How to delete a GitHub repo using the API

Pavel Tankov picture Pavel Tankov · Oct 11, 2013 · Viewed 16.3k times · Source

I am getting familiar with the GitHub API http://developer.github.com/v3/ I am trying things out both with RESTClient plugin for Firefox and with curl command line tool.

I have found out how to create a repo with the API, however I can't seem to delete it with the API.

According to the help here: http://developer.github.com/v3/repos/#delete-a-repository I must send a DELETE request like this:

curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/:owner/:repo

The help does not specify and I am not sure what they mean by :owner and :repo - whether these are the names or the ids but I tried both names and ids in several combinations without success. What I receive as a response is:

404 Not Found

What am I missing?

Answer

Ivan Zuzak picture Ivan Zuzak · Oct 11, 2013

If you created the token you're using through the Applications page, then this token will have these scopes: user, public_repo, repo, gist. You can verify this by making an API request with that token and looking at the response HTTP headers:

curl -v -H 'Authorization: token xxx' https://api.github.com

Look for the X-OAuth-Scopes response header which will have the list of scopes:

X-OAuth-Scopes: user, public_repo, repo, gist

However, to delete a repository, the token needs to have the delete_repo scope.

So, you need a token that has different scopes than the one you have. You can create such a token using the Authorizations API:

curl -v -u username -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo"], "note":"token with delete repo scope"}'

This will return a JSON document with the new token which you should be able to use to delete a repository:

{
  "id": XXXXX,
  "url": "https://api.github.com/authorizations/XXXXX",
  "app": {
    "name": "GitHub API",
    "url": "http://developer.github.com/v3/oauth/#oauth-authorizations-api",
    "client_id": "00000000000000000000"
  },
  "token": "XXXXXX",
  "note": "token with delete repo scope",
  "note_url": null,
  "created_at": "2013-10-11T20:34:49Z",
  "updated_at": "2013-10-11T20:34:49Z",
  "scopes": [
    "delete_repo"
  ]
}

Of course, when creating a token this way, you can ask for multiple scopes, not just the delete_repo scope.

Also, as a side-note, the reason why the API is returning a 404 error when you don't have the right authorization is to prevent information leakage.