Skip to main content

GitHub Cloud API endpoints

Overview

Glean uses GitHub's standard REST API to crawl your GitHub Cloud organization, plus the git protocol to clone repository contents. All GitHub App permissions are fixed and read-only: organization admins cannot change them.

GitHub App permissions

The Glean GitHub App requests the following read-only permissions. They are set when the App is installed and cannot be scoped down or expanded per organization. Permissions are grouped by the level they apply to.

PermissionAccessWhat it covers
AdministrationRead-onlyRepository settings and metadata
ContentsRead-onlyCode, files, commits, and READMEs
Commit statusesRead-onlyCommit status checks
IssuesRead-onlyIssues and issue comments
MetadataRead-onlyBasic repository information (always required)
Pull requestsRead-onlyPull requests, reviews, comments, and diffs
PagesRead-onlyGitHub Pages content for legacy gh-pages sites

API endpoints

EndpointPermissionsURL
List installations for the authenticated appRead/app/installations
Create an installation access token for an app/app/installations/%/access_token
Repository permissions for Metadata (repositories)Read/org/%/repos
Organization permissions for MembersRead/org/%/members
List organization teamsRead/org/%/teams
List team membersRead/org/%/teams/%/members
List team repositoriesRead/org/%/teams/%/repos
Repository permissions for Metadata (repository)Read/repos/%
Repository permissions for IssuesRead/repos/%/issues
Repository permissions for Issues (comments)Read/repos/%/issues/%/comments
Repository permissions for Pull requestsRead/repos/%/pulls
Repository permissions for Pull requests (detail)Read/repos/%/pulls/%
Repository permissions for Pull requests (comments)Read/repos/%/pulls/%/comments
Repository permissions for Pull requests (reviews)Read/repos/%/pulls/%/reviews
Repository permissions for Metadata (collaborators)Read/repos/%/collaborators
Per-user OAuth: request a user's GitHub identity (scope user:email) to get a codeRead/login/oauth/authorize
Per-user OAuth: exchange the code for an access token/login/oauth/access_token
Per-user OAuth: get the authenticated user (scope user:email)/user
User permissions for Email addressesRead/user/emails

Git protocol endpoints

In addition to the REST API, the connector uses the git protocol to read repository contents. These endpoints are prefixed by the configured git domain:

GET /<repository-name>.git/info/refs?service=git-upload-pack
POST /<repository-name>.git/git-upload-pack