Adds a team as a security manager for an organization. For more information, see "Managing security for an organization for an organization." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
Assigns an organization role to a team in an organization. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Assigns an organization role to a member of an organization. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Cancel an organization invitation. In order to cancel an organization invitation, the authenticated user must be an organization owner. This endpoint triggers notifications.
Returns a 204 if the given user is blocked by the given organization. Returns a 404 if the organization is not blocking the user, or if the user account has been identified as spam by GitHub.
When an organization member is converted to an outside collaborator, they’ll only have access to the repositories that their current team membership allows. The user will no longer be a member of the organization. For more information, see "Converting an organization member to an outside collaborator". Converting an organization member to an outside collaborator may be restricted by enterprise administrators. For more information, see "Enforcing repository management policies in your enterprise."
Creates a custom organization role that can be assigned to users and teams, granting them specific permissions over the organization. For more information on custom organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of write_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Invite people to an organization by using their GitHub user ID or their email address. In order to create invitations in an organization, the authenticated user must be an organization owner. This endpoint triggers notifications. Creating content too quickly using this endpoint may result in secondary rate limiting. For more information, see "Rate limits for the API" and "Best practices for using the REST API."
Creates new or updates existing custom properties defined for an organization in a batch. To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permission of custom_properties_org_definitions_manager in the organization.
Create new or update existing custom property values for repositories in a batch that belong to an organization. Each target repository will have its custom property values updated to match the values provided in the request. A maximum of 30 repositories can be updated in a single request. Using a value of null for a custom property will remove or ‘unset’ the property value from the repository. To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permission of custom_properties_org_values_editor in the organization.
Creates a new or updates an existing custom property that is defined for an organization. To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permission of custom_properties_org_definitions_manager in the organization.
Create a hook that posts payloads in JSON format. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Deletes an organization and all its repositories. The organization login will be unavailable for 90 days after deletion. Please review the Terms of Service regarding account deletion before using this endpoint: https://docs.github.com/site-policy/github-terms/github-terms-of-service
Deletes a custom organization role. For more information on custom organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of write_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Enables or disables the specified security feature for all eligible repositories in an organization. For more information, see "Managing security managers in your organization." The authenticated user must be an organization owner or be member of a team with the security manager role to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
Gets information about an organization. When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication. To see the full details about an organization, the authenticated user must be an organization owner. The values returned by this endpoint are set by the "Update an organization" endpoint. If your organization set a default security configuration (beta), the following values retrieved from the "Update an organization" endpoint have been overwritten by that configuration: - advanced_security_enabled_for_new_repositories - dependabot_alerts_enabled_for_new_repositories - dependabot_security_updates_enabled_for_new_repositories - dependency_graph_enabled_for_new_repositories - secret_scanning_enabled_for_new_repositories - secret_scanning_push_protection_enabled_for_new_repositories For more information on security configurations, see "Enabling security features at scale." OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization. To see information about an organization’s GitHub plan, GitHub Apps need the Organization plan permission.
If the authenticated user is an active or pending member of the organization, this endpoint will return the user’s membership. If the authenticated user is not affiliated with the organization, a 404 is returned. This endpoint will return a 403 if the request is made by a GitHub App that is blocked by the organization.
In order to get a user’s membership with an organization, the authenticated user must be an organization member. The state parameter in the response can be used to identify the user’s membership status.
Gets an organization role that is available to this organization. For more information on organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of read_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Returns a webhook configured in an organization. To get only the webhook config properties, see "Get a webhook configuration for an organization. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Returns the webhook configuration for an organization. To get more information about the webhook, including the active state and events, use "Get an organization webhook ." You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Returns a delivery for a webhook configured in an organization. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Lists all organizations, in the order that they were created. Note: Pagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of organizations.
Lists all GitHub Apps in an organization. The installation count includes all GitHub Apps installed on repositories in the organization. The authenticated user must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:read scope to use this endpoint.
List organizations for the authenticated user. For OAuth app tokens and personal access tokens (classic), this endpoint only lists organizations that your authorization allows you to operate on in some way (e.g., you can list teams with read:org scope, you can publicize your organization membership with user scope, etc.). Therefore, this API requires at least user or read:org scope for OAuth app tokens and personal access tokens (classic). Requests with insufficient scope will receive a 403 Forbidden response.
List public organization memberships for the specified user. This method only lists public memberships, regardless of authentication. If you need to fetch all of the organization memberships (public and private) for the authenticated user, use the List organizations for the authenticated user API instead.
List all users who are members of an organization. If the authenticated user is also a member of this organization then both concealed and public members will be returned.
Lists the teams that are assigned to an organization role. For more information on organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, you must be an administrator for the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists organization members that are assigned to an organization role. For more information on organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, you must be an administrator for the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists the organization roles available in this organization. For more information on organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of read_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists the fine-grained permissions that can be used in custom organization roles for an organization. For more information, see "Managing people’s access to your organization with roles." To list the fine-grained permissions that can be used in custom repository roles for an organization, see "List repository fine-grained permissions for an organization." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of read_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists requests from organization members to access organization resources with a fine-grained personal access token. Only GitHub Apps can use this endpoint.
Lists approved fine-grained personal access tokens owned by organization members that can access organization resources. Only GitHub Apps can use this endpoint.
The return hash contains a role field which refers to the Organization Invitation role and will be one of the following values: direct_member, admin, billing_manager, or hiring_manager. If the invitee is not a GitHub member, the login field in the return hash will be null.
Lists teams that are security managers for an organization. For more information, see "Managing security managers in your organization." The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.
Returns a list of webhook deliveries for a webhook configured in an organization. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Updates an existing custom organization role. Permission changes will apply to all assignees. For more information on custom organization roles, see "Managing people’s access to your organization with roles." To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permissions of write_organization_custom_org_role in the organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
This will trigger a ping event to be sent to the hook. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Redeliver a delivery for a webhook configured in an organization. You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Removes a custom property that is defined for an organization. To use this endpoint, the authenticated user must be one of: - An administrator for the organization. - A user, or a user on a team, with the fine-grained permission of custom_properties_org_definitions_manager in the organization.
In order to remove a user’s membership with an organization, the authenticated user must be an organization owner. If the specified user is an active member of the organization, this will remove them from the organization. If the specified user has been invited to the organization, this will cancel their invitation. The specified user will receive an email notification in both cases.
Removes the security manager role from a team for an organization. For more information, see "Managing security managers in your organization team from an organization." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Approves or denies a pending request to access organization resources via a fine-grained personal access token. Only GitHub Apps can use this endpoint.
Approves or denies multiple pending requests to access organization resources via a fine-grained personal access token. Only GitHub Apps can use this endpoint.
Removes all assigned organization roles from a team. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Revokes all assigned organization roles from a user. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Removes an organization role from a team. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Remove an organization role from a user. For more information on organization roles, see "Managing people’s access to your organization with roles." The authenticated user must be an administrator for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Only authenticated organization owners can add a member to the organization or update the member’s role. * If the authenticated user is adding a member to the organization, the invited user will receive an email inviting them to the organization. The user’s membership status will be pending until they accept the invitation. * Authenticated users can update a user’s membership by passing the role parameter. If the authenticated user changes a member’s role to admin, the affected user will receive an email notifying them that they’ve been made an organization owner. If the authenticated user changes an owner’s role to member, no email will be sent. Rate limits To prevent abuse, the authenticated user is limited to 50 organization invitations per 24 hour period. If the organization is more than one month old or on a paid plan, the limit is 500 invitations per 24 hour period.
The user can publicize their own membership. (A user cannot publicize the membership for another user.) Note that you’ll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP method."
Parameter Deprecation Notice: GitHub will replace and discontinue members_allowed_repository_creation_type in favor of more granular permissions. The new input parameters are members_can_create_public_repositories, members_can_create_private_repositories for all organizations and members_can_create_internal_repositories for organizations associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. For more information, see the blog post. Updates the organization’s profile and member privileges. With security configurations (beta), your organization can choose a default security configuration which will automatically apply a set of security enablement settings to new repositories in your organization based on their visibility. For targeted repositories, the following attributes will be overridden by the default security configuration: - advanced_security_enabled_for_new_repositories - dependabot_alerts_enabled_for_new_repositories - dependabot_security_updates_enabled_for_new_repositories - dependency_graph_enabled_for_new_repositories - secret_scanning_enabled_for_new_repositories - secret_scanning_push_protection_enabled_for_new_repositories For more information on setting a default security configuration, see "Enabling security features at scale." The authenticated user must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:org or repo scope to use this endpoint.
Updates the access an organization member has to organization resources via a fine-grained personal access token. Limited to revoking the token’s existing access. Limited to revoking a token’s existing access. Only GitHub Apps can use this endpoint.
Updates the access organization members have to organization resources via fine-grained personal access tokens. Limited to revoking a token’s existing access. Only GitHub Apps can use this endpoint.
Updates a webhook configured in an organization. When you update a webhook, the secret will be overwritten. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "Update a webhook configuration for an organization". You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Updates the webhook configuration for an organization. To update more information about the webhook, including the active state and events, use "Update an organization webhook ." You must be an organization owner to use this endpoint. OAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit webhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.