21

I am getting familiar with the GitHub API http://developer.github.com/v3/ I am trying things out both with RESTClient plugin for Firefox and with curl command line tool.

I have found out how to create a repo with the API, however I can't seem to delete it with the API.

According to the help here: http://developer.github.com/v3/repos/#delete-a-repository I must send a DELETE request like this:

curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/:owner/:repo

The help does not specify and I am not sure what they mean by :owner and :repo - whether these are the names or the ids but I tried both names and ids in several combinations without success. What I receive as a response is:

404 Not Found

What am I missing?

Pavel Tankov
  • 429
  • 1
  • 4
  • 12
  • If you have `github.com/foo/bar`, then `:owner` is `foo` and `:repo` is `bar`. – user247702 Oct 11 '13 at 13:41
  • Thanks, but still `curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/foo/bar` doesn't work – Pavel Tankov Oct 11 '13 at 14:02
  • What do you get with fake credentials and an unexisting repo? I get this: `$ curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/foo/bar { "message": "Bad credentials", "documentation_url": "http://developer.github.com/v3" }` – user247702 Oct 11 '13 at 14:03
  • I am using correct credentials. I put 'xxx' here just as a placeholder because I don't want to disclose my real token. – Pavel Tankov Oct 11 '13 at 14:11
  • Yes, but what do you get when you execute that exact request? Do you get the same error message as me, or a 404? – user247702 Oct 11 '13 at 14:11

2 Answers2

29

If you created the token you're using through the Applications page, then this token will have these scopes: user, public_repo, repo, gist. You can verify this by making an API request with that token and looking at the response HTTP headers:

curl -v -H 'Authorization: token xxx' https://api.github.com

Look for the X-OAuth-Scopes response header which will have the list of scopes:

X-OAuth-Scopes: user, public_repo, repo, gist

However, to delete a repository, the token needs to have the delete_repo scope.

So, you need a token that has different scopes than the one you have. You can create such a token using the Authorizations API:

curl -v -u username -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo"], "note":"token with delete repo scope"}'

This will return a JSON document with the new token which you should be able to use to delete a repository:

{
  "id": XXXXX,
  "url": "https://api.github.com/authorizations/XXXXX",
  "app": {
    "name": "GitHub API",
    "url": "http://developer.github.com/v3/oauth/#oauth-authorizations-api",
    "client_id": "00000000000000000000"
  },
  "token": "XXXXXX",
  "note": "token with delete repo scope",
  "note_url": null,
  "created_at": "2013-10-11T20:34:49Z",
  "updated_at": "2013-10-11T20:34:49Z",
  "scopes": [
    "delete_repo"
  ]
}

Of course, when creating a token this way, you can ask for multiple scopes, not just the delete_repo scope.

Also, as a side-note, the reason why the API is returning a 404 error when you don't have the right authorization is to prevent information leakage.

Ivan Zuzak
  • 18,068
  • 3
  • 69
  • 61
  • If you enabled two-factor authentication for your account, add your authentication code as header value of "X-GitHub-OTP" [Working with two-factor authentication](http://developer.github.com/v3/auth/#working-with-two-factor-authentication) – Gene Wu Jan 02 '14 at 14:59
  • 3
    The Github website user interface now provides a means of creating a token with multiple scopes. If @Ivan Zuzak could please update his answer to include a current example of how to create a multiple scope tokken from the command line, that would be greatly appreciated. My attempts at using `curl -v -u username -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo"]}'` did not work -- perhaps because the API has changed since the original post. – lawlist Apr 13 '14 at 21:51
  • 2
    The example of the original poster for `... /:owner/:repo` is not correct -- the colons need to be dropped -- here is a current example after a token containing `delete_repo` authorization has been created: `curl -X DELETE -H 'Authorization: token xxx' https://api.github.com/repos/USERNAME/NAME-OF-REPO` – lawlist Apr 13 '14 at 21:59
  • 1
    @lawlist You were probably getting a warning that you didn't supply a "note", which is a required field as of recently: https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization. I updated the example to include a note. Let me know if you're still having trouble and please provide the error you're getting from the API. – Ivan Zuzak Apr 14 '14 at 09:22
  • 1
    Also, those colons are a standard way of describing parameters in the path part of an URL: https://developer.github.com/v3/#parameters – Ivan Zuzak Apr 14 '14 at 09:24
  • 1
    Thank you very much for updating your example, and for explaining that colons are an accepted method of describing parameters that would be replaced with variable information. In case anyone needs this in the future, here is an example for a multiple scope token based upon your updated example: `curl -v -u USERNAME:PASSWORD -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo","repo","gist","user"], "note":"Token with multiple scopes."}'` – lawlist Apr 14 '14 at 16:34
  • With your first cmd, I get `x-oauth-scopes: repo`. I have one personal access token on github, but the client one might be wrong. how can I find out? – Timo Jun 01 '21 at 18:38
20

To delete a GitHub repo:

curl \
  -X DELETE \
  -H "Accept: application/vnd.github.v3+json" \
  -H "Authorization: token ${token}" \
   https://api.github.com/repos/${username}/${reponame}

Define or replace ${token}, ${username}, and ${reponame}. The token must have access to the delete_repo scope.

Asclepius
  • 57,944
  • 17
  • 167
  • 143
Alex Cory
  • 10,635
  • 10
  • 52
  • 62