Revocation
Use the REST API to revoke credentials that you have found exposed on GitHub or elsewhere.
Revoke a list of credentials
Submit a list of credentials to be revoked. This endpoint is intended to revoke credentials the caller does not own and may have found exposed on GitHub.com or elsewhere. It can also be used for credentials associated with an old user account that you no longer have access to. Credential owners will be notified of the revocation.
This endpoint currently accepts the following credential types:
- Personal access tokens (classic)
- Fine-grained personal access tokens
Revoked credentials may impact users on GitHub Free, Pro, & Team and GitHub Enterprise Cloud, and GitHub Enterprise Cloud with Enterprise Managed Users. GitHub cannot reactivate any credentials that have been revoked; new credentials will need to be generated.
To prevent abuse, this API is limited to only 60 unauthenticated requests per hour and a max of 1000 tokens per API request.
Note
Any authenticated requests will return a 403.
“Revoke a list of credentials”的细粒度访问令牌
此端点支持以下精细令牌类型:
精细令牌不需要任何权限。
“Revoke a list of credentials”的参数
| 名称, 类型, 说明 |
|---|
accept string Setting to |
| 名称, 类型, 说明 |
|---|
credentials array of strings 必须A list of credentials to be revoked, up to 1000 per request. |
“Revoke a list of credentials”的 HTTP 响应状态代码
| 状态代码 | 说明 |
|---|---|
202 | Accepted |
422 | Validation failed, or the endpoint has been spammed. |
500 | Internal Error |
“Revoke a list of credentials”的示例代码
如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。
请求示例
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/credentials/revoke \
-d '{"credentials":["ghp_1234567890abcdef1234567890abcdef12345678","ghp_abcdef1234567890abcdef1234567890abcdef12"]}'Accepted
Status: 202