Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.
 

 

Início rápido para a API REST do GitHub

Neste artigo

Saiba como começar com a API REST de GitHub.

Esse artigo descreve como começar rapidamente com a API REST de GitHub usando GitHub CLI, JavaScript ou cURL. Para um guia mais detalhado, consulte "Primeiros passos com a API REST."

Primeiros passos para usar o GitHub CLI

Usando GitHub CLI na linha de comando

GitHub CLI is the easiest way to use the GitHub REST API from the command line.

  1. Install GitHub CLI if you haven't installed it yet. For installation instructions, see the GitHub CLI repository.

  2. Use the auth login subcommand to authenticate to GitHub CLI. For more information, see the GitHub CLI auth login documentation.

    gh auth login

  3. Use the api subcommand to make your API request. For more information, see the GitHub CLI api documentation.

    gh api repos/octocat/Spoon-Knife/issues

Using GitHub CLI in GitHub Actions

You can also use GitHub CLI in your GitHub Actions workflows. For more information, see "Using GitHub CLI in workflows."

Instead of using the gh auth login command, pass an access token as an environment variable called GH_TOKEN. GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." Para obter mais informações sobre segredos, consulte "Segredos criptografados".

on:
  workflow_dispatch:
jobs:
  use_api:
    runs-on: ubuntu-latest
    permissions:
      issues: read
    steps:
      - env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh api repos/octocat/Spoon-Knife/issues

If you are authenticating with a aplicativo GitHub, you can create an installation access token within your workflow:

  1. Store your aplicativo GitHub's ID as a secret. In the following example, replace APP_ID with the name of the secret. Você pode encontrar o ID do seu aplicativo na página de configurações do seu aplicativo ou por meio da API do aplicativo. Para obter mais informações, consulte "Aplicativos". Para obter mais informações sobre segredos, consulte "Segredos criptografados".
  2. Gerar uma chave privada para o seu aplicativo. Store the contents of the resulting file as a secret. (Armazene todo o conteúdo do arquivo, incluindo -----BEGIN RSA PRIVATE KEY----- e -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. Para obter mais informações, consulte "Efetuando a autenticação com o Aplicativos do GitHub".
  3. Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. Por exemplo:
# This workflow uses actions that are not certified by GitHub.
# São fornecidas por terceiros e regidas por
# termos de serviço, política de privacidade e suporte separados
# documentação.

on:
  workflow_dispatch:
jobs:
  track_pr:
    runs-on: ubuntu-latest
    steps:
      - name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PEM }}

      - name: Use API
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          gh api repos/octocat/Spoon-Knife/issues

Getting started using JavaScript

You can use Octokit.js to interact with the GitHub REST API in your JavaScript scripts. For more information, see the Octokit.js README.

Using Octokit.js

  1. Create an access token. For example, create a personal access token (PAT) or a aplicativo GitHub user-to-server access token. For more information, see "Creating a personal access token" or "Identifying and authorizing users for GitHub Apps."

    Warning: Treat your access token like a password.

    To keep your token secure, you can store your token as a secret and run your script through GitHub Actions. For more information, see the "Using Octokit.js in GitHub Actions" section.

    You can also store your token as a Codespaces secret and run your script in Codespaces. For more information, see "Managing encrypted secrets for your codespaces."

    If these options are not possible, consider using another service such as the 1Password CLI to store your token securely.

  2. Install octokit. For example, npm install octokit. For other ways to install or load octokit, see the Octokit.js README.

  3. Import octokit in your script. For example, import { Octokit } from "octokit";. For other ways to import octokit, see the Octokit.js README.

  4. Create an instance of Octokit with your token. Replace YOUR-TOKEN with your token.

    const octokit = new Octokit({
  auth: 'YOUR-TOKEN'
});

  5. Use octokit.request to execute your request. Send the HTTP method and path as the first argument. Specify any path, query, and body parameters in an object as the second argument. For example, in the following request the HTTP method is GET, the path is /repos/{owner}/{repo}/issues, and the parameters are owner: "octocat" and repo: "Spoon-Knife".

    await octokit.request("GET /repos/{owner}/{repo}/issues", {
  owner: "octocat",
  repo: "Spoon-Knife",
});

Using Octokit.js in GitHub Actions

You can also execute your JavaScript scripts in your GitHub Actions workflows. For more information, see "Workflow syntax for GitHub Actions."

GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." Para obter mais informações sobre segredos, consulte "Segredos criptografados".

The following example workflow:

  1. Checks out the repository content
  2. Sets up Node.js
  3. Installs octokit
  4. Stores the value of GITHUB_TOKEN as an environment variable called TOKEN and runs .github/actions-scripts/use-the-api.mjs, which can access that environment variable as process.env.TOKEN

Example workflow:

on:
  workflow_dispatch:
jobs:
  use_api_via_script:
    runs-on: ubuntu-latest
    permissions:
      issues: read
    steps:
      - name: Check out repo content
        uses: actions/checkout@v3

      - name: Setup Node
        uses: actions/setup-node@v3
        with:
          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
        run: npm install octokit

      - name: Run script
        run: |
          node .github/actions-scripts/use-the-api.mjs
        env:
          TOKEN: ${{ secrets.GITHUB_TOKEN }}

Example JavaScript script, with the file path .github/actions-scripts/use-the-api.mjs:

import { Octokit } from "octokit"

const octokit = new Octokit({
  auth: process.env.TOKEN
});

try {
  const result = await octokit.request("GET /repos/{owner}/{repo}/issues", {
      owner: "octocat",
      repo: "Spoon-Knife",
    });

  const titleAndAuthor = result.data.map(issue => {title: issue.title, authorID: issue.user.id})

  console.log(titleAndAuthor)

} catch (error) {
  console.log(`Error! Status: ${error.status}. Message: ${error.response.data.message}`)
}

If you are authenticating with a aplicativo GitHub, you can create an installation access token within your workflow:

  1. Store your aplicativo GitHub's ID as a secret. In the following example, replace APP_ID with the name of the secret. Você pode encontrar o ID do seu aplicativo na página de configurações do seu aplicativo ou por meio da API do aplicativo. Para obter mais informações, consulte "Aplicativos". Para obter mais informações sobre segredos, consulte "Segredos criptografados".
  2. Gerar uma chave privada para o seu aplicativo. Store the contents of the resulting file as a secret. (Armazene todo o conteúdo do arquivo, incluindo -----BEGIN RSA PRIVATE KEY----- e -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. Para obter mais informações, consulte "Efetuando a autenticação com o Aplicativos do GitHub".
  3. Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. Por exemplo:
# This workflow uses actions that are not certified by GitHub.
# São fornecidas por terceiros e regidas por
# termos de serviço, política de privacidade e suporte separados
# documentação.

on:
  workflow_dispatch:
jobs:
  use_api_via_script:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repo content
        uses: actions/checkout@v3

      - name: Setup Node
        uses: actions/setup-node@v3
        with:
          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
        run: npm install octokit

      - name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PEM }}

      - name: Run script
        run: |
          node .github/actions-scripts/use-the-api.mjs
        env:
          TOKEN: ${{ steps.generate_token.outputs.token }}

Getting started using cURL

Using cURL in the command line

Note: If you want to make API requests from the command line, GitHub recommends that you use GitHub CLI, which simplifies authentication and requests. For more information about getting started with the REST API using GitHub CLI, see the GitHub CLI version of this article.

  1. Install cURL if cURL isn't already installed on your machine. To check if cURL is installed, execute curl --version in the command line. If the output is information about the cURL version, cURL is installed. If you get a message similar to command not found: curl, you need to download and install cURL. For more information, see the cURL project download page.

  2. Create an access token. For example, create a personal access token (PAT) or a aplicativo GitHub user-to-server access token. For more information, see "Creating a personal access token" or "Identifying and authorizing users for GitHub Apps."

    Warning: Treat your access token like a password.

    To keep your token secure, you can store your token as a Codespaces secret and use the command line through Codespaces. For more information, see "Managing encrypted secrets for your codespaces."

    You can also use GitHub CLI instead of cURL. GitHub CLI will take care of authentication for you. For more information, see the GitHub CLI version of this page.

    If these options are not possible, consider using another service such as the 1Password CLI to store your token securely.

  3. Use the cURL command to make your request. Pass your token in an Authorization header. Replace YOUR-TOKEN with your token.

    curl --request GET \
--url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
--header "Accept: application/vnd.github.v3+json" \
--header "Authorization: Bearer YOUR-TOKEN"

    Note: In most cases, you can use Authorization: Bearer or Authorization: token. JSON web tokens (JWTs) only work with Authorization: Bearer.

Using cURL in GitHub Actions

You can also use cURL in your GitHub Actions workflows.

GitHub recommends that you use the built-in GITHUB_TOKEN instead of creating a token. If this is not possible, store your token as a secret and replace GITHUB_TOKEN in the example below with the name of your secret. For more information about GITHUB_TOKEN, see "Automatic token authentication." Para obter mais informações sobre segredos, consulte "Segredos criptografados".

on:
  workflow_dispatch:
jobs:
  use_api:
    runs-on: ubuntu-latest
    permissions:
      issues: read
    steps:
      - env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          curl --request GET \
          --url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
          --header "Accept: application/vnd.github.v3+json" \
          --header "Authorization: Bearer $GH_TOKEN"

If you are authenticating with a aplicativo GitHub, you can create an installation access token within your workflow:

  1. Store your aplicativo GitHub's ID as a secret. In the following example, replace APP_ID with the name of the secret. Você pode encontrar o ID do seu aplicativo na página de configurações do seu aplicativo ou por meio da API do aplicativo. Para obter mais informações, consulte "Aplicativos". Para obter mais informações sobre segredos, consulte "Segredos criptografados".
  2. Gerar uma chave privada para o seu aplicativo. Store the contents of the resulting file as a secret. (Armazene todo o conteúdo do arquivo, incluindo -----BEGIN RSA PRIVATE KEY----- e -----END RSA PRIVATE KEY-----.) In the following example, replace APP_PEM with the name of the secret. Para obter mais informações, consulte "Efetuando a autenticação com o Aplicativos do GitHub".
  3. Add a step to generate a token, and use that token instead of GITHUB_TOKEN. Note that this token will expire after 60 minutes. Por exemplo:
# This workflow uses actions that are not certified by GitHub.
# São fornecidas por terceiros e regidas por
# termos de serviço, política de privacidade e suporte separados
# documentação.

on:
  workflow_dispatch:
jobs:
  use_api:
    runs-on: ubuntu-latest
    steps:
      - name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PEM }}

      - name: Use API
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          curl --request GET \
          --url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
          --header "Accept: application/vnd.github.v3+json" \
          --header "Authorization: Bearer $GH_TOKEN"

Próximas etapas

Para um guia mais detalhado, consulte "Primeiros passos com a API REST."