diff --git a/descriptions-next/api.github.com/api.github.com.2022-11-28.json b/descriptions-next/api.github.com/api.github.com.2022-11-28.json index f69092c829..53e5540aae 100644 --- a/descriptions-next/api.github.com/api.github.com.2022-11-28.json +++ b/descriptions-next/api.github.com/api.github.com.2022-11-28.json @@ -61052,7 +61052,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -61113,7 +61113,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -123894,7 +123894,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -123907,6 +123909,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions-next/api.github.com/api.github.com.2022-11-28.yaml b/descriptions-next/api.github.com/api.github.com.2022-11-28.yaml index 570a8976ee..da66a940c3 100644 --- a/descriptions-next/api.github.com/api.github.com.2022-11-28.yaml +++ b/descriptions-next/api.github.com/api.github.com.2022-11-28.yaml @@ -44963,7 +44963,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -45008,7 +45008,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -90077,6 +90077,8 @@ components: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -90084,6 +90086,18 @@ components: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions-next/api.github.com/api.github.com.2026-03-10.json b/descriptions-next/api.github.com/api.github.com.2026-03-10.json index 4e8209ba42..362a46da6f 100644 --- a/descriptions-next/api.github.com/api.github.com.2026-03-10.json +++ b/descriptions-next/api.github.com/api.github.com.2026-03-10.json @@ -60977,7 +60977,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -61038,7 +61038,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -123337,7 +123337,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -123350,6 +123352,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions-next/api.github.com/api.github.com.2026-03-10.yaml b/descriptions-next/api.github.com/api.github.com.2026-03-10.yaml index 020e4ce345..9d8f08b13f 100644 --- a/descriptions-next/api.github.com/api.github.com.2026-03-10.yaml +++ b/descriptions-next/api.github.com/api.github.com.2026-03-10.yaml @@ -44902,7 +44902,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -44947,7 +44947,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -89664,6 +89664,8 @@ components: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -89671,6 +89673,18 @@ components: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions-next/api.github.com/api.github.com.json b/descriptions-next/api.github.com/api.github.com.json index 2693e61d71..58fb7d8f50 100644 --- a/descriptions-next/api.github.com/api.github.com.json +++ b/descriptions-next/api.github.com/api.github.com.json @@ -61321,7 +61321,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -61382,7 +61382,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], @@ -124634,7 +124634,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -124647,6 +124649,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", diff --git a/descriptions-next/api.github.com/api.github.com.yaml b/descriptions-next/api.github.com/api.github.com.yaml index da6f229a52..85b422e071 100644 --- a/descriptions-next/api.github.com/api.github.com.yaml +++ b/descriptions-next/api.github.com/api.github.com.yaml @@ -45131,7 +45131,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -45176,7 +45176,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions @@ -90561,6 +90561,8 @@ components: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -90568,6 +90570,18 @@ components: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a single user + (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within the budget. + Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based products, diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json b/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json index d8fb21e3f2..6887e9e07a 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json @@ -89765,7 +89765,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -89778,6 +89780,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -447094,7 +447110,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -447303,7 +447319,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml b/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml index 4ed66d8678..c6942d9a23 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml @@ -22641,6 +22641,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -22648,6 +22650,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -87752,7 +87766,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -87809,7 +87823,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json b/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json index b783f50105..ccafbddea7 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.json @@ -85530,7 +85530,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -85543,6 +85545,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -438603,7 +438619,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -438812,7 +438828,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml b/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml index 62577c5082..4d8f99bb30 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.2026-03-10.deref.yaml @@ -22327,6 +22327,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -22334,6 +22336,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -87303,7 +87317,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -87360,7 +87374,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.deref.json b/descriptions-next/api.github.com/dereferenced/api.github.com.deref.json index c70c81d104..54f8a4f0fc 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.deref.json +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.deref.json @@ -91230,7 +91230,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -91243,6 +91245,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -456413,7 +456429,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -456622,7 +456638,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/api.github.com/dereferenced/api.github.com.deref.yaml b/descriptions-next/api.github.com/dereferenced/api.github.com.deref.yaml index 99a900eced..46b8c5935b 100644 --- a/descriptions-next/api.github.com/dereferenced/api.github.com.deref.yaml +++ b/descriptions-next/api.github.com/dereferenced/api.github.com.deref.yaml @@ -22906,6 +22906,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -22913,6 +22915,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -88438,7 +88452,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -88495,7 +88509,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.json b/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.json index c3d3298404..2da34fae07 100644 --- a/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.json +++ b/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.json @@ -53201,6 +53201,213 @@ } } }, + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": { + "post": { + "summary": "Revoke credential authorizations for a user in an enterprise", + "description": "Revokes all credential authorizations for a single user within the enterprise.\nThis includes any credential authorizations the user has across all organizations\nin the enterprise.\n\nFor Enterprise Managed User (EMU) enterprises, you can optionally also destroy all\ncredentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting\nthe `revoke_credentials` parameter to `true`.\n\nThis operation is performed asynchronously. A background job will be queued to process\nthe revocations.\n\n> [!WARNING]\n> If you use a personal access token to call this endpoint and target yourself, that\n> token may also be revoked or destroyed as part of this operation.\n\nThe authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint.", + "tags": [ + "enterprise-admin" + ], + "operationId": "enterprise-admin/revoke-credential-authorizations-for-user", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "username", + "description": "The handle for the GitHub user account.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "revoke_credentials": { + "type": "boolean", + "description": "Whether to also destroy the actual credentials (PATs and SSH keys) owned by\nthe user. This option is only available for Enterprise Managed User (EMU)\nenterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned\nby the user will be destroyed in addition to the credential authorizations.", + "default": false + } + } + }, + "examples": { + "default": { + "value": { + "revoke_credentials": false + } + }, + "emu_with_credential_revocation": { + "summary": "EMU enterprise with credential revocation", + "value": { + "revoke_credentials": true + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - The revocation request has been queued", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message indicating the revocation has been queued" + }, + "warning": { + "type": "string", + "description": "A warning message if the token used for this request may be revoked" + } + } + }, + "examples": { + "default": { + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued" + } + }, + "with_authorization_revoked_warning": { + "summary": "Warning when the calling token may have its authorization revoked", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also have its authorization revoked as part of this operation" + } + }, + "with_credential_destroyed_warning": { + "summary": "Warning when the calling token may be destroyed (EMU with `revoke_credentials`)", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also be destroyed as part of this operation" + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + }, + "examples": { + "non_emu_enterprise": { + "summary": "`revoke_credentials` requested on a non-EMU enterprise", + "value": { + "message": "The `revoke_credentials` option is only available for Enterprise Managed User (EMU) enterprises", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + }, + "first_emu_owner": { + "summary": "Target user is the first EMU owner", + "value": { + "message": "The first EMU owner cannot be targeted for credential revocation.", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": true, + "enabledForGitHubApps": true, + "category": "enterprise-admin", + "subcategory": "credential-authorizations" + } + } + }, "/enterprises/{enterprise}/dependabot/alerts": { "get": { "summary": "List Dependabot alerts for an enterprise", @@ -78887,7 +79094,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -78900,6 +79109,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -196711,7 +196934,7 @@ "/orgs/{org}/credential-authorizations": { "get": { "summary": "List SAML SSO authorizations for an organization", - "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", + "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -196785,13 +197008,19 @@ "credential_type": { "type": "string", "description": "Human-readable description of the credential type.", + "enum": [ + "personal access token", + "SSH key", + "OAuth app token", + "GitHub app token" + ], "examples": [ - "SSH Key" + "SSH key" ] }, "token_last_eight": { "type": "string", - "description": "Last eight characters of the credential. Only included in responses with credential_type of personal access token.", + "description": "Last eight characters of the credential. Only included in responses with a credential_type of personal access token, OAuth app token, or GitHub app token.", "examples": [ "12345678" ] @@ -196806,7 +197035,7 @@ }, "scopes": { "type": "array", - "description": "List of oauth scopes the token has been granted.", + "description": "List of OAuth scopes the token has been granted.", "items": { "type": "string" }, @@ -196817,7 +197046,7 @@ }, "fingerprint": { "type": "string", - "description": "Unique string to distinguish the credential. Only included in responses with credential_type of SSH Key.", + "description": "Unique string to distinguish the credential. Only included in responses with a credential_type of SSH key.", "examples": [ "jklmnop12345678" ] @@ -196838,7 +197067,7 @@ "integer", "null" ], - "description": "The ID of the underlying token that was authorized by the user. This will remain unchanged across authorizations of the token.", + "description": "The ID of the underlying token or key that was authorized by the user. This will remain unchanged across authorizations of the token or key.", "examples": [ 12345678 ] @@ -196892,6 +197121,7 @@ "token_last_eight": "71c3fc11", "credential_authorized_at": "2011-01-26T19:06:43Z", "credential_accessed_at": "2011-01-26T19:06:43Z", + "authorized_credential_id": 12345678, "authorized_credential_expires_at": "2011-02-25T19:06:43Z", "scopes": [ "user", @@ -196904,11 +197134,47 @@ "credential_type": "personal access token", "token_last_eight": "Ae178B4a", "credential_authorized_at": "2019-03-29T19:06:43Z", - "credential_accessed_at": "2011-01-26T19:06:43Z", + "credential_accessed_at": "2019-04-15T19:06:43Z", + "authorized_credential_id": 12345679, "authorized_credential_expires_at": "2019-04-28T19:06:43Z", "scopes": [ "repo" ] + }, + { + "login": "octocat", + "credential_id": 161197, + "credential_type": "OAuth app token", + "token_last_eight": "9f2c4d1e", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345680, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [ + "repo", + "read:org" + ] + }, + { + "login": "hubot", + "credential_id": 161198, + "credential_type": "GitHub app token", + "token_last_eight": "3b7a0c52", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345681, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [] + }, + { + "login": "octocat", + "credential_id": 161199, + "credential_type": "SSH key", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345682, + "fingerprint": "jklmnop12345678", + "authorized_credential_title": "my ssh key" } ] } @@ -196928,7 +197194,7 @@ "/orgs/{org}/credential-authorizations/{credential_id}": { "delete": { "summary": "Remove a SAML SSO authorization for an organization", - "description": "Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", + "description": "Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -511027,7 +511293,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -511236,7 +511502,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.yaml b/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.yaml index 0efb655207..e6b2b5ac93 100644 --- a/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.yaml +++ b/descriptions-next/ghec/dereferenced/ghec.2022-11-28.deref.yaml @@ -20620,6 +20620,128 @@ paths: enabledForGitHubApps: true category: enterprise-admin subcategory: credential-authorizations + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": + post: + summary: Revoke credential authorizations for a user in an enterprise + description: |- + Revokes all credential authorizations for a single user within the enterprise. + This includes any credential authorizations the user has across all organizations + in the enterprise. + + For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all + credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting + the `revoke_credentials` parameter to `true`. + + This operation is performed asynchronously. A background job will be queued to process + the revocations. + + > [!WARNING] + > If you use a personal access token to call this endpoint and target yourself, that + > token may also be revoked or destroyed as part of this operation. + + The authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint. + + OAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint. + tags: + - enterprise-admin + operationId: enterprise-admin/revoke-credential-authorizations-for-user + externalDocs: + description: API method documentation + url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + parameters: + - *39 + - &140 + name: username + description: The handle for the GitHub user account. + in: path + required: true + schema: + type: string + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + revoke_credentials: + type: boolean + description: |- + Whether to also destroy the actual credentials (PATs and SSH keys) owned by + the user. This option is only available for Enterprise Managed User (EMU) + enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned + by the user will be destroyed in addition to the credential authorizations. + default: false + examples: + default: + value: + revoke_credentials: false + emu_with_credential_revocation: + summary: EMU enterprise with credential revocation + value: + revoke_credentials: true + responses: + '202': + description: Accepted - The revocation request has been queued + content: + application/json: + schema: + type: object + properties: + message: + type: string + description: A message indicating the revocation has been queued + warning: + type: string + description: A warning message if the token used for this request + may be revoked + examples: + default: + value: + message: Credential authorization revocation for user 'octocat' + has been queued + with_authorization_revoked_warning: + summary: Warning when the calling token may have its authorization + revoked + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also have its authorization + revoked as part of this operation + with_credential_destroyed_warning: + summary: Warning when the calling token may be destroyed (EMU with + `revoke_credentials`) + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also be destroyed + as part of this operation + '403': *27 + '404': *6 + '422': + description: Validation error - The target user cannot be revoked, or `revoke_credentials` + is not available for this enterprise + content: + application/json: + schema: *3 + examples: + non_emu_enterprise: + summary: "`revoke_credentials` requested on a non-EMU enterprise" + value: + message: The `revoke_credentials` option is only available for + Enterprise Managed User (EMU) enterprises + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + first_emu_owner: + summary: Target user is the first EMU owner + value: + message: The first EMU owner cannot be targeted for credential + revocation. + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + x-github: + githubCloudOnly: true + enabledForGitHubApps: true + category: enterprise-admin + subcategory: credential-authorizations "/enterprises/{enterprise}/dependabot/alerts": get: summary: List Dependabot alerts for an enterprise @@ -22272,13 +22394,7 @@ paths: url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/enterprise-roles#remove-all-enterprise-roles-from-a-user parameters: - *39 - - &140 - name: username - description: The handle for the GitHub user account. - in: path - required: true - schema: - type: string + - *140 responses: '204': description: Response @@ -27887,6 +28003,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -27894,6 +28012,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -51120,7 +51250,7 @@ paths: get: summary: List SAML SSO authorizations for an organization description: |- - Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). + Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). The authenticated user must be an organization owner to use this endpoint. @@ -51172,12 +51302,18 @@ paths: credential_type: type: string description: Human-readable description of the credential type. + enum: + - personal access token + - SSH key + - OAuth app token + - GitHub app token examples: - - SSH Key + - SSH key token_last_eight: type: string description: Last eight characters of the credential. Only included - in responses with credential_type of personal access token. + in responses with a credential_type of personal access token, + OAuth app token, or GitHub app token. examples: - '12345678' credential_authorized_at: @@ -51188,7 +51324,7 @@ paths: - '2011-01-26T19:06:43Z' scopes: type: array - description: List of oauth scopes the token has been granted. + description: List of OAuth scopes the token has been granted. items: type: string examples: @@ -51197,7 +51333,7 @@ paths: fingerprint: type: string description: Unique string to distinguish the credential. Only - included in responses with credential_type of SSH Key. + included in responses with a credential_type of SSH key. examples: - jklmnop12345678 credential_accessed_at: @@ -51213,9 +51349,9 @@ paths: type: - integer - 'null' - description: The ID of the underlying token that was authorized - by the user. This will remain unchanged across authorizations - of the token. + description: The ID of the underlying token or key that was + authorized by the user. This will remain unchanged across + authorizations of the token or key. examples: - 12345678 authorized_credential_title: @@ -51257,6 +51393,7 @@ paths: token_last_eight: 71c3fc11 credential_authorized_at: '2011-01-26T19:06:43Z' credential_accessed_at: '2011-01-26T19:06:43Z' + authorized_credential_id: 12345678 authorized_credential_expires_at: '2011-02-25T19:06:43Z' scopes: - user @@ -51266,10 +51403,39 @@ paths: credential_type: personal access token token_last_eight: Ae178B4a credential_authorized_at: '2019-03-29T19:06:43Z' - credential_accessed_at: '2011-01-26T19:06:43Z' + credential_accessed_at: '2019-04-15T19:06:43Z' + authorized_credential_id: 12345679 authorized_credential_expires_at: '2019-04-28T19:06:43Z' scopes: - repo + - login: octocat + credential_id: 161197 + credential_type: OAuth app token + token_last_eight: 9f2c4d1e + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345680 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: + - repo + - read:org + - login: hubot + credential_id: 161198 + credential_type: GitHub app token + token_last_eight: 3b7a0c52 + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345681 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: [] + - login: octocat + credential_id: 161199 + credential_type: SSH key + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345682 + fingerprint: jklmnop12345678 + authorized_credential_title: my ssh key x-github: githubCloudOnly: true enabledForGitHubApps: true @@ -51279,7 +51445,7 @@ paths: delete: summary: Remove a SAML SSO authorization for an organization description: |- - Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access. + Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access. The authenticated user must be an organization owner to use this endpoint. @@ -101220,7 +101386,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -101277,7 +101443,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.json b/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.json index 72d8ba3dee..22fae4ded5 100644 --- a/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.json +++ b/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.json @@ -53068,6 +53068,213 @@ } } }, + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": { + "post": { + "summary": "Revoke credential authorizations for a user in an enterprise", + "description": "Revokes all credential authorizations for a single user within the enterprise.\nThis includes any credential authorizations the user has across all organizations\nin the enterprise.\n\nFor Enterprise Managed User (EMU) enterprises, you can optionally also destroy all\ncredentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting\nthe `revoke_credentials` parameter to `true`.\n\nThis operation is performed asynchronously. A background job will be queued to process\nthe revocations.\n\n> [!WARNING]\n> If you use a personal access token to call this endpoint and target yourself, that\n> token may also be revoked or destroyed as part of this operation.\n\nThe authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint.", + "tags": [ + "enterprise-admin" + ], + "operationId": "enterprise-admin/revoke-credential-authorizations-for-user", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "username", + "description": "The handle for the GitHub user account.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "revoke_credentials": { + "type": "boolean", + "description": "Whether to also destroy the actual credentials (PATs and SSH keys) owned by\nthe user. This option is only available for Enterprise Managed User (EMU)\nenterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned\nby the user will be destroyed in addition to the credential authorizations.", + "default": false + } + } + }, + "examples": { + "default": { + "value": { + "revoke_credentials": false + } + }, + "emu_with_credential_revocation": { + "summary": "EMU enterprise with credential revocation", + "value": { + "revoke_credentials": true + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - The revocation request has been queued", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message indicating the revocation has been queued" + }, + "warning": { + "type": "string", + "description": "A warning message if the token used for this request may be revoked" + } + } + }, + "examples": { + "default": { + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued" + } + }, + "with_authorization_revoked_warning": { + "summary": "Warning when the calling token may have its authorization revoked", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also have its authorization revoked as part of this operation" + } + }, + "with_credential_destroyed_warning": { + "summary": "Warning when the calling token may be destroyed (EMU with `revoke_credentials`)", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also be destroyed as part of this operation" + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + }, + "examples": { + "non_emu_enterprise": { + "summary": "`revoke_credentials` requested on a non-EMU enterprise", + "value": { + "message": "The `revoke_credentials` option is only available for Enterprise Managed User (EMU) enterprises", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + }, + "first_emu_owner": { + "summary": "Target user is the first EMU owner", + "value": { + "message": "The first EMU owner cannot be targeted for credential revocation.", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": true, + "enabledForGitHubApps": true, + "category": "enterprise-admin", + "subcategory": "credential-authorizations" + } + } + }, "/enterprises/{enterprise}/dependabot/alerts": { "get": { "summary": "List Dependabot alerts for an enterprise", @@ -78726,7 +78933,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -78739,6 +78948,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -192103,7 +192326,7 @@ "/orgs/{org}/credential-authorizations": { "get": { "summary": "List SAML SSO authorizations for an organization", - "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", + "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -192177,13 +192400,19 @@ "credential_type": { "type": "string", "description": "Human-readable description of the credential type.", + "enum": [ + "personal access token", + "SSH key", + "OAuth app token", + "GitHub app token" + ], "examples": [ - "SSH Key" + "SSH key" ] }, "token_last_eight": { "type": "string", - "description": "Last eight characters of the credential. Only included in responses with credential_type of personal access token.", + "description": "Last eight characters of the credential. Only included in responses with a credential_type of personal access token, OAuth app token, or GitHub app token.", "examples": [ "12345678" ] @@ -192198,7 +192427,7 @@ }, "scopes": { "type": "array", - "description": "List of oauth scopes the token has been granted.", + "description": "List of OAuth scopes the token has been granted.", "items": { "type": "string" }, @@ -192209,7 +192438,7 @@ }, "fingerprint": { "type": "string", - "description": "Unique string to distinguish the credential. Only included in responses with credential_type of SSH Key.", + "description": "Unique string to distinguish the credential. Only included in responses with a credential_type of SSH key.", "examples": [ "jklmnop12345678" ] @@ -192230,7 +192459,7 @@ "integer", "null" ], - "description": "The ID of the underlying token that was authorized by the user. This will remain unchanged across authorizations of the token.", + "description": "The ID of the underlying token or key that was authorized by the user. This will remain unchanged across authorizations of the token or key.", "examples": [ 12345678 ] @@ -192284,6 +192513,7 @@ "token_last_eight": "71c3fc11", "credential_authorized_at": "2011-01-26T19:06:43Z", "credential_accessed_at": "2011-01-26T19:06:43Z", + "authorized_credential_id": 12345678, "authorized_credential_expires_at": "2011-02-25T19:06:43Z", "scopes": [ "user", @@ -192296,11 +192526,47 @@ "credential_type": "personal access token", "token_last_eight": "Ae178B4a", "credential_authorized_at": "2019-03-29T19:06:43Z", - "credential_accessed_at": "2011-01-26T19:06:43Z", + "credential_accessed_at": "2019-04-15T19:06:43Z", + "authorized_credential_id": 12345679, "authorized_credential_expires_at": "2019-04-28T19:06:43Z", "scopes": [ "repo" ] + }, + { + "login": "octocat", + "credential_id": 161197, + "credential_type": "OAuth app token", + "token_last_eight": "9f2c4d1e", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345680, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [ + "repo", + "read:org" + ] + }, + { + "login": "hubot", + "credential_id": 161198, + "credential_type": "GitHub app token", + "token_last_eight": "3b7a0c52", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345681, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [] + }, + { + "login": "octocat", + "credential_id": 161199, + "credential_type": "SSH key", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345682, + "fingerprint": "jklmnop12345678", + "authorized_credential_title": "my ssh key" } ] } @@ -192320,7 +192586,7 @@ "/orgs/{org}/credential-authorizations/{credential_id}": { "delete": { "summary": "Remove a SAML SSO authorization for an organization", - "description": "Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", + "description": "Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -502237,7 +502503,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -502446,7 +502712,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.yaml b/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.yaml index 97cb664875..5528b680c2 100644 --- a/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.yaml +++ b/descriptions-next/ghec/dereferenced/ghec.2026-03-10.deref.yaml @@ -20568,6 +20568,128 @@ paths: enabledForGitHubApps: true category: enterprise-admin subcategory: credential-authorizations + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": + post: + summary: Revoke credential authorizations for a user in an enterprise + description: |- + Revokes all credential authorizations for a single user within the enterprise. + This includes any credential authorizations the user has across all organizations + in the enterprise. + + For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all + credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting + the `revoke_credentials` parameter to `true`. + + This operation is performed asynchronously. A background job will be queued to process + the revocations. + + > [!WARNING] + > If you use a personal access token to call this endpoint and target yourself, that + > token may also be revoked or destroyed as part of this operation. + + The authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint. + + OAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint. + tags: + - enterprise-admin + operationId: enterprise-admin/revoke-credential-authorizations-for-user + externalDocs: + description: API method documentation + url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + parameters: + - *39 + - &140 + name: username + description: The handle for the GitHub user account. + in: path + required: true + schema: + type: string + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + revoke_credentials: + type: boolean + description: |- + Whether to also destroy the actual credentials (PATs and SSH keys) owned by + the user. This option is only available for Enterprise Managed User (EMU) + enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned + by the user will be destroyed in addition to the credential authorizations. + default: false + examples: + default: + value: + revoke_credentials: false + emu_with_credential_revocation: + summary: EMU enterprise with credential revocation + value: + revoke_credentials: true + responses: + '202': + description: Accepted - The revocation request has been queued + content: + application/json: + schema: + type: object + properties: + message: + type: string + description: A message indicating the revocation has been queued + warning: + type: string + description: A warning message if the token used for this request + may be revoked + examples: + default: + value: + message: Credential authorization revocation for user 'octocat' + has been queued + with_authorization_revoked_warning: + summary: Warning when the calling token may have its authorization + revoked + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also have its authorization + revoked as part of this operation + with_credential_destroyed_warning: + summary: Warning when the calling token may be destroyed (EMU with + `revoke_credentials`) + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also be destroyed + as part of this operation + '403': *27 + '404': *6 + '422': + description: Validation error - The target user cannot be revoked, or `revoke_credentials` + is not available for this enterprise + content: + application/json: + schema: *3 + examples: + non_emu_enterprise: + summary: "`revoke_credentials` requested on a non-EMU enterprise" + value: + message: The `revoke_credentials` option is only available for + Enterprise Managed User (EMU) enterprises + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + first_emu_owner: + summary: Target user is the first EMU owner + value: + message: The first EMU owner cannot be targeted for credential + revocation. + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + x-github: + githubCloudOnly: true + enabledForGitHubApps: true + category: enterprise-admin + subcategory: credential-authorizations "/enterprises/{enterprise}/dependabot/alerts": get: summary: List Dependabot alerts for an enterprise @@ -22197,13 +22319,7 @@ paths: url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/enterprise-roles#remove-all-enterprise-roles-from-a-user parameters: - *39 - - &140 - name: username - description: The handle for the GitHub user account. - in: path - required: true - schema: - type: string + - *140 responses: '204': description: Response @@ -27812,6 +27928,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -27819,6 +27937,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -50682,7 +50812,7 @@ paths: get: summary: List SAML SSO authorizations for an organization description: |- - Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). + Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). The authenticated user must be an organization owner to use this endpoint. @@ -50734,12 +50864,18 @@ paths: credential_type: type: string description: Human-readable description of the credential type. + enum: + - personal access token + - SSH key + - OAuth app token + - GitHub app token examples: - - SSH Key + - SSH key token_last_eight: type: string description: Last eight characters of the credential. Only included - in responses with credential_type of personal access token. + in responses with a credential_type of personal access token, + OAuth app token, or GitHub app token. examples: - '12345678' credential_authorized_at: @@ -50750,7 +50886,7 @@ paths: - '2011-01-26T19:06:43Z' scopes: type: array - description: List of oauth scopes the token has been granted. + description: List of OAuth scopes the token has been granted. items: type: string examples: @@ -50759,7 +50895,7 @@ paths: fingerprint: type: string description: Unique string to distinguish the credential. Only - included in responses with credential_type of SSH Key. + included in responses with a credential_type of SSH key. examples: - jklmnop12345678 credential_accessed_at: @@ -50775,9 +50911,9 @@ paths: type: - integer - 'null' - description: The ID of the underlying token that was authorized - by the user. This will remain unchanged across authorizations - of the token. + description: The ID of the underlying token or key that was + authorized by the user. This will remain unchanged across + authorizations of the token or key. examples: - 12345678 authorized_credential_title: @@ -50819,6 +50955,7 @@ paths: token_last_eight: 71c3fc11 credential_authorized_at: '2011-01-26T19:06:43Z' credential_accessed_at: '2011-01-26T19:06:43Z' + authorized_credential_id: 12345678 authorized_credential_expires_at: '2011-02-25T19:06:43Z' scopes: - user @@ -50828,10 +50965,39 @@ paths: credential_type: personal access token token_last_eight: Ae178B4a credential_authorized_at: '2019-03-29T19:06:43Z' - credential_accessed_at: '2011-01-26T19:06:43Z' + credential_accessed_at: '2019-04-15T19:06:43Z' + authorized_credential_id: 12345679 authorized_credential_expires_at: '2019-04-28T19:06:43Z' scopes: - repo + - login: octocat + credential_id: 161197 + credential_type: OAuth app token + token_last_eight: 9f2c4d1e + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345680 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: + - repo + - read:org + - login: hubot + credential_id: 161198 + credential_type: GitHub app token + token_last_eight: 3b7a0c52 + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345681 + authorized_credential_expires_at: '2023-06-14T19:06:43Z' + scopes: [] + - login: octocat + credential_id: 161199 + credential_type: SSH key + credential_authorized_at: '2023-05-15T19:06:43Z' + credential_accessed_at: '2023-05-16T19:06:43Z' + authorized_credential_id: 12345682 + fingerprint: jklmnop12345678 + authorized_credential_title: my ssh key x-github: githubCloudOnly: true enabledForGitHubApps: true @@ -50841,7 +51007,7 @@ paths: delete: summary: Remove a SAML SSO authorization for an organization description: |- - Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access. + Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access. The authenticated user must be an organization owner to use this endpoint. @@ -100759,7 +100925,7 @@ paths: Users on this list can create pull requests regardless of any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users. tags: @@ -100816,7 +100982,7 @@ paths: Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap. - Only repository admins can modify the bypass list. + Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request. tags: - interactions diff --git a/descriptions-next/ghec/dereferenced/ghec.deref.json b/descriptions-next/ghec/dereferenced/ghec.deref.json index 8c815ea837..c7f714392c 100644 --- a/descriptions-next/ghec/dereferenced/ghec.deref.json +++ b/descriptions-next/ghec/dereferenced/ghec.deref.json @@ -53648,6 +53648,213 @@ } } }, + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": { + "post": { + "summary": "Revoke credential authorizations for a user in an enterprise", + "description": "Revokes all credential authorizations for a single user within the enterprise.\nThis includes any credential authorizations the user has across all organizations\nin the enterprise.\n\nFor Enterprise Managed User (EMU) enterprises, you can optionally also destroy all\ncredentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting\nthe `revoke_credentials` parameter to `true`.\n\nThis operation is performed asynchronously. A background job will be queued to process\nthe revocations.\n\n> [!WARNING]\n> If you use a personal access token to call this endpoint and target yourself, that\n> token may also be revoked or destroyed as part of this operation.\n\nThe authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint.", + "tags": [ + "enterprise-admin" + ], + "operationId": "enterprise-admin/revoke-credential-authorizations-for-user", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "username", + "description": "The handle for the GitHub user account.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "revoke_credentials": { + "type": "boolean", + "description": "Whether to also destroy the actual credentials (PATs and SSH keys) owned by\nthe user. This option is only available for Enterprise Managed User (EMU)\nenterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned\nby the user will be destroyed in addition to the credential authorizations.", + "default": false + } + } + }, + "examples": { + "default": { + "value": { + "revoke_credentials": false + } + }, + "emu_with_credential_revocation": { + "summary": "EMU enterprise with credential revocation", + "value": { + "revoke_credentials": true + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - The revocation request has been queued", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message indicating the revocation has been queued" + }, + "warning": { + "type": "string", + "description": "A warning message if the token used for this request may be revoked" + } + } + }, + "examples": { + "default": { + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued" + } + }, + "with_authorization_revoked_warning": { + "summary": "Warning when the calling token may have its authorization revoked", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also have its authorization revoked as part of this operation" + } + }, + "with_credential_destroyed_warning": { + "summary": "Warning when the calling token may be destroyed (EMU with `revoke_credentials`)", + "value": { + "message": "Credential authorization revocation for user 'octocat' has been queued", + "warning": "The token used for this request may also be destroyed as part of this operation" + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + }, + "examples": { + "non_emu_enterprise": { + "summary": "`revoke_credentials` requested on a non-EMU enterprise", + "value": { + "message": "The `revoke_credentials` option is only available for Enterprise Managed User (EMU) enterprises", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + }, + "first_emu_owner": { + "summary": "Target user is the first EMU owner", + "value": { + "message": "The first EMU owner cannot be targeted for credential revocation.", + "documentation_url": "https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": true, + "enabledForGitHubApps": true, + "category": "enterprise-admin", + "subcategory": "credential-authorizations" + } + } + }, "/enterprises/{enterprise}/dependabot/alerts": { "get": { "summary": "List Dependabot alerts for an enterprise", @@ -79359,7 +79566,9 @@ "enterprise", "organization", "repository", - "cost_center" + "cost_center", + "multi_user_customer", + "user" ], "examples": [ "enterprise" @@ -79372,6 +79581,20 @@ "example-repository-name" ] }, + "user": { + "type": "string", + "description": "The user login when the budget is scoped to a single user (`user` scope).", + "examples": [ + "octocat" + ] + }, + "consumed_amount": { + "type": "number", + "description": "The consumed amount for the specified user within the budget. Only included for `user`-scoped budgets.", + "examples": [ + 42.5 + ] + }, "budget_amount": { "type": "integer", "description": "The budget amount in whole dollars. For license-based products, this represents the number of licenses.", @@ -199132,7 +199355,7 @@ "/orgs/{org}/credential-authorizations": { "get": { "summary": "List SAML SSO authorizations for an organization", - "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", + "description": "Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on).\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `read:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -199206,13 +199429,19 @@ "credential_type": { "type": "string", "description": "Human-readable description of the credential type.", + "enum": [ + "personal access token", + "SSH key", + "OAuth app token", + "GitHub app token" + ], "examples": [ - "SSH Key" + "SSH key" ] }, "token_last_eight": { "type": "string", - "description": "Last eight characters of the credential. Only included in responses with credential_type of personal access token.", + "description": "Last eight characters of the credential. Only included in responses with a credential_type of personal access token, OAuth app token, or GitHub app token.", "examples": [ "12345678" ] @@ -199227,7 +199456,7 @@ }, "scopes": { "type": "array", - "description": "List of oauth scopes the token has been granted.", + "description": "List of OAuth scopes the token has been granted.", "items": { "type": "string" }, @@ -199238,7 +199467,7 @@ }, "fingerprint": { "type": "string", - "description": "Unique string to distinguish the credential. Only included in responses with credential_type of SSH Key.", + "description": "Unique string to distinguish the credential. Only included in responses with a credential_type of SSH key.", "examples": [ "jklmnop12345678" ] @@ -199259,7 +199488,7 @@ "integer", "null" ], - "description": "The ID of the underlying token that was authorized by the user. This will remain unchanged across authorizations of the token.", + "description": "The ID of the underlying token or key that was authorized by the user. This will remain unchanged across authorizations of the token or key.", "examples": [ 12345678 ] @@ -199313,6 +199542,7 @@ "token_last_eight": "71c3fc11", "credential_authorized_at": "2011-01-26T19:06:43Z", "credential_accessed_at": "2011-01-26T19:06:43Z", + "authorized_credential_id": 12345678, "authorized_credential_expires_at": "2011-02-25T19:06:43Z", "scopes": [ "user", @@ -199325,11 +199555,47 @@ "credential_type": "personal access token", "token_last_eight": "Ae178B4a", "credential_authorized_at": "2019-03-29T19:06:43Z", - "credential_accessed_at": "2011-01-26T19:06:43Z", + "credential_accessed_at": "2019-04-15T19:06:43Z", + "authorized_credential_id": 12345679, "authorized_credential_expires_at": "2019-04-28T19:06:43Z", "scopes": [ "repo" ] + }, + { + "login": "octocat", + "credential_id": 161197, + "credential_type": "OAuth app token", + "token_last_eight": "9f2c4d1e", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345680, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [ + "repo", + "read:org" + ] + }, + { + "login": "hubot", + "credential_id": 161198, + "credential_type": "GitHub app token", + "token_last_eight": "3b7a0c52", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345681, + "authorized_credential_expires_at": "2023-06-14T19:06:43Z", + "scopes": [] + }, + { + "login": "octocat", + "credential_id": 161199, + "credential_type": "SSH key", + "credential_authorized_at": "2023-05-15T19:06:43Z", + "credential_accessed_at": "2023-05-16T19:06:43Z", + "authorized_credential_id": 12345682, + "fingerprint": "jklmnop12345678", + "authorized_credential_title": "my ssh key" } ] } @@ -199349,7 +199615,7 @@ "/orgs/{org}/credential-authorizations/{credential_id}": { "delete": { "summary": "Remove a SAML SSO authorization for an organization", - "description": "Removes a credential authorization for an organization that uses SAML SSO. Once you remove someone's credential authorization, they will need to create a new personal access token or SSH key and authorize it for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", + "description": "Removes a credential authorization for an organization that uses SAML SSO. The credential can be a personal access token, an SSH key, an OAuth app access token, or a user-to-server token from a GitHub App. Once you remove someone's credential authorization, they will need to authorize the credential again for the organization they want to access.\n\nThe authenticated user must be an organization owner to use this endpoint.\n\nOAuth app tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.", "tags": [ "orgs" ], @@ -520594,7 +520860,7 @@ }, "put": { "summary": "Add users to the pull request creation cap bypass list for a repository", - "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", + "description": "Adds users to the pull request creation cap bypass list for a repository.\nUsers on this list can create pull requests regardless of any configured\npull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can add a maximum of 100 users per request.\nThe bypass list can only hold a maximum of 100 users.", "tags": [ "interactions" ], @@ -520803,7 +521069,7 @@ }, "delete": { "summary": "Remove users from the pull request creation cap bypass list for a repository", - "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly repository admins can modify the bypass list.\nYou can remove a maximum of 100 users per request.", + "description": "Removes users from the pull request creation cap bypass list for a repository.\nRemoved users will be subject to any configured pull request creation cap.\n\nOnly users with maintainer permissions can modify the bypass list.\nYou can remove a maximum of 100 users per request.", "tags": [ "interactions" ], diff --git a/descriptions-next/ghec/dereferenced/ghec.deref.yaml b/descriptions-next/ghec/dereferenced/ghec.deref.yaml index 75b01fad84..8ec1cb1c1a 100644 --- a/descriptions-next/ghec/dereferenced/ghec.deref.yaml +++ b/descriptions-next/ghec/dereferenced/ghec.deref.yaml @@ -20774,6 +20774,128 @@ paths: enabledForGitHubApps: true category: enterprise-admin subcategory: credential-authorizations + "/enterprises/{enterprise}/credential-authorizations/{username}/revoke": + post: + summary: Revoke credential authorizations for a user in an enterprise + description: |- + Revokes all credential authorizations for a single user within the enterprise. + This includes any credential authorizations the user has across all organizations + in the enterprise. + + For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all + credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting + the `revoke_credentials` parameter to `true`. + + This operation is performed asynchronously. A background job will be queued to process + the revocations. + + > [!WARNING] + > If you use a personal access token to call this endpoint and target yourself, that + > token may also be revoked or destroyed as part of this operation. + + The authenticated user must be an enterprise owner or have the `write_enterprise_credentials` permission to use this endpoint. + + OAuth app tokens and personal access tokens (classic) need the `admin:enterprise` scope to use this endpoint. + tags: + - enterprise-admin + operationId: enterprise-admin/revoke-credential-authorizations-for-user + externalDocs: + description: API method documentation + url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + parameters: + - *39 + - &140 + name: username + description: The handle for the GitHub user account. + in: path + required: true + schema: + type: string + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + revoke_credentials: + type: boolean + description: |- + Whether to also destroy the actual credentials (PATs and SSH keys) owned by + the user. This option is only available for Enterprise Managed User (EMU) + enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned + by the user will be destroyed in addition to the credential authorizations. + default: false + examples: + default: + value: + revoke_credentials: false + emu_with_credential_revocation: + summary: EMU enterprise with credential revocation + value: + revoke_credentials: true + responses: + '202': + description: Accepted - The revocation request has been queued + content: + application/json: + schema: + type: object + properties: + message: + type: string + description: A message indicating the revocation has been queued + warning: + type: string + description: A warning message if the token used for this request + may be revoked + examples: + default: + value: + message: Credential authorization revocation for user 'octocat' + has been queued + with_authorization_revoked_warning: + summary: Warning when the calling token may have its authorization + revoked + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also have its authorization + revoked as part of this operation + with_credential_destroyed_warning: + summary: Warning when the calling token may be destroyed (EMU with + `revoke_credentials`) + value: + message: Credential authorization revocation for user 'octocat' + has been queued + warning: The token used for this request may also be destroyed + as part of this operation + '403': *27 + '404': *6 + '422': + description: Validation error - The target user cannot be revoked, or `revoke_credentials` + is not available for this enterprise + content: + application/json: + schema: *3 + examples: + non_emu_enterprise: + summary: "`revoke_credentials` requested on a non-EMU enterprise" + value: + message: The `revoke_credentials` option is only available for + Enterprise Managed User (EMU) enterprises + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + first_emu_owner: + summary: Target user is the first EMU owner + value: + message: The first EMU owner cannot be targeted for credential + revocation. + documentation_url: https://docs.github.com/rest/enterprise-admin/credential-authorizations#revoke-credential-authorizations-for-a-user-in-an-enterprise + x-github: + githubCloudOnly: true + enabledForGitHubApps: true + category: enterprise-admin + subcategory: credential-authorizations "/enterprises/{enterprise}/dependabot/alerts": get: summary: List Dependabot alerts for an enterprise @@ -22445,13 +22567,7 @@ paths: url: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/enterprise-roles#remove-all-enterprise-roles-from-a-user parameters: - *39 - - &140 - name: username - description: The handle for the GitHub user account. - in: path - required: true - schema: - type: string + - *140 responses: '204': description: Response @@ -28060,6 +28176,8 @@ paths: - organization - repository - cost_center + - multi_user_customer + - user examples: - enterprise budget_entity_name: @@ -28067,6 +28185,18 @@ paths: description: The name of the entity to apply the budget to examples: - example-repository-name + user: + type: string + description: The user login when the budget is scoped to a + single user (`user` scope). + examples: + - octocat + consumed_amount: + type: number + description: The consumed amount for the specified user within + the budget. Only included for `user`-scoped budgets. + examples: + - 42.5 budget_amount: type: integer description: The budget amount in whole dollars. For license-based @@ -51455,7 +51585,7 @@ paths: get: summary: List SAML SSO authorizations for an organization description: |- - Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials are either personal access tokens or SSH keys that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). + Lists all credential authorizations for an organization that uses SAML single sign-on (SSO). The credentials can be personal access tokens, SSH keys, OAuth app access tokens, or user-to-server tokens from GitHub Apps that organization members have authorized for the organization. For more information, see [About authentication with SAML single sign-on](https://docs.github.com/enterprise-cloud@latest/articles/about-authentication-with-saml-single-sign-on). The authenticated user must be an organization owner to use this endpoint. @@ -51507,12 +51637,18 @@ paths: credential_type: type: string description: Human-readable description of the credential type. + enum: + - personal access token + - SSH key + - OAuth app token + - GitHub app token examples: - - SSH Key + - SSH key token_last_eight: type: string description: Last eight characters of the credential. Only included - in responses with credential_type of personal access token. + in responses with a credential_type of personal access token, + OAuth app token, or GitHub app token. examples: - '12345678' credential_authorized_at: @@ -51523,7 +51659,7 @@ paths: - '2011-01-26T19:06:43Z' scopes: type: array - description: List of oauth scopes the token has been granted. + description: List of OAuth scopes the token has been granted. items: type: string examples: @@ -51532,7 +51668,7 @@ paths: fingerprint: type: string description: Unique string to distinguish the credential. Only - included in responses with credential_type of SSH Key. + included in responses with a credential_type of SSH key. examples: - jklmnop12345678 credential_accessed_at: @@ -51548,9 +51684,9 @@ paths: type: - integer - 'null' - description: The ID of the underlying token that was authorized - by the user. This will remain unchanged across authorizations - of the token. + description: The ID of the underlying token or key that was + authorized by the user. This will remain unchanged across + authorizations of the token or key. examples: - 12345678 authorized_credential_title: @@ -51592,6 +51728,7 @@ paths: token_last_eight: 71c3fc11 credential_authorized_at: '2011-01-26T19:06:43Z' credential_accessed_at: '2011-01-26T19:06:43Z' + authorized_credential_id: 12345678 authorized_credential_expires_at: '2011-02-25T19:06:43Z' scopes: - user @@ -51601,10 +51738,39 @@ paths: credential_t{"code":"deadline_exceeded","msg":"operation timed out"}