REST API endpoints for repository webhooks - Enterprise Server 3.17 Docs

Lists webhooks for a repository. last response may return null if there have not been any deliveries within 30 days.

Fine-grained access tokens for "List repository webhooks"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "List repository webhooks"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

HTTP response status codes for "List repository webhooks"

Status code	Description
`200`	OK
`404`	Resource not found

Code samples for "List repository webhooks"

Request example

get/repos/{owner}/{repo}/hooks

curl -L \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks

Response

Status: 200

[ { "type": "Repository", "id": 12345678, "name": "web", "active": true, "events": [ "push", "pull_request" ], "config": { "content_type": "json", "insecure_ssl": "0", "url": "https://example.com/webhook" }, "updated_at": "2019-06-03T00:57:16Z", "created_at": "2019-06-03T00:57:16Z", "url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678", "test_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/test", "ping_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/pings", "deliveries_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/deliveries", "last_response": { "code": null, "status": "unused", "message": null } } ]

Repositories can have multiple webhooks installed. Each webhook should have a unique config. Multiple webhooks can share the same config as long as those webhooks do not have any events that overlap.

Fine-grained access tokens for "Create a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (write)

Parameters for "Create a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Name, Type, Description

name string

Use web to create a webhook. Default: web. This parameter only accepts the value web.

config object

Key/value pairs to provide settings for this webhook.

Properties of config

Name, Type, Description
`url` string The URL to which the payloads will be delivered.
`content_type` string The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
`secret` string If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
`insecure_ssl` string or number Determines whether the SSL certificate of the host for `url` will be verified when delivering payloads. Supported values include `0` (verification is performed) and `1` (verification is not performed). The default is `0`. We strongly recommend not setting this to `1` as you are subject to man-in-the-middle and other attacks.

events array of strings

Determines what events the hook is triggered for.

Default: ["push"]

active boolean

Determines if notifications are sent when the webhook is triggered. Set to true to send notifications.

Default: true

HTTP response status codes for "Create a repository webhook"

Status code	Description
`201`	Created
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Create a repository webhook"

Request example

post/repos/{owner}/{repo}/hooks

curl -L \ -X POST \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks \ -d '{"name":"web","active":true,"events":["push","pull_request"],"config":{"url":"https://example.com/webhook","content_type":"json","insecure_ssl":"0"}}'

Response

Status: 201

{ "type": "Repository", "id": 12345678, "name": "web", "active": true, "events": [ "push", "pull_request" ], "config": { "content_type": "json", "insecure_ssl": "0", "url": "https://example.com/webhook" }, "updated_at": "2019-06-03T00:57:16Z", "created_at": "2019-06-03T00:57:16Z", "url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678", "test_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/test", "ping_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/pings", "deliveries_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/deliveries", "last_response": { "code": null, "status": "unused", "message": null } }

Returns a webhook configured in a repository. To get only the webhook config properties, see "Get a webhook configuration for a repository."

Fine-grained access tokens for "Get a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "Get a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

HTTP response status codes for "Get a repository webhook"

Status code	Description
`200`	OK
`404`	Resource not found

Code samples for "Get a repository webhook"

Request example

get/repos/{owner}/{repo}/hooks/{hook_id}

curl -L \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID

Response

Status: 200

{ "type": "Repository", "id": 12345678, "name": "web", "active": true, "events": [ "push", "pull_request" ], "config": { "content_type": "json", "insecure_ssl": "0", "url": "https://example.com/webhook" }, "updated_at": "2019-06-03T00:57:16Z", "created_at": "2019-06-03T00:57:16Z", "url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678", "test_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/test", "ping_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/pings", "deliveries_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/deliveries", "last_response": { "code": null, "status": "unused", "message": null } }

Updates a webhook configured in a repository. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "Update a webhook configuration for a repository."

Fine-grained access tokens for "Update a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (write)

Parameters for "Update a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

Name, Type, Description

config object

Configuration object of the webhook

Properties of config

Name, Type, Description
`url` string The URL to which the payloads will be delivered.
`content_type` string The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
`secret` string If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
`insecure_ssl` string or number Determines whether the SSL certificate of the host for `url` will be verified when delivering payloads. Supported values include `0` (verification is performed) and `1` (verification is not performed). The default is `0`. We strongly recommend not setting this to `1` as you are subject to man-in-the-middle and other attacks.

events array of strings

Determines what events the hook is triggered for. This replaces the entire array of events.

Default: ["push"]

add_events array of strings

Determines a list of events to be added to the list of events that the Hook triggers for.

remove_events array of strings

Determines a list of events to be removed from the list of events that the Hook triggers for.

active boolean

Determines if notifications are sent when the webhook is triggered. Set to true to send notifications.

Default: true

HTTP response status codes for "Update a repository webhook"

Status code	Description
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Update a repository webhook"

Request example

/repos/{owner}/{repo}/hooks/{hook_id}

curl -L \ -X \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID \ -d '{"active":true,"add_events":["pull_request"]}'

Response

Status: 200

{ "type": "Repository", "id": 12345678, "name": "web", "active": true, "events": [ "push", "pull_request" ], "config": { "content_type": "json", "insecure_ssl": "0", "url": "https://example.com/webhook" }, "updated_at": "2019-06-03T00:57:16Z", "created_at": "2019-06-03T00:57:16Z", "url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678", "test_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/test", "ping_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/pings", "deliveries_url": "https://HOSTNAME/repos/octocat/Hello-World/hooks/12345678/deliveries", "last_response": { "code": null, "status": "unused", "message": null } }

Delete a webhook for an organization.

The authenticated user must be a repository owner, or have admin access in the repository, to delete the webhook.

Fine-grained access tokens for "Delete a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (write)

Parameters for "Delete a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

HTTP response status codes for "Delete a repository webhook"

Status code	Description
`204`	No Content
`404`	Resource not found

Code samples for "Delete a repository webhook"

Request example

delete/repos/{owner}/{repo}/hooks/{hook_id}

curl -L \ -X DELETE \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID

Response

Status: 204

Returns the webhook configuration for a repository. To get more information about the webhook, including the active state and events, use "Get a repository webhook."

OAuth app tokens and personal access tokens (classic) need the read:repo_hook or repo scope to use this endpoint.

Fine-grained access tokens for "Get a webhook configuration for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "Get a webhook configuration for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

HTTP response status codes for "Get a webhook configuration for a repository"

Status code	Description
`200`	OK

Code samples for "Get a webhook configuration for a repository"

Request example

get/repos/{owner}/{repo}/hooks/{hook_id}/config

curl -L \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/config

Response

Status: 200

{ "content_type": "json", "insecure_ssl": "0", "secret": "********", "url": "https://example.com/webhook" }

Updates the webhook configuration for a repository. To update more information about the webhook, including the active state and events, use "Update a repository webhook."

OAuth app tokens and personal access tokens (classic) need the write:repo_hook or repo scope to use this endpoint.

Fine-grained access tokens for "Update a webhook configuration for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (write)

Parameters for "Update a webhook configuration for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

Body parameters
Name, Type, Description
`url` string The URL to which the payloads will be delivered.
`content_type` string The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
`secret` string If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value for delivery signature headers.
`insecure_ssl` string or number Determines whether the SSL certificate of the host for `url` will be verified when delivering payloads. Supported values include `0` (verification is performed) and `1` (verification is not performed). The default is `0`. We strongly recommend not setting this to `1` as you are subject to man-in-the-middle and other attacks.

HTTP response status codes for "Update a webhook configuration for a repository"

Status code	Description
`200`	OK

Code samples for "Update a webhook configuration for a repository"

Request example

/repos/{owner}/{repo}/hooks/{hook_id}/config

curl -L \ -X \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/config \ -d '{"content_type":"json","url":"https://example.com/webhook"}'

Response

Status: 200

{ "content_type": "json", "insecure_ssl": "0", "secret": "********", "url": "https://example.com/webhook" }

Returns a list of webhook deliveries for a webhook configured in a repository.

Fine-grained access tokens for "List deliveries for a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "List deliveries for a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`cursor` string Used for pagination: the starting delivery from which the page of deliveries is fetched. Refer to the `link` header for the next and previous page cursors.

HTTP response status codes for "List deliveries for a repository webhook"

Status code	Description
`200`	OK
`400`	Bad Request
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "List deliveries for a repository webhook"

Request example

get/repos/{owner}/{repo}/hooks/{hook_id}/deliveries

curl -L \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/deliveries

Response

Status: 200

[ { "id": 12345678, "guid": "0b989ba4-242f-11e5-81e1-c7b6966d2516", "delivered_at": "2019-06-03T00:57:16Z", "redelivery": false, "duration": 0.27, "status": "OK", "status_code": 200, "event": "issues", "action": "opened", "installation_id": 123, "repository_id": 456, "throttled_at": "2019-06-03T00:57:16Z" }, { "id": 123456789, "guid": "0b989ba4-242f-11e5-81e1-c7b6966d2516", "delivered_at": "2019-06-04T00:57:16Z", "redelivery": true, "duration": 0.28, "status": "OK", "status_code": 200, "event": "issues", "action": "opened", "installation_id": 123, "repository_id": 456, "throttled_at": null } ]

Returns a delivery for a webhook configured in a repository.

Fine-grained access tokens for "Get a delivery for a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "Get a delivery for a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.
`delivery_id` integer Required

HTTP response status codes for "Get a delivery for a repository webhook"

Status code	Description
`200`	OK
`400`	Bad Request
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Get a delivery for a repository webhook"

Request example

get/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}

curl -L \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/deliveries/DELIVERY_ID

Response

Status: 200

{ "id": 12345678, "guid": "0b989ba4-242f-11e5-81e1-c7b6966d2516", "delivered_at": "2019-06-03T00:57:16Z", "redelivery": false, "duration": 0.27, "status": "OK", "status_code": 200, "event": "issues", "action": "opened", "installation_id": 123, "repository_id": 456, "url": "https://www.example.com", "throttled_at": "2019-06-03T00:57:16Z", "request": { "headers": { "X--Delivery": "0b989ba4-242f-11e5-81e1-c7b6966d2516", "X-Hub-Signature-256": "sha256=6dcb09b5b57875f334f61aebed695e2e4193db5e", "Accept": "*/*", "X--Hook-ID": "42", "User-Agent": "-Hookshot/b8c71d8", "X--Event": "issues", "X--Hook-Installation-Target-ID": "123", "X--Hook-Installation-Target-Type": "repository", "content-type": "application/json", "X-Hub-Signature": "sha1=a84d88e7554fc1fa21bcbc4efae3c782a70d2b9d" }, "payload": { "action": "opened", "issue": { "body": "foo" }, "repository": { "id": 123 } } }, "response": { "headers": { "Content-Type": "text/html;charset=utf-8" }, "payload": "ok" } }

Redeliver a webhook delivery for a webhook configured in a repository.

Fine-grained access tokens for "Redeliver a delivery for a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (write)

Parameters for "Redeliver a delivery for a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.
`delivery_id` integer Required

HTTP response status codes for "Redeliver a delivery for a repository webhook"

Status code	Description
`202`	Accepted
`400`	Bad Request
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Redeliver a delivery for a repository webhook"

Request example

post/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts

curl -L \ -X POST \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/deliveries/DELIVERY_ID/attempts

Accepted

Status: 202

This will trigger a ping event to be sent to the hook.

Fine-grained access tokens for "Ping a repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "Ping a repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

HTTP response status codes for "Ping a repository webhook"

Status code	Description
`204`	No Content
`404`	Resource not found

Code samples for "Ping a repository webhook"

Request example

post/repos/{owner}/{repo}/hooks/{hook_id}/pings

curl -L \ -X POST \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/pings

Response

Status: 204

This will trigger the hook with the latest push to the current repository if the hook is subscribed to push events. If the hook is not subscribed to push events, the server will respond with 204 but no test POST will be generated.

Note

Previously /repos/:owner/:repo/hooks/:hook_id/test

Fine-grained access tokens for "Test the push repository webhook"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Webhooks" repository permissions (read)

Parameters for "Test the push repository webhook"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`hook_id` integer Required The unique identifier of the hook. You can find this value in the `X--Hook-ID` header of a webhook delivery.

HTTP response status codes for "Test the push repository webhook"

Status code	Description
`204`	No Content
`404`	Resource not found

Code samples for "Test the push repository webhook"

Request example

post/repos/{owner}/{repo}/hooks/{hook_id}/tests

curl -L \ -X POST \ -H "Accept: application/vnd.+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X--Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/hooks/HOOK_ID/tests

Response

Status: 204