User Administration
- Create a new user
- Rename an existing user
- Delete a user
- Create an impersonation OAuth token
- Delete an impersonation OAuth token
- Promote an ordinary user to a site administrator
- Demote a site administrator to an ordinary user
- Suspend a user
- Unsuspend a user
- List all public keys
- Delete a public key
- List personal access tokens
- Delete a personal access token
The User Administration API allows you to promote, demote, suspend, and unsuspend users on a GitHub Enterprise Server appliance. It is only available to authenticated site administrators. Normal users will receive a 403 response if they try to access it.
Prefix all the endpoints for this API with the following URL:
http(s)://hostname/api/v3
Create a new user
If an external authentication mechanism is used, the login name should match the login name in the external system. If you are using LDAP authentication, you should also update the LDAP mapping for the user.
POST /admin/users
Parameters
| Name | Type | Description |
|---|---|---|
login |
string |
Required. The user's username. |
email |
string |
Required for built-in authentication. The user's email address. This parameter can be omitted when using CAS, LDAP, or SAML. For details on built-in and centrally-managed authentication, see the the GitHub Enterprise Server authentication guide. |
The login name will be normalized to only contain alphanumeric characters or
single hyphens. For example, if you send "octo_cat" as the login, a user named
"octo-cat" will be created.
If the login name or email address is already associated with an account, the server will return a 422 response.
Example
{
"login": "monalisa",
"email": "octocat@github.com"
}
Response
Status: 201 Created
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
Rename an existing user
PATCH /admin/users/:username
Parameters
| Name | Type | Description |
|---|---|---|
login |
string |
Required. The user's new username. |
Example
{
"login": "thenewmonalisa"
}
Response
Status: 202 Accepted
{
"message": "Job queued to rename user. It may take a few minutes to complete.",
"url": "https://api.github.com/user/1"
}
Delete a user
Deleting a user will delete all their repositories, gists, applications, and personal settings. Suspending a user is often a better option.
DELETE /admin/users/:username
You can delete any user account except your own.
Response
Status: 204 No Content
Create an impersonation OAuth token
POST /admin/users/:username/authorizations
Parameters
| Name | Type | Description |
|---|---|---|
scopes |
array |
A list of scopes. |
Response
Status: 201 Created
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo"
],
"token": "abcdefgh12345678",
"token_last_eight": "12345678",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "abcde12345fghij67890"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678"
}
Delete an impersonation OAuth token
DELETE /admin/users/:username/authorizations
Response
Status: 204 No Content
Promote an ordinary user to a site administrator
PUT /users/:username/site_admin
Note that you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."
Response
Status: 204 No Content
Demote a site administrator to an ordinary user
DELETE /users/:username/site_admin
You can demote any user account except your own.
Response
Status: 204 No Content
Suspend a user
If your GitHub Enterprise Server instance uses LDAP Sync with Active Directory LDAP servers, Active Directory LDAP-authenticated users cannot be suspended through this API. If you attempt to suspend an Active Directory LDAP-authenticated user through this API, it will return a 403 response.
PUT /users/:username/suspended
You can suspend any user account except your own.
Parameters
| Name | Type | Description |
|---|---|---|
reason |
string |
The reason the user is being suspended. This message will be logged in the audit log. If you don't provide a reason, it will default to "Suspended via API by SITE_ADMINISTRATOR", where SITE_ADMINISTRATOR is the person who performed the action. |
Note that, if you choose not to pass any parameters, you'll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP verbs."
Response
Status: 204 No Content
Unsuspend a user
If your GitHub Enterprise Server instance uses LDAP Sync with Active Directory LDAP servers, this API is disabled and will return a 403 response. Active Directory LDAP-authenticated users cannot be unsuspended using the API.
DELETE /users/:username/suspended
Parameters
| Name | Type | Description |
|---|---|---|
reason |
string |
The reason the user is being unsuspended. This message will be logged in the audit log. If you don't provide a reason, it will default to "Unsuspended via API by SITE_ADMINISTRATOR", where SITE_ADMINISTRATOR is the person who performed the action. |
Response
Status: 204 No Content
List all public keys
GET /admin/keys
Response
Status: 200 OK
Link: <https://api.github.com/resource?page=2>; rel="next",
<https://api.github.com/resource?page=5>; rel="last"
[
{
"key_id": "012345678912345678",
"key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234",
"user_id": 232,
"repository_id": null
},
{
"key_id": "012345678912345678",
"key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234",
"user_id": null,
"repository_id": 2333,
"id": "2",
"url": "https://api.github.com/repos/octocat/Hello-World/keys/2"
}
]
Delete a public key
DELETE /admin/keys/:key_ids
Response
Status: 204 No Content
List personal access tokens
Lists personal access tokens for all users, including admin users.
GET /admin/tokens
Response
Status: 200 OK
Link: <https://api.github.com/resource?page=2>; rel="next",
<https://api.github.com/resource?page=5>; rel="last"
[
{
"id": 2,
"url": "https://enterprise.octocat.com/api/v3/authorizations/2",
"app": {
"name": "My personal access token",
"url": "https://developer.github.com/enterprise/v3/enterprise-admin/users/#list-personal-access-tokens",
"client_id": "00000000000000000000"
},
"token": "",
"hashed_token": "23cffb2fab1b0a62747863eba88cb9327e561f2f7a0c8661c0d9b83146cb8d45",
"token_last_eight": "848f9f8a",
"note": "My personal access token",
"note_url": null,
"created_at": "2019-04-24T21:49:02Z",
"updated_at": "2019-04-24T21:49:02Z",
"scopes": [
"admin:business",
"admin:gpg_key",
"admin:org",
"admin:org_hook",
"admin:pre_receive_hook",
"admin:public_key",
"admin:repo_hook",
"delete_repo",
"gist",
"notifications",
"repo",
"user",
"write:discussion"
],
"fingerprint": null
}
]
Delete a personal access token
Deletes a personal access token. Returns a 403 - Forbidden status when a personal access token is in use. For example, if you access this endpoint with the same personal access token that you are trying to delete, you will receive this error.
DELETE /admin/tokens/:token_id
Response
Status: 204 No Content