POST /applications/{client_id}/token/scoped
Use a non-scoped user access token to create a repository-scoped and/or permission-scoped user access token. You can specify which repositories the token can access and which permissions are granted to the token.
Invalid tokens will return 404 NOT FOUND.
Servers
- https://api.github.com
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
client_id |
String | Yes |
The client ID of the GitHub app. |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
repositories[] |
Array | No |
The list of repository names to scope the user access token to. |
target |
String | No |
The name of the user or organization to scope the user access token to. Required unless |
repository_ids[] |
Array | No |
The list of repository IDs to scope the user access token to. |
permissions |
Object | No |
The permissions granted to the user access token. |
permissions.members |
String | No |
The level of permission to grant the access token for organization teams and members. Possible values:
|
permissions.organization_events |
String | No |
The level of permission to grant the access token to view events triggered by an activity in an organization. Possible values:
|
permissions.organization_secrets |
String | No |
The level of permission to grant the access token to manage organization secrets. Possible values:
|
permissions.organization_custom_properties |
String | No |
The level of permission to grant the access token for custom property management. Possible values:
|
permissions.organization_announcement_banners |
String | No |
The level of permission to grant the access token to view and manage announcement banners for an organization. Possible values:
|
permissions.metadata |
String | No |
The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Possible values:
|
permissions.single_file |
String | No |
The level of permission to grant the access token to manage just a single file. Possible values:
|
permissions.administration |
String | No |
The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Possible values:
|
permissions.statuses |
String | No |
The level of permission to grant the access token for commit statuses. Possible values:
|
permissions.starring |
String | No |
The level of permission to grant the access token to list and manage repositories a user is starring. Possible values:
|
permissions.organization_copilot_seat_management |
String | No |
The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change. Possible values:
|
permissions.organization_projects |
String | No |
The level of permission to grant the access token to manage organization projects and projects public preview (where available). Possible values:
|
permissions.profile |
String | No |
The level of permission to grant the access token to manage the profile settings belonging to a user. Possible values:
|
permissions.repository_custom_properties |
String | No |
The level of permission to grant the access token to view and edit custom properties for a repository, when allowed by the property. Possible values:
|
permissions.organization_packages |
String | No |
The level of permission to grant the access token for organization packages published to GitHub Packages. Possible values:
|
permissions.secrets |
String | No |
The level of permission to grant the access token to manage repository secrets. Possible values:
|
permissions.workflows |
String | No |
The level of permission to grant the access token to update GitHub Actions workflow files. Possible values:
|
permissions.organization_plan |
String | No |
The level of permission to grant the access token for viewing an organization's plan. Possible values:
|
permissions.issues |
String | No |
The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Possible values:
|
permissions.pull_requests |
String | No |
The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. Possible values:
|
permissions.repository_projects |
String | No |
The level of permission to grant the access token to manage repository projects, columns, and cards. Possible values:
|
permissions.vulnerability_alerts |
String | No |
The level of permission to grant the access token to manage Dependabot alerts. Possible values:
|
permissions.organization_custom_roles |
String | No |
The level of permission to grant the access token for custom repository roles management. Possible values:
|
permissions.secret_scanning_alerts |
String | No |
The level of permission to grant the access token to view and manage secret scanning alerts. Possible values:
|
permissions.organization_hooks |
String | No |
The level of permission to grant the access token to manage the post-receive hooks for an organization. Possible values:
|
permissions.organization_user_blocking |
String | No |
The level of permission to grant the access token to view and manage users blocked by the organization. Possible values:
|
permissions.organization_personal_access_token_requests |
String | No |
The level of permission to grant the access token for viewing and managing fine-grained personal access tokens that have been approved by an organization. Possible values:
|
permissions.contents |
String | No |
The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Possible values:
|
permissions.security_events |
String | No |
The level of permission to grant the access token to view and manage security events like code scanning alerts. Possible values:
|
permissions.packages |
String | No |
The level of permission to grant the access token for packages published to GitHub Packages. Possible values:
|
permissions.git_ssh_keys |
String | No |
The level of permission to grant the access token to manage git SSH keys. Possible values:
|
permissions.interaction_limits |
String | No |
The level of permission to grant the access token to view and manage interaction limits on a repository. Possible values:
|
permissions.organization_administration |
String | No |
The level of permission to grant the access token to manage access to an organization. Possible values:
|
permissions.gpg_keys |
String | No |
The level of permission to grant the access token to view and manage GPG keys belonging to a user. Possible values:
|
permissions.email_addresses |
String | No |
The level of permission to grant the access token to manage the email addresses belonging to a user. Possible values:
|
permissions.organization_self_hosted_runners |
String | No |
The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. Possible values:
|
permissions.followers |
String | No |
The level of permission to grant the access token to manage the followers belonging to a user. Possible values:
|
permissions.pages |
String | No |
The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. Possible values:
|
permissions.environments |
String | No |
The level of permission to grant the access token for managing repository environments. Possible values:
|
permissions.actions |
String | No |
The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Possible values:
|
permissions.team_discussions |
String | No |
The level of permission to grant the access token to manage team discussions and related comments. Possible values:
|
permissions.checks |
String | No |
The level of permission to grant the access token for checks on code. Possible values:
|
permissions.dependabot_secrets |
String | No |
The level of permission to grant the access token to manage Dependabot secrets. Possible values:
|
permissions.organization_custom_org_roles |
String | No |
The level of permission to grant the access token for custom organization roles management. Possible values:
|
permissions.codespaces |
String | No |
The level of permission to grant the access token to create, edit, delete, and list Codespaces. Possible values:
|
permissions.repository_hooks |
String | No |
The level of permission to grant the access token to manage the post-receive hooks for a repository. Possible values:
|
permissions.deployments |
String | No |
The level of permission to grant the access token for deployments and deployment statuses. Possible values:
|
permissions.organization_personal_access_tokens |
String | No |
The level of permission to grant the access token for viewing and managing fine-grained personal access token requests to an organization. Possible values:
|
access_token |
String | Yes |
The access token used to authenticate to the GitHub API. |
target_id |
Integer | No |
The ID of the user or organization to scope the user access token to. Required unless |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.