Apps are created with a set of permissions. Permissions define what resources the App can access via the API. For more information, see Choosing permissions for a App.
To help you choose the correct permissions, you will receive the X-Accepted--Permissions header in the REST API response. The header will tell you what permissions are required in order to access the endpoint. For more information, see Troubleshooting the REST API.
These permissions are required to access private resources. Some endpoints can also be used to access public resources without these permissions. To see whether an endpoint can access public resources without a permission, see the documentation for that endpoint.
Some endpoints require more than one permission. Other endpoints work with any one permission from a set of permissions. In these cases, the "Additional permissions" column will include a checkmark. For full details about the permissions that are required to use the endpoint, see the documentation for that endpoint.
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| PUT/orgs/{org}/blocks/{username} | write | UAT IAT | |
| DELETE/orgs/{org}/blocks/{username} | write | UAT IAT | |
| GET/orgs/{org}/blocks | read | UAT IAT | |
| GET/orgs/{org}/blocks/{username} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/orgs/{org}/campaigns | write | UAT IAT | |
| /orgs/{org}/campaigns/{campaign_number} | write | UAT IAT | |
| DELETE/orgs/{org}/campaigns/{campaign_number} | write | UAT IAT | |
| GET/orgs/{org}/campaigns | read | UAT IAT | |
| GET/orgs/{org}/campaigns/{campaign_number} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| GET/orgs/{org}/organization-roles | read | UAT IAT | |
| GET/orgs/{org}/organization-roles/{role_id} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| GET/users/{username}/events/orgs/{org} | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/orgs/{org}/issue-types | write | UAT IAT | |
| PUT/orgs/{org}/issue-types/{issue_type_id} | write | UAT IAT | |
| DELETE/orgs/{org}/issue-types/{issue_type_id} | write | UAT IAT | |
| GET/orgs/{org}/issue-types | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| PUT/orgs/{org}/codespaces/access | write | UAT IAT | |
| POST/orgs/{org}/codespaces/access/selected_users | write | UAT IAT | |
| DELETE/orgs/{org}/codespaces/access/selected_users | write | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/orgs/{org}/private-registries | write | UAT IAT | |
| /orgs/{org}/private-registries/{secret_name} | write | UAT IAT | |
| DELETE/orgs/{org}/private-registries/{secret_name} | write | UAT IAT | |
| GET/orgs/{org}/private-registries | read | UAT IAT | |
| GET/orgs/{org}/private-registries/public-key | read | UAT IAT | |
| GET/orgs/{org}/private-registries/{secret_name} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/orgs/{org}/personal-access-token-requests | write | UAT IAT | |
| POST/orgs/{org}/personal-access-token-requests/{pat_request_id} | write | UAT IAT | |
| GET/orgs/{org}/personal-access-token-requests | read | UAT IAT | |
| GET/orgs/{org}/personal-access-token-requests/{pat_request_id}/repositories | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/orgs/{org}/personal-access-tokens | write | UAT IAT | |
| POST/orgs/{org}/personal-access-tokens/{pat_id} | write | UAT IAT | |
| GET/orgs/{org}/personal-access-tokens | read | UAT IAT | |
| GET/orgs/{org}/personal-access-tokens/{pat_id}/repositories | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| DELETE/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id} | write | UAT IAT | |
| DELETE/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id} | write | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/repos/{owner}/{repo}/attestations | write | UAT IAT | |
| GET/repos/{owner}/{repo}/attestations/{subject_digest} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| GET/repos/{owner}/{repo}/codespaces/devcontainers | read | UAT IAT | |
| GET/repos/{owner}/{repo}/codespaces/machines | read | UAT IAT | |
| GET/user/codespaces/{codespace_name}/machines | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/repos/{owner}/{repo}/statuses/{sha} | write | UAT IAT | |
| GET/repos/{owner}/{repo}/commits/{ref}/status | read | UAT IAT | |
| GET/repos/{owner}/{repo}/commits/{ref}/statuses | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| /repos/{owner}/{repo}/properties/values | write | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| /repos/{owner}/{repo}/dependabot/alerts/{alert_number} | write | UAT IAT | |
| GET/orgs/{org}/dependabot/alerts | read | UAT IAT | |
| GET/repos/{owner}/{repo}/dependabot/alerts | read | UAT IAT | |
| GET/repos/{owner}/{repo}/dependabot/alerts/{alert_number} | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| PUT/user/blocks/{username} | write | UAT | |
| DELETE/user/blocks/{username} | write | UAT | |
| GET/user/blocks | read | UAT | |
| GET/user/blocks/{username} | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| /user/email/visibility | write | UAT | |
| POST/user/emails | write | UAT | |
| DELETE/user/emails | write | UAT | |
| GET/user/emails | read | UAT | |
| GET/user/public_emails | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| PUT/user/following/{username} | write | UAT | |
| DELETE/user/following/{username} | write | UAT | |
| GET/user/followers | read | UAT | |
| GET/user/following | read | UAT | |
| GET/user/following/{username} | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/user/gpg_keys | write | UAT | |
| DELETE/user/gpg_keys/{gpg_key_id} | write | UAT | |
| GET/user/gpg_keys | read | UAT | |
| GET/user/gpg_keys/{gpg_key_id} | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/gists | write | UAT | |
| /gists/{gist_id} | write | UAT | |
| DELETE/gists/{gist_id} | write | UAT | |
| POST/gists/{gist_id}/comments | write | UAT | |
| /gists/{gist_id}/comments/{comment_id} | write | UAT | |
| DELETE/gists/{gist_id}/comments/{comment_id} | write | UAT | |
| POST/gists/{gist_id}/forks | write | UAT | |
| PUT/gists/{gist_id}/star | write | UAT | |
| DELETE/gists/{gist_id}/star | write | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/user/keys | write | UAT | |
| DELETE/user/keys/{key_id} | write | UAT | |
| GET/user/keys | read | UAT | |
| GET/user/keys/{key_id} | read | UAT | |
| GET/users/{username}/keys | read | UAT IAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| PUT/user/interaction-limits | write | UAT | |
| DELETE/user/interaction-limits | write | UAT | |
| GET/user/interaction-limits | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| GET/users/{username}/settings/billing/actions | read | UAT | |
| GET/users/{username}/settings/billing/packages | read | UAT | |
| GET/users/{username}/settings/billing/shared-storage | read | UAT | |
| GET/users/{username}/settings/billing/usage | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| /user | write | UAT | |
| POST/user/social_accounts | write | UAT | |
| DELETE/user/social_accounts | write | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| POST/user/ssh_signing_keys | write | UAT | |
| DELETE/user/ssh_signing_keys/{ssh_signing_key_id} | write | UAT | |
| GET/user/ssh_signing_keys | read | UAT | |
| GET/user/ssh_signing_keys/{ssh_signing_key_id} | read | UAT |
| Endpoint | Access | Token types | Additional permissions |
|---|---|---|---|
| GET/user/subscriptions | read | UAT | |
| GET/users/{username}/subscriptions | read | UAT IAT |