diff --git a/descriptions/api.github.com/api.github.com.2022-11-28.json b/descriptions/api.github.com/api.github.com.2022-11-28.json index bd9247f37..a4247c099 100644 --- a/descriptions/api.github.com/api.github.com.2022-11-28.json +++ b/descriptions/api.github.com/api.github.com.2022-11-28.json @@ -60790,7 +60790,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -60851,7 +60851,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -122586,7 +122586,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -122594,6 +122596,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions/api.github.com/api.github.com.2022-11-28.yaml b/descriptions/api.github.com/api.github.com.2022-11-28.yaml index da14ecb45..44d6d966d 100644 --- a/descriptions/api.github.com/api.github.com.2022-11-28.yaml +++ b/descriptions/api.github.com/api.github.com.2022-11-28.yaml @@ -44833,7 +44833,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -44878,7 +44878,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -89682,10 +89682,22 @@ components: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions/api.github.com/api.github.com.2026-03-10.json b/descriptions/api.github.com/api.github.com.2026-03-10.json index 033473a33..e0d639be9 100644 --- a/descriptions/api.github.com/api.github.com.2026-03-10.json +++ b/descriptions/api.github.com/api.github.com.2026-03-10.json @@ -60717,7 +60717,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -60778,7 +60778,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -122095,7 +122095,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -122103,6 +122105,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions/api.github.com/api.github.com.2026-03-10.yaml b/descriptions/api.github.com/api.github.com.2026-03-10.yaml index 76650f322..c587a9a28 100644 --- a/descriptions/api.github.com/api.github.com.2026-03-10.yaml +++ b/descriptions/api.github.com/api.github.com.2026-03-10.yaml @@ -44773,7 +44773,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -44818,7 +44818,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -89295,10 +89295,22 @@ components: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions/api.github.com/api.github.com.json b/descriptions/api.github.com/api.github.com.json index 0d2c51469..7852fd4c0 100644 --- a/descriptions/api.github.com/api.github.com.json +++ b/descriptions/api.github.com/api.github.com.json @@ -61059,7 +61059,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -61120,7 +61120,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -123326,7 +123326,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -123334,6 +123336,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions/api.github.com/api.github.com.yaml b/descriptions/api.github.com/api.github.com.yaml index 20c8bdeff..c965ac98b 100644 --- a/descriptions/api.github.com/api.github.com.yaml +++ b/descriptions/api.github.com/api.github.com.yaml @@ -45001,7 +45001,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -45046,7 +45046,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -90166,10 +90166,22 @@ components: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json index 37716f051..99f4f24cc 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json +++ b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json @@ -77273,7 +77273,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -77281,6 +77283,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -385719,7 +385731,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -385922,7 +385934,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml index 932dbff6d..0332a2dad 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml +++ b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml @@ -21981,10 +21981,22 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -85688,7 +85700,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -85745,7 +85757,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json b/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json index dfe47b84c..47e5caeb8 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json +++ b/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json @@ -73911,7 +73911,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -73919,6 +73921,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -378974,7 +378986,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -379177,7 +379189,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml b/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml index fb14bd600..2e9db6d89 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml +++ b/descriptions/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml @@ -21675,10 +21675,22 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -85254,7 +85266,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -85311,7 +85323,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions/api.github.com/dereferenced/api.github.com.deref.json b/descriptions/api.github.com/dereferenced/api.github.com.deref.json index 1768a848c..e96962eb4 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.deref.json +++ b/descriptions/api.github.com/dereferenced/api.github.com.deref.json @@ -78738,7 +78738,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -78746,6 +78748,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -394486,7 +394498,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -394689,7 +394701,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml b/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml index 553d52543..3b142daaf 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml +++ b/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml @@ -22246,10 +22246,22 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -86376,7 +86388,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -86433,7 +86445,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json index 4c12f0fd9..e4f361453 100644 --- a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json +++ b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json @@ -48955,6 +48955,213 @@ } } }, + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": { + "post": { + "summary": "Revoke credential authorizations for a user in an enterprise", + "description": "Revokes all credential authorizations for a single user within the enterprise.\nThis includes any credential authorizations the user has across all organizations\nin the enterprise.\n\nFor Enterprise Managed User (EMU) enterprises, you can optionally also destroy all\ncredentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting\nthe `revoke_credentials` parameter to `true`.\n\nThis operation is performed asynchronously. A background job will be queued to process\nthe revocations.\n\n> [!WARNING]\n> If you use a personal access token to call this endpoint and target yourself, that\n> token may also be revoked or destroyed as part of this operation.\n\nThe authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint.", + "tags": [ + "enterprise-admin" + ], + "operationId": "enterprise-admin/revoke-credential-authorizations-for-user", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "username", + "description": "The handle for the GitHub user account.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "revoke_credentials": { + "type": "boolean", + "description": "Whether to also destroy the actual credentials (PATs and SSH keys) owned by\nthe user. This option is only available for Enterprise Managed User (EMU)\nenterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned\nby the user will be destroyed in addition to the credential authorizations.", + "default": false + } + } + }, + "examples": { + "default": { + "value": { + "revoke_credentials": false + } + }, + "emu_with_credential_revocation": { + "summary": "EMU enterprise with credential revocation", + "value": { + "revoke_credentials": true + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - The revocation request has been queued", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message indicating the revocation has been queued" + }, + "warning": { + "type": "string", + "description": "A warning message if the token used for this request may be revoked" + } + } + }, + "examples": { + "default": { + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued" + } + }, + "with_authorization_revoked_warning": { + "summary": "Warning when the calling token may have its authorization revoked", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also have its authorization revoked as part of this operation" + } + }, + "with_credential_destroyed_warning": { + "summary": "Warning when the calling token may be destroyed (EMU with `revoke_credentials`)", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also be destroyed as part of this operation" + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + }, + "examples": { + "non_emu_enterprise": { + "summary": "`revoke_credentials` requested on a non-EMU enterprise", + "value": { + "message": "The `revoke_credentials` option is only available for Enterprise Managed User (EMU) enterprises", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + }, + "first_emu_owner": { + "summary": "Target user is the first EMU owner", + "value": { + "message": "The first EMU owner cannot be targeted for credential revocation.", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": true, + "enabledForGitHubApps": true, + "category": "enterprise-admin", + "subcategory": "credential-authorizations" + } + } + }, "/enterprises/{enterprise}/dependabot/alerts": { "get": { "summary": "List Dependabot alerts for an enterprise", @@ -72841,7 +73048,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -72849,6 +73058,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -175153,7 +175372,7 @@ "/orgs/{org}/credential-authorizations": { "get": { "summary": "List SAML SSO authorizations for an organization", - "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", + "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -175222,13 +175441,19 @@ }, "credential_type": { "type": "string", - "example": "SSH Key", - "description": "Human-readable description of the credential type." + "example": "SSH key", + "description": "Human-readable description of the credential type.", + "enum": [ + "personal access token", + "SSH key", + "OAuth app token", + "GitHub app token" + ] }, "token_last_eight": { "type": "string", "example": "12345678", - "description": "Last eight characters of the credential. Only included in responses with credential_type of personal access token." + "description": "Last eight characters of the credential. Only included in responses with a credential_type of personal access token, OAuth app token, or GitHub app token." }, "credential_authorized_at": { "type": "string", @@ -175242,7 +175467,7 @@ "user", "repo" ], - "description": "List of oauth scopes the token has been granted.", + "description": "List of OAuth scopes the token has been granted.", "items": { "type": "string" } @@ -175250,7 +175475,7 @@ "fingerprint": { "type": "string", "example": "jklmnop12345678", - "description": "Unique string to distinguish the credential. Only included in responses with credential_type of SSH Key." + "description": "Unique string to distinguish the credential. Only included in responses with a credential_type of SSH key." }, "credential_accessed_at": { "type": "string", @@ -175263,7 +175488,7 @@ "type": "integer", "nullable": true, "example": 12345678, - "description": "The ID of the underlying token that was authorized by the user. This will remain unchanged across authorizations of the token." + "description": "The ID of the underlying token or key that was authorized by the user. This will remain unchanged across authorizations of the token or key." }, "authorized_credential_title": { "type": "string", @@ -175304,6 +175529,7 @@ "token_last_eight": "71c3fc11", "credential_authorized_at": "2011-01-26T19:06:43Z", "credential_accessed_at": "2011-01-26T19:06:43Z", + "authorized_credential_id": 12345678, "authorized_credential_expires_at": "2011-02-25T19:06:43Z", "scopes": [ "user", @@ -175316,11 +175542,47 @@ "credential_type": "personal access token", "token_last_eight": "Ae178B4a", "credential_authorized_at": "2019-03-29T19:06:43Z", - "credential_accessed_at": "2011-01-26T19:06:43Z", + "credential_accessed_at": "2019-04-15T19:06:43Z", + "authorized_credential_id": 12345679, "authorized_credential_expires_at": "2019-04-28T19:06:43Z", "scopes": [ "repo" ] + }, + { + "login": "octocat", + "credential_id": 161197, + "credential_type": "OAuth app token", + "token_last_eight": "9f2c4d1e", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345680, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [ + "repo", + "read:org" + ] + }, + { + "login": "hubot", + "credential_id": 161198, + "credential_type": "GitHub app token", + "token_last_eight": "3b7a0c52", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345681, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [] + }, + { + "login": "octocat", + "credential_id": 161199, + "credential_type": "SSH key", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345682, + "fingerprint": "jklmnop12345678", + "authorized_credential_title": "my ssh key" } ] } @@ -175340,7 +175602,7 @@ "/orgs/{org}/credential-authorizations/{credential_id}": { "delete": { "summary": "Remove a SAML SSO authorization for an organization", - "description": "Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", + "description": "Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -445239,7 +445501,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -445442,7 +445704,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml index edb56944c..4b62f492b 100644 --- a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml +++ b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml @@ -20063,6 +20063,128 @@ paths: enabledForGitHubApps: true category: enterprise-admin subcategory: credential-authorizations + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": + post: + summary: Revoke credential authorizations for a user in an enterprise + description: |- + Revokes all credential authorizations for a single user within the enterprise. + This includes any credential authorizations the user has across all organizations + in the enterprise. + + For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all + credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting + the `revoke_credentials` parameter to `true`. + + This operation is performed asynchronously. A background job will be queued to process + the revocations. + + > [!WARNING] + > If you use a personal access token to call this endpoint and target yourself, that + > token may also be revoked or destroyed as part of this operation. + + The authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint. + + OAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint. + tags: + - enterprise-admin + operationId: enterprise-admin/revoke-credential-authorizations-for-user + externalDocs: + description: API method documentation + url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + parameters: + - *41 + - &148 + name: username + description: The handle for the GitHub user account. + in: path + required: true + schema: + type: string + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + revoke_credentials: + type: boolean + description: |- + Whether to also destroy the actual credentials (PATs and SSH keys) owned by + the user. This option is only available for Enterprise Managed User (EMU) + enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned + by the user will be destroyed in addition to the credential authorizations. + default: false + examples: + default: + value: + revoke_credentials: false + emu_with_credential_revocation: + summary: EMU enterprise with credential revocation + value: + revoke_credentials: true + responses: + '202': + description: Accepted - The revocation request has been queued + content: + application/json: + schema: + type: object + properties: + message: + type: string + description: A message indicating the revocation has been queued + warning: + type: string + description: A warning message if the token used for this request + may be revoked + examples: + default: + value: + message: Credential authorization revocation for user 'octocat' + has been queued + with_authorization_revoked_warning: + summary: Warning when the calling token may have its authorization + revoked + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also have its authorization + revoked as part of this operation + with_credential_destroyed_warning: + summary: Warning when the calling token may be destroyed (EMU with + `revoke_credentials`) + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also be destroyed + as part of this operation + '403': *29 + '404': *6 + '422': + description: Validation error - The target user cannot be revoked, or `revoke_credentials` + is not available for this enterprise + content: + application/json: + schema: *3 + examples: + non_emu_enterprise: + summary: "`revoke_credentials` requested on a non-EMU enterprise" + value: + message: The `revoke_credentials` option is only available for + Enterprise Managed User (EMU) enterprises + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + first_emu_owner: + summary: Target user is the first EMU owner + value: + message: The first EMU owner cannot be targeted for credential + revocation. + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + x-github: + githubCloudOnly: true + enabledForGitHubApps: true + category: enterprise-admin + subcategory: credential-authorizations "/enterprises/{enterprise}/dependabot/alerts": get: summary: List Dependabot alerts for an enterprise @@ -21698,13 +21820,7 @@ paths: url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/enterprise-roles#remove-all-enterprise-roles-from-a-user parameters: - *41 - - &148 - name: username - description: The handle for the GitHub user account. - in: path - required: true - schema: - type: string + - *148 responses: '204': description: Response @@ -27189,10 +27305,22 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -49974,7 +50102,7 @@ paths: get: summary: List SAML SSO authorizations for an organization description: |- - Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). + Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). The authenticated user must be an organization owner to use this endpoint. @@ -50023,13 +50151,19 @@ paths: token or key. credential_type: type: string - example: SSH Key + example: SSH key description: Human-readable description of the credential type. + enum: + - personal access token + - SSH key + - OAuth app token + - GitHub app token token_last_eight: type: string example: '12345678' description: Last eight characters of the credential. Only included - in responses with credential_type of personal access token. + in responses with a credential_type of personal access token, + OAuth app token, or GitHub app token. credential_authorized_at: type: string format: date-time @@ -50040,14 +50174,14 @@ paths: example: - user - repo - description: List of oauth scopes the token has been granted. + description: List of OAuth scopes the token has been granted. items: type: string fingerprint: type: string example: jklmnop12345678 description: Unique string to distinguish the credential. Only - included in responses with credential_type of SSH Key. + included in responses with a credential_type of SSH key. credential_accessed_at: type: string format: date-time @@ -50059,9 +50193,9 @@ paths: type: integer nullable: true example: 12345678 - description: The ID of the underlying token that was authorized - by the user. This will remain unchanged across authorizations - of the token. + description: The ID of the underlying token or key that was + authorized by the user. This will remain unchanged across + authorizations of the token or key. authorized_credential_title: type: string nullable: true @@ -50096,6 +50230,7 @@ paths: token_last_eight: 71c3fc11 credential_authorized_at: '2011-01-26T19:06:43Z' credential_accessed_at: '2011-01-26T19:06:43Z' + authorized_credential_id: 12345678 authorized_credential_expires_at: '2011-02-25T19:06:43Z' scopes: - user @@ -50105,10 +50240,39 @@ paths: credential_type: personal access token token_last_eight: Ae178B4a credential_authorized_at: '2019-03-29T19:06:43Z' - credential_accessed_at: '2011-01-26T19:06:43Z' + credential_accessed_at: '2019-04-15T19:06:43Z' + authorized_credential_id: 12345679 authorized_credential_expires_at: '2019-04-28T19:06:43Z' scopes: - repo + - login: octocat + credential_id: 161197 + credential_type: OAuth app token + token_last_eight: 9f2c4d1e + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345680 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: + - repo + - read:org + - login: hubot + credential_id: 161198 + credential_type: GitHub app token + token_last_eight: 3b7a0c52 + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345681 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: [] + - login: octocat + credential_id: 161199 + credential_type: SSH key + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345682 + fingerprint: jklmnop12345678 + authorized_credential_title: my ssh key x-github: githubCloudOnly: true enabledForGitHubApps: true @@ -50118,7 +50282,7 @@ paths: delete: summary: Remove a SAML SSO authorization for an organization description: |- - Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access. + Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access. The authenticated user must be an organization owner to use this endpoint. @@ -98999,7 +99163,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -99056,7 +99220,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.json b/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.json index 90d55cb82..13874f977 100644 --- a/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.json +++ b/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.json @@ -48840,6 +48840,213 @@ } } }, + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": { + "post": { + "summary": "Revoke credential authorizations for a user in an enterprise", + "description": "Revokes all credential authorizations for a single user within the enterprise.\nThis includes any credential authorizations the user has across all organizations\nin the enterprise.\n\nFor Enterprise Managed User (EMU) enterprises, you can optionally also destroy all\ncredentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting\nthe `revoke_credentials` parameter to `true`.\n\nThis operation is performed asynchronously. A background job will be queued to process\nthe revocations.\n\n> [!WARNING]\n> If you use a personal access token to call this endpoint and target yourself, that\n> token may also be revoked or destroyed as part of this operation.\n\nThe authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint.", + "tags": [ + "enterprise-admin" + ], + "operationId": "enterprise-admin/revoke-credential-authorizations-for-user", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "username", + "description": "The handle for the GitHub user account.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "revoke_credentials": { + "type": "boolean", + "description": "Whether to also destroy the actual credentials (PATs and SSH keys) owned by\nthe user. This option is only available for Enterprise Managed User (EMU)\nenterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned\nby the user will be destroyed in addition to the credential authorizations.", + "default": false + } + } + }, + "examples": { + "default": { + "value": { + "revoke_credentials": false + } + }, + "emu_with_credential_revocation": { + "summary": "EMU enterprise with credential revocation", + "value": { + "revoke_credentials": true + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - The revocation request has been queued", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message indicating the revocation has been queued" + }, + "warning": { + "type": "string", + "description": "A warning message if the token used for this request may be revoked" + } + } + }, + "examples": { + "default": { + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued" + } + }, + "with_authorization_revoked_warning": { + "summary": "Warning when the calling token may have its authorization revoked", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also have its authorization revoked as part of this operation" + } + }, + "with_credential_destroyed_warning": { + "summary": "Warning when the calling token may be destroyed (EMU with `revoke_credentials`)", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also be destroyed as part of this operation" + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + }, + "examples": { + "non_emu_enterprise": { + "summary": "`revoke_credentials` requested on a non-EMU enterprise", + "value": { + "message": "The `revoke_credentials` option is only available for Enterprise Managed User (EMU) enterprises", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + }, + "first_emu_owner": { + "summary": "Target user is the first EMU owner", + "value": { + "message": "The first EMU owner cannot be targeted for credential revocation.", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": true, + "enabledForGitHubApps": true, + "category": "enterprise-admin", + "subcategory": "credential-authorizations" + } + } + }, "/enterprises/{enterprise}/dependabot/alerts": { "get": { "summary": "List Dependabot alerts for an enterprise", @@ -72700,7 +72907,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ] }, "budget_entity_name": { @@ -72708,6 +72917,16 @@ "description": "The name of the entity to apply the budget to", "example": "example-repository-name" }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "example": "octocat" + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "example": 42.5 + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -171478,7 +171697,7 @@ "/orgs/{org}/credential-authorizations": { "get": { "summary": "List SAML SSO authorizations for an organization", - "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", + "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -171547,13 +171766,19 @@ }, "credential_type": { "type": "string", - "example": "SSH Key", - "description": "Human-readable description of the credential type." + "example": "SSH key", + "description": "Human-readable description of the credential type.", + "enum": [ + "personal access token", + "SSH key", + "OAuth app token", + "GitHub app token" + ] }, "token_last_eight": { "type": "string", "example": "12345678", - "description": "Last eight characters of the credential. Only included in responses with credential_type of personal access token." + "description": "Last eight characters of the credential. Only included in responses with a credential_type of personal access token, OAuth app token, or GitHub app token." }, "credential_authorized_at": { "type": "string", @@ -171567,7 +171792,7 @@ "user", "repo" ], - "description": "List of oauth scopes the token has been granted.", + "description": "List of OAuth scopes the token has been granted.", "items": { "type": "string" } @@ -171575,7 +171800,7 @@ "fingerprint": { "type": "string", "example": "jklmnop12345678", - "description": "Unique string to distinguish the credential. Only included in responses with credential_type of SSH Key." + "description": "Unique string to distinguish the credential. Only included in responses with a credential_type of SSH key." }, "credential_accessed_at": { "type": "string", @@ -171588,7 +171813,7 @@ "type": "integer", "nullable": true, "example": 12345678, - "description": "The ID of the underlying token that was authorized by the user. This will remain unchanged across authorizations of the token." + "description": "The ID of the underlying token or key that was authorized by the user. This will remain unchanged across authorizations of the token or key." }, "authorized_credential_title": { "type": "string", @@ -171629,6 +171854,7 @@ "token_last_eight": "71c3fc11", "credential_authorized_at": "2011-01-26T19:06:43Z", "credential_accessed_at": "2011-01-26T19:06:43Z", + "authorized_credential_id": 12345678, "authorized_credential_expires_at": "2011-02-25T19:06:43Z", "scopes": [ "user", @@ -171641,11 +171867,47 @@ "credential_type": "personal access token", "token_last_eight": "Ae178B4a", "credential_authorized_at": "2019-03-29T19:06:43Z", - "credential_accessed_at": "2011-01-26T19:06:43Z", + "credential_accessed_at": "2019-04-15T19:06:43Z", + "authorized_credential_id": 12345679, "authorized_credential_expires_at": "2019-04-28T19:06:43Z", "scopes": [ "repo" ] + }, + { + "login": "octocat", + "credential_id": 161197, + "credential_type": "OAuth app token", + "token_last_eight": "9f2c4d1e", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345680, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [ + "repo", + "read:org" + ] + }, + { + "login": "hubot", + "credential_id": 161198, + "credential_type": "GitHub app token", + "token_last_eight": "3b7a0c52", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345681, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [] + }, + { + "login": "octocat", + "credential_id": 161199, + "credential_type": "SSH key", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345682, + "fingerprint": "jklmnop12345678", + "authorized_credential_title": "my ssh key" } ] } @@ -171665,7 +171927,7 @@ "/orgs/{org}/credential-authorizations/{credential_id}": { "delete": { "summary": "Remove a SAML SSO authorization for an organization", - "description": "Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", + "description": "Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -438247,7 +438509,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -438450,7 +438712,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.yaml b/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.yaml index f4e549ba1..5d704be59 100644 --- a/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.yaml +++ b/descriptions/ghec/dereferenced/ghec.2026-03-10.deref.yaml @@ -20015,6 +20015,128 @@ paths: enabledForGitHubApps: true category: enterprise-admin subcategory: credential-authorizations + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": + post: + summary: Revoke credential authorizations for a user in an enterprise + description: |- + Revokes all credential authorizations for a single user within the enterprise. + This includes any credential authorizations the user has across all organizations + in the enterprise. + + For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all + credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting + the `revoke_credentials` parameter to `true`. + + This operation is performed asynchronously. A background job will be queued to process + the revocations. + + > [!WARNING] + > If you use a personal access token to call this endpoint and target yourself, that + > token may also be revoked or destroyed as part of this operation. + + The authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint. + + OAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint. + tags: + - enterprise-admin + operationId: enterprise-admin/revoke-credential-authorizations-for-user + externalDocs: + description: API method documentation + url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + parameters: + - *41 + - &148 + name: username + description: The handle for the GitHub user account. + in: path + required: true + schema: + type: string + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + revoke_credentials: + type: boolean + description: |- + Whether to also destroy the actual credentials (PATs and SSH keys) owned by + the user. This option is only available for Enterprise Managed User (EMU) + enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned + by the user will be destroyed in addition to the credential authorizations. + default: false + examples: + default: + value: + revoke_credentials: false + emu_with_credential_revocation: + summary: EMU enterprise with credential revocation + value: + revoke_credentials: true + responses: + '202': + description: Accepted - The revocation request has been queued + content: + application/json: + schema: + type: object + properties: + message: + type: string + description: A message indicating the revocation has been queued + warning: + type: string + description: A warning message if the token used for this request + may be revoked + examples: + default: + value: + message: Credential authorization revocation for user 'octocat' + has been queued + with_authorization_revoked_warning: + summary: Warning when the calling token may have its authorization + revoked + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also have its authorization + revoked as part of this operation + with_credential_destroyed_warning: + summary: Warning when the calling token may be destroyed (EMU with + `revoke_credentials`) + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also be destroyed + as part of this operation + '403': *29 + '404': *6 + '422': + description: Validation error - The target user cannot be revoked, or `revoke_credentials` + is not available for this enterprise + content: + application/json: + schema: *3 + examples: + non_emu_enterprise: + summary: "`revoke_credentials` requested on a non-EMU enterprise" + value: + message: The `revoke_credentials` option is only available for + Enterprise Managed User (EMU) enterprises + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + first_emu_owner: + summary: Target user is the first EMU owner + value: + message: The first EMU owner cannot be targeted for credential + revocation. + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + x-github: + githubCloudOnly: true + enabledForGitHubApps: true + category: enterprise-admin + subcategory: credential-authorizations "/enterprises/{enterprise}/dependabot/alerts": get: summary: List Dependabot alerts for an enterprise @@ -21628,13 +21750,7 @@ paths: url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/enterprise-roles#remove-all-enterprise-roles-from-a-user parameters: - *41 - - &148 - name: username - description: The handle for the GitHub user account. - in: path - required: true - schema: - type: string + - *148 responses: '204': description: Response @@ -27119,10 +27235,22 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user budget_entity_name: type: string description: The name of the entity to apply the budget to example: example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + example: octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + example: 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -49548,7 +49676,7 @@ paths: get: summary: List SAML SSO authorizations for an organization description: |- - Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). + Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). The authenticated user must be an organization owner to use this endpoint. @@ -49597,13 +49725,19 @@ paths: token or key. credential_type: type: string - example: SSH Key + example: SSH key description: Human-readable description of the credential type. + enum: + - personal access token + - SSH key + - OAuth app token + - GitHub app token token_last_eight: type: string example: '12345678' description: Last eight characters of the credential. Only included - in responses with credential_type of personal access token. + in responses with a credential_type of personal access token, + OAuth app token, or GitHub app token. credential_authorized_at: type: string format: date-time @@ -49614,14 +49748,14 @@ paths: example: - user - repo - description: List of oauth scopes the token has been granted. + description: List of OAuth scopes the token has been granted. items: type: string fingerprint: type: string example: jklmnop12345678 description: Unique string to distinguish the credential. Only - included in responses with credential_type of SSH Key. + included in responses with a credential_type of SSH key. credential_accessed_at: type: string format: date-time @@ -49633,9 +49767,9 @@ paths: type: integer nullable: true example: 12345678 - description: The ID of the underlying token that was authorized - by the user. This will remain unchanged across authorizations - of the token. + description: The ID of the underlying token or key that was + authorized by the user. This will remain unchanged across + authorizations of the token or key. authorized_credential_title: type: string nullable: true @@ -49670,6 +49804,7 @@ paths: token_last_eight: 71c3fc11 credential_authorized_at: '2011-01-26T19:06:43Z' credential_accessed_at: '2011-01-26T19:06:43Z' + authorized_credential_id: 12345678 authorized_credential_expires_at: '2011-02-25T19:06:43Z' scopes: - user @@ -49679,10 +49814,39 @@ paths: credential_type: personal access token token_last_eight: Ae178B4a credential_authorized_at: '2019-03-29T19:06:43Z' - credential_accessed_at: '2011-01-26T19:06:43Z' + credential_accessed_at: '2019-04-15T19:06:43Z' + authorized_credential_id: 12345679 authorized_credential_expires_at: '2019-04-28T19:06:43Z' scopes: - repo + - login: octocat + credential_id: 161197 + credential_type: OAuth app token + token_last_eight: 9f2c4d1e + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345680 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: + - repo + - read:org + - login: hubot + credential_id: 161198 + credential_type: GitHub app token + token_last_eight: 3b7a0c52 + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345681 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: [] + - login: octocat + credential_id: 161199 + credential_type: SSH ke{"code":"deadline_exceeded","msg":"operation timed out"}