REST-API-Endpunkte für OAuth-Autorisierungen

Informationen zu OAuth apps und OAuth-Autorisierungen von GitHub Apps

Sie können diese Endpunkte verwenden, um die OAuth-Token zu verwalten, die OAuth apps oder GitHub Apps für den Zugriff auf die Konten von Personen auf GitHub verwenden.

Token für OAuth apps weisen das Präfix gho_ auf, während OAuth-Token für GitHub Apps, die für die Authentifizierung im Namen des Benutzers verwendet werden, das Präfix ghu_ aufweisen. Du kannst die folgenden Endpunkte für beide Typen von OAuth-Token verwenden.

Delete an app authorization

OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

basic_auth_heading

basic_auth

Parameter für "Delete an app authorization"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`client_id` string Erforderlich The client ID of the GitHub app.

Körperparameter
Name, Typ, BESCHREIBUNG
`access_token` string Erforderlich The OAuth access token used to authenticate to the GitHub API.

http_status_code

status_code	BESCHREIBUNG
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

delete/applications/{client_id}/grant

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/grant \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Check a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND.

basic_auth_heading

basic_auth

Parameter für "Check a token"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`client_id` string Erforderlich The client ID of the GitHub app.

Körperparameter
Name, Typ, BESCHREIBUNG
`access_token` string Erforderlich The access_token of the OAuth or GitHub application.

http_status_code

status_code	BESCHREIBUNG
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

post/applications/{client_id}/token

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://api.github.com/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

Reset a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND.

basic_auth_heading

basic_auth

Parameter für "Reset a token"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`client_id` string Erforderlich The client ID of the GitHub app.

Körperparameter
Name, Typ, BESCHREIBUNG
`access_token` string Erforderlich The access_token of the OAuth or GitHub application.

http_status_code

status_code	BESCHREIBUNG
`200`	OK
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

patch/applications/{client_id}/token

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://api.github.com/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`client_id` string Erforderlich The client ID of the GitHub app.

Körperparameter
Name, Typ, BESCHREIBUNG
`access_token` string Erforderlich The OAuth access token used to authenticate to the GitHub API.

http_status_code

status_code	BESCHREIBUNG
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

delete/applications/{client_id}/token

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

REST-API-Endpunkte für OAuth-Autorisierungen

Informationen zu OAuth apps und OAuth-Autorisierungen von GitHub Apps

Delete an app authorization

basic_auth_heading

Parameter für "Delete an app authorization"

http_status_code

code_samples

request_example

Response

Check a token

basic_auth_heading

Parameter für "Check a token"

http_status_code

code_samples

request_example

Response

Reset a token

basic_auth_heading

Parameter für "Reset a token"

http_status_code

code_samples

request_example

Response

Delete an app token

basic_auth_heading

Parameter für "Delete an app token"

http_status_code

code_samples

request_example

Response