GET /repos/{owner}/{repo}/commits/{ref}
Returns the contents of a single commit reference. You must have read access for the repository to use this endpoint.
[!NOTE] If there are more than 300 files in the commit diff and the default JSON media type is requested, the response will include pagination link headers for the remaining files, up to a limit of 3000 files. Each page contains the static commit information, and the only changes are to the file listing.
This endpoint supports the following custom media types. For more information, see "Media types." Pagination query parameters are not supported for these media types.
application/vnd.github.diff: Returns the diff of the commit. Larger diffs may time out and return a 5xx status code.application/vnd.github.patch: Returns the patch of the commit. Diffs with binary data will have nopatchproperty. Larger diffs may time out and return a 5xx status code.application/vnd.github.sha: Returns the commit's SHA-1 hash. You can use this endpoint to check if a remote reference's SHA-1 hash is the same as your local reference's SHA-1 hash by providing the local SHA-1 reference as the ETag.
Signature verification object
The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:
| Name | Type | Description |
|---|---|---|
verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. |
reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. |
signature | string | The signature that was extracted from the commit. |
payload | string | The value that was signed. |
verified_at | string | The date the signature was verified by GitHub. |
These are the possible values for reason in the verification object:
| Value | Description |
|---|---|
expired_key | The key that made the signature is expired. |
not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error | There was an error communicating with the signature verification service. |
gpgverify_unavailable | The signature verification service is currently unavailable. |
unsigned | The object does not include a signature. |
unknown_signature_type | A non-PGP signature was found in the commit. |
no_user | No user was associated with the committer email address in the commit. |
unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. |
bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key | The key that made the signature has not been registered with any user's account. |
malformed_signature | There was an error parsing the signature. |
invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid | None of the above errors applied, so the signature is considered to be verified. |
Servers
- https://api.github.com
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
repo |
String | Yes |
The name of the repository without the |
ref |
String | Yes |
The commit reference. Can be a commit SHA, branch name ( |
owner |
String | Yes |
The account owner of the repository. The name is not case sensitive. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
page |
Integer | No |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default value: 1 |
per_page |
Integer | No |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default value: 30 |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.