions:
issues: read
steps:
- name: Check out repo content
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '16.17.0'
cache: npm
- name: Install dependencies
run: npm install octokit
- name: Run script
run: |
node ./actions-scripts/use-the-api.mjs
env:
TOKEN: ${{ secrets._TOKEN }}
The following is an example JavaScript script with the file path ./actions-scripts/use-the-api.mjs. Replace HOSTNAME with the name of your Enterprise Server instance. Replace REPO-OWNER with the name of the account that owns the repository. Replace REPO-NAME with the name of the repository.
import { Octokit } from "octokit"
const octokit = new Octokit({
baseUrl: "http(s)://HOSTNAME/api/v3",
auth: process.env.TOKEN
});
try {
const result = await octokit.request("GET /repos/{owner}/{repo}/issues", {
owner: "REPO-OWNER",
repo: "REPO-NAME",
});
const titleAndAuthor = result.data.map(issue => {title: issue.title, authorID: issue.user.id})
console.log(titleAndAuthor)
} catch (error) {
console.log(`Error! Status: ${error.status}. Message: ${error.response.data.message}`)
}
If you are authenticating with a App, you can create an installation access token within your workflow:
Store your App's ID as a configuration variable. In the following example, replace
APP_IDwith the name of the configuration variable. You can find your app ID on the settings page for your app or through the App API. For more information, see REST API endpoints for Apps. For more information about configuration variables, see Store information in variables.Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including
-----BEGIN RSA PRIVATE KEY-----and-----END RSA PRIVATE KEY-----.) In the following example, replaceAPP_PEMwith the name of the secret. For more information, see Managing private keys for Apps. For more information about secrets, see Using secrets in Actions.Add a step to generate a token, and use that token instead of
_TOKEN. Note that this token will expire after 60 minutes. For example:on: workflow_dis: jobs: use_api_via_script: runs-on: ubuntu-latest steps: - name: Check out repo content uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v4 with: node-version: '16.17.0' cache: npm - name: Install dependencies run: npm install octokit - name: Generate token id: generate-token uses: actions/create--app-token@v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PEM }} - name: Run script run: | node ./actions-scripts/use-the-api.mjs env: TOKEN: ${{ steps.generate-token.outputs.token }}
Note
If you want to make API requests from the command line, recommends that you use CLI, which simplifies authentication and requests. For more information about getting started with the REST API using CLI, see the CLI version of this article.
Install
curlif it isn't already installed on your machine. To check ifcurlis installed, executecurl --versionin the command line. If the output provides information about the version ofcurl, that meanscurlis installed. If you get a message similar tocommand not found: curl, you need to download and installcurl. For more information, see the curl project download page.Create an access token. For example, create a personal access token or a App user access token. You will use this token to authenticate your request, so you should give it any scopes or permissions that are required to access the endpoint. For more information, see Authenticating to the REST API.
Warning
Treat your access token like a password.
You can also use CLI instead of
curl. CLI will take care of authentication for you. For more information, see the CLI version of this page.If these options are not possible, consider using another CLI service to store your token securely.
Use the
curlcommand to make your request. Pass your token in anAuthorizationheader. ReplaceHOSTNAMEwith the name of your Enterprise Server instance. ReplaceREPO-OWNERwith the name of the account that owns the repository. ReplaceREPO-NAMEwith the name of the repository. ReplaceYOUR-TOKENwith your token.Shell curl --request GET \ --url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \ --header "Accept: application/vnd.+json" \ --header "Authorization: Bearer YOUR-TOKEN"
curl --request GET \ --url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \ --header "Accept: application/vnd.+json" \ --header "Authorization: Bearer YOUR-TOKEN"Note
In most cases, you can use
Authorization: BearerorAuthorization: tokento pass a token. However, if you are passing a JSON web token (JWT), you must useAuthorization: Bearer.
You can also use curl commands in your Actions workflows.
recommends that you use the built-in _TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace _TOKEN in the example below with the name of your secret. For more information about _TOKEN, see Automatic token authentication. For more information about secrets, see Using secrets in Actions.
In the following example, replace HOSTNAME with the name of your Enterprise Server instance. Replace REPO-OWNER with the name of the account that owns the repository. Replace REPO-NAME with the name of the repository.
on:
workflow_dis:
jobs:
use_api:
runs-on: ubuntu-latest
permissions:
issues: read
steps:
- env:
GH_TOKEN: ${{ secrets._TOKEN }}
run: |
curl --request GET \
--url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \
--header "Accept: application/vnd.+json" \
--header "Authorization: Bearer $GH_TOKEN"
on:
workflow_dis:
jobs:
use_api:
runs-on: ubuntu-latest
permissions:
issues: read
steps:
- env:
GH_TOKEN: ${{ secrets._TOKEN }}
run: |
curl --request GET \
--url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \
--header "Accept: application/vnd.+json" \
--header "Authorization: Bearer $GH_TOKEN"
If you are authenticating with a App, you can create an installation access token within your workflow:
Store your App's ID as a configuration variable. In the following example, replace
APP_IDwith the name of the configuration variable. You can find your app ID on the settings page for your app or through the App API. For more information, see REST API endpoints for Apps. For more information about configuration variables, see Store information in variables.Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including
-----BEGIN RSA PRIVATE KEY-----and-----END RSA PRIVATE KEY-----.) In the following example, replaceAPP_PEMwith the name of the secret. For more information, see Managing private keys for Apps. For more information about storing secrets, see Using secrets in Actions.Add a step to generate a token, and use that token instead of
_TOKEN. Note that this token will expire after 60 minutes. In the following example, replaceHOSTNAMEwith the name of your Enterprise Server instance. ReplaceREPO-OWNERwith the name of the account that owns the repository. ReplaceREPO-NAMEwith the name of the repository.YAML on: workflow_dis: jobs: use_api: runs-on: ubuntu-latest steps: - name: Generate token id: generate-token uses: actions/create--app-token@v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PEM }} - name: Use API env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | curl --request GET \ --url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \ --header "Accept: application/vnd.+json" \ --header "Authorization: Bearer $GH_TOKEN"on: workflow_dis: jobs: use_api: runs-on: ubuntu-latest steps: - name: Generate token id: generate-token uses: actions/create--app-token@v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PEM }} - name: Use API env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | curl --request GET \ --url "http(s)://HOSTNAME/api/v3/repos/REPO-OWNER/REPO-NAME/issues" \ --header "Accept: application/vnd.+json" \ --header "Authorization: Bearer $GH_TOKEN"
For a more detailed guide, see Getting started with the REST API.