I am getting familiar with the GitHub API http://developer.github.com/v3/ I am trying things out both with RESTClient plugin for Firefox and with curl command line tool.
I have found out how to create a repo with the API, however I can't seem to delete it with the API.
According to the help here: http://developer.github.com/v3/repos/#delete-a-repository I must send a DELETE request like this:
curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/:owner/:repo
The help does not specify and I am not sure what they mean by :owner and :repo - whether these are the names or the ids but I tried both names and ids in several combinations without success. What I receive as a response is:
404 Not Found
What am I missing?
If you created the token you're using through the Applications page, then this token will have these scopes: user
, public_repo
, repo
, gist
. You can verify this by making an API request with that token and looking at the response HTTP headers:
curl -v -H 'Authorization: token xxx' https://api.github.com
Look for the X-OAuth-Scopes
response header which will have the list of scopes:
X-OAuth-Scopes: user, public_repo, repo, gist
However, to delete a repository, the token needs to have the delete_repo
scope.
So, you need a token that has different scopes than the one you have. You can create such a token using the Authorizations API:
curl -v -u username -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo"], "note":"token with delete repo scope"}'
This will return a JSON document with the new token which you should be able to use to delete a repository:
{
"id": XXXXX,
"url": "https://api.github.com/authorizations/XXXXX",
"app": {
"name": "GitHub API",
"url": "http://developer.github.com/v3/oauth/#oauth-authorizations-api",
"client_id": "00000000000000000000"
},
"token": "XXXXXX",
"note": "token with delete repo scope",
"note_url": null,
"created_at": "2013-10-11T20:34:49Z",
"updated_at": "2013-10-11T20:34:49Z",
"scopes": [
"delete_repo"
]
}
Of course, when creating a token this way, you can ask for multiple scopes, not just the delete_repo
scope.
Also, as a side-note, the reason why the API is returning a 404 error when you don't have the right authorization is to prevent information leakage.