Github API - First Steps

Created: 2020-02-07 | 4 min

First steps with Github API, looking at the official docs, executing some APIs and discovering what I can do with that.


Currently, the company I am working with uses Github as git repository/platform. Code reviews, documentation, merges and other stuff going through there. It's going great.

I am curious about what else we can do using Github API, what pieces of the whole development process we can automate. So, this article is about Github API, what I know, what I learned, what I find useful.

I may use the outcome of this (quick) research not only for this company, but anything else that may help other problems/opportunities that, right now, I can't even imagine.


This is the list of things this article/research will cover:


Docs! Lets see how they explain their API in their documentation and see how easy (or complex) is to understand what we can achieve with it.


This guide has very clear examples of how to call the API, like this one that doesn't require any auth information and reads all public data from any github user using cURL:

$ curl
  "login": "ckinan",
  "id": 7999613,
  "node_id": "MDQ6VXNlcjc5OTk2MTM=",
  "avatar_url": "",
  "gravatar_id": "",
  "url": "",
  "html_url": "",
  "followers_url": "",
  "following_url": "{/other_user}",
  "gists_url": "{/gist_id}",
  "starred_url": "{/owner}{/repo}",
  "subscriptions_url": "",
  "organizations_url": "",
  "repos_url": "",
  "events_url": "{/privacy}",
  "received_events_url": "",
  "type": "User",
  "site_admin": false,
  "name": "Cesar Kina",
  "company": null,
  "blog": "",
  "location": "Lima, Peru",
  "email": null,
  "hireable": null,
  "bio": "software developer",
  "public_repos": 22,
  "public_gists": 1,
  "followers": 3,
  "following": 7,
  "created_at": "2014-06-26T20:18:31Z",
  "updated_at": "2020-02-08T00:08:38Z"

However, like any other API, it has a limited number of requests that any client can make to the API without being authenticated. Quoting:

Unauthenticated clients can make 60 requests per hour. To get more requests per hour, we'll need to authenticate. In fact, doing anything interesting with the GitHub API requires authentication.

#Authentication types

Basically, 2 options:

Option #1: Using personal access tokens:

The easiest and best way to authenticate with the GitHub API is by using Basic Authentication via OAuth tokens. OAuth tokens include personal access tokens.


curl -i -u <your_username>:<your_access_token>

Provide privileges to your token to read your repos.

Option #2: Using OAuth tokens for apps :

Apps that need to read or write private information using the API on behalf of another user should use OAuth.


All the endpoints of the API in their documentation have examples of the calls, details of the input parameters and show how the return payload should look like, which is pretty good.

Ref (overview of the API):

Docs give the endpoints paths like this (not the full url).

Example of user repos: GET /user/repos

These are just 3 of the endpoints I tried out using a personal access token I've created:

Here more details about each of them:

#Get repos

Endpoint: GET /user/repos



$ curl -i -u <your_username>:<your_access_token>

#Get pull requests

Endpoint: GET /repos/:owner/:repo/pulls


$ curl -i -u <your_username>:<your_access_token>

Parameters are also available, like state in the example above to list "Either open, closed, or all to filter by state. Default: open"

#List reviews of a pull request

Endpoint: GET /repos/:owner/:repo/pulls/:pull_number/reviews


$ curl -i -u <your_username>:<your_access_token>

This is interesting, because you can see who submitted the review, whether this review refers to a comment only, request changes or approval.

#Final thoughts

Github has a great documentation, at least for a person who is obviously just trying to get used to the API (like me).

For sure, using personal access token is easier to get used to the API. You just need to create one by going to your Settings and include your token in your calls. But, depending on the use case, it may be annoying to ask all users to create another token to make the application working, in that case, OAuth tokens for apps seems to be a better option, so that application can get authorization on behalf of the user who is logging in without explicitly creating a personal access token.

I will have another space to continue this investigation, where I'd like to see more about OAuth tokens for apps, and play with the endpoint to read pull requests.