I am so confused. This is the only request of data I want, that works properly:
meta {
name: Get an organization
type: http
seq: 1
}
get {
url: {{host}}/orgs/propromo-software
body: none
auth: bearer
}
headers {
X-GitHub-Api-Version: 2022-11-28
Accept: application/vnd.github+json
}
auth:bearer {
token: {{GITHUB_API_TOKEN}}
}
Somehow this one returns an empty array (there are public projects in the organisation, I am the creator and the owner of the organisation and the project and the previous request works fine):
meta {
name: List organization projects
type: http
seq: 1
}
get {
url: {{host}}/orgs/propromo-software/projects
body: none
auth: bearer
}
headers {
X-GitHub-Api-Version: 2022-11-28
Accept: application/vnd.github+json
}
auth:bearer {
token: {{GITHUB_API_TOKEN}}
}
These two: {{host}}/projects/1/collaborators, {{host}}/projects/1/columns and some other ones return:
{
"message": "Must have admin rights to Repository.",
"documentation_url": "https://docs.github.com/rest/projects/cards#list-project-cards"
}
This is confusing, because as I said: "I am the creator of the organisation and everything in it". After reading that, I added myself as collaborator to the repo. Still doesn't work.
What I tried: Fine-grained personal access tokens (using the organisation) and Personal access tokens (classic) (using my personal account, the one that I created the organisation with).
(I use bruno for the request testing)
The token type should be valid too according to https://docs.github.com/de/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28:
Note: In most cases, you can use Authorization: Bearer or Authorization: token to pass a token. However, if you are passing a JSON web token (JWT), you must use Authorization: Bearer.
And Yes, I tried using curl too. Same results. First I tried a token with read acces to almost everything and then I tried one that had every privilige possible. I also authenticated with all the tokens i tried fetching data with (https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28#basic-authentication).
If that is the problem...
After detecting several requests with invalid credentials within a short period, the API will temporarily reject all authentication attempts for that user (including ones with valid credentials) with a 403 Forbidden response. For more information, see "Rate limits for the REST API."
To access everything publicly available to an organization through the GitHub API, the best approach is to use a Personal Access Token (PAT) with the appropriate scopes. From your question, you have already tried using both fine-grained personal access tokens and classic personal access tokens.
Still, make sure you have
repoandadmin:orgscopes (start with a classic token, for testing).Replace
{{GITHUB_API_TOKEN}}in your request with the PAT you have created. Make sure you are using the correct GitHub API version in your headers.Consider GitHub's rate limiting, especially after several failed attempts. And make sure the projects you are trying to access are indeed public.
But, regarding
/projects, it does not seems to be exposed through REST API, only GraphQL. See discussions 28932As noted in "REST API / Projects (classic)":