The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for rules

Use the REST API to manage rulesets for an enterprise. Rulesets control how people can interact with repositories and code.

Create an enterprise repository ruleset

Create a repository ruleset for an enterprise.

Fine-grained access tokens for "Create an enterprise repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Enterprise administration" enterprise permissions (write)

Parameters for "Create an enterprise repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.

Body parameters
Name, Type, Description
`name` string Required The name of the ruleset.
`target` string The target of the ruleset Default: `branch` Can be one of: `branch`, `tag`, `push`, `repository`
`enforcement` string Required The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an enterprise ruleset. The `conditions` object supports either of the following combinations: - `organization_id` and `repository_name` - `organization_id` and `repository_property` - `organization_name` and `repository_name` - `organization_name` and `repository_property` - `organization_property` and `repository_name` - `organization_property` and `repository_property` For branch and tag rulesets, the `conditions` object should also contain the `ref_name` property.
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Create an enterprise repository ruleset"

Status code	Description
`201`	Created
`404`	Resource not found
`500`	Internal Error

Code samples for "Create an enterprise repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

post/enterprises/{enterprise}/rulesets

Copy to clipboard curl request example

curl -L \
 -X POST \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"org_name":{"include":["important_org"],"exclude":["unimportant_org"]}},"rules":[{"type":"deletion"}]}'

Response

Status: 201

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Enterprise",
 "source": "my-enterprise",
 "enforcement": "active",
 "conditions": {
 "organization_name": {
 "include": [
 "important_organization"
 ]
 },
 "repository_name": {
 "include": [
 "~ALL"
 ]
 }
 },
 "rules": [
 {
 "type": "deletion"
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/enterprises/my-enterprise/rulesets/21"
 },
 "html": {
 "href": "https://github.com/enterprise/my-enterprise/settings/policies/repositories/21"
 }
 },
 "created_at": "2024-08-15T08:43:03Z",
 "updated_at": "2024-09-23T16:29:47Z"
}

Get an enterprise repository ruleset

Get a repository ruleset for an enterprise.

Note: To prevent leaking sensitive information, the bypass_actors property is only returned if the user making the API request has write access to the ruleset.

Fine-grained access tokens for "Get an enterprise repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Enterprise administration" enterprise permissions (write)

Parameters for "Get an enterprise repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Get an enterprise repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get an enterprise repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/enterprises/{enterprise}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets/RULESET_ID

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Enterprise",
 "source": "my-enterprise",
 "enforcement": "active",
 "conditions": {
 "organization_name": {
 "include": [
 "important_organization"
 ]
 },
 "repository_name": {
 "include": [
 "~ALL"
 ]
 }
 },
 "rules": [
 {
 "type": "deletion"
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/enterprises/my-enterprise/rulesets/21"
 },
 "html": {
 "href": "https://github.com/enterprise/my-enterprise/settings/policies/repositories/21"
 }
 },
 "created_at": "2024-08-15T08:43:03Z",
 "updated_at": "2024-09-23T16:29:47Z"
}

Update an enterprise repository ruleset

Update a ruleset for an enterprise.

Fine-grained access tokens for "Update an enterprise repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Enterprise administration" enterprise permissions (write)

Parameters for "Update an enterprise repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.
`ruleset_id` integer Required The ID of the ruleset.

Body parameters
Name, Type, Description
`name` string The name of the ruleset.
`target` string The target of the ruleset Can be one of: `branch`, `tag`, `push`, `repository`
`enforcement` string The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an enterprise ruleset. The `conditions` object supports either of the following combinations: - `organization_id` and `repository_name` - `organization_id` and `repository_property` - `organization_name` and `repository_name` - `organization_name` and `repository_property` - `organization_property` and `repository_name` - `organization_property` and `repository_property` For branch and tag rulesets, the `conditions` object should also contain the `ref_name` property.
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Update an enterprise repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Update an enterprise repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/enterprises/{enterprise}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X PUT \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets/RULESET_ID \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"org_name":{"include":["important_org"],"exclude":["unimportant_org"]}},"rules":[{"type":"deletion"}]}'

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Enterprise",
 "source": "my-enterprise",
 "enforcement": "active",
 "conditions": {
 "organization_name": {
 "include": [
 "important_organization"
 ]
 },
 "repository_name": {
 "include": [
 "~ALL"
 ]
 }
 },
 "rules": [
 {
 "type": "deletion"
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/enterprises/my-enterprise/rulesets/21"
 },
 "html": {
 "href": "https://github.com/enterprise/my-enterprise/settings/policies/repositories/21"
 }
 },
 "created_at": "2024-08-15T08:43:03Z",
 "updated_at": "2024-09-23T16:29:47Z"
}

Delete an enterprise repository ruleset

Delete a ruleset for an enterprise.

Fine-grained access tokens for "Delete an enterprise repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Enterprise administration" enterprise permissions (write)

Parameters for "Delete an enterprise repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Delete an enterprise repository ruleset"

Status code	Description
`204`	No Content
`404`	Resource not found
`500`	Internal Error

Code samples for "Delete an enterprise repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

delete/enterprises/{enterprise}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X DELETE \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets/RULESET_ID

Response

Status: 204

Get enterprise ruleset history

Get the history of an enterprise ruleset.

Fine-grained access tokens for "Get enterprise ruleset history"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Get enterprise ruleset history"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.
`ruleset_id` integer Required The ID of the ruleset.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

HTTP response status codes for "Get enterprise ruleset history"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get enterprise ruleset history"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/enterprises/{enterprise}/rulesets/{ruleset_id}/history

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets/RULESET_ID/history

Response

Status: 200

[
 {
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z"
 },
 {
 "version_id": 2,
 "actor": {
 "id": 2,
 "type": "User"
 },
 "updated_at": "2024-09-23T16:29:47Z"
 },
 {
 "version_id": 1,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-08-23T16:29:47Z"
 }
]

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.
`ruleset_id` integer Required The ID of the ruleset.
`version_id` integer Required The ID of the version

HTTP response status codes for "Get enterprise ruleset version"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get enterprise ruleset version"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/enterprises/{enterprise}/rulesets/{ruleset_id}/history/{version_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/enterprises/ENTERPRISE/rulesets/RULESET_ID/history/VERSION_ID

Response

Status: 200

{
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z",
 "state": {
 "id": 21,
 "name": "super cool ruleset",
 "target": "repository",
 "source_type": "Enterprise",
 "source": "my-enterprise",
 "enforcement": "active",
 "conditions": {
 "organization_name": {
 "include": [
 "important_organization"
 ]
 },
 "repository_name": {
 "include": [
 "~ALL"
 ]
 }
 },
 "rules": [
 {
 "type": "repository_delete"
 }
 ]
 }
}

URL: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/rules

REST API endpoints for rules

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response