The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for rules

Use the REST API to manage rulesets for organizations. Organization rulesets control how people can interact with selected branches and tags in repositories in an organization.

Get all organization repository rulesets

Get all the repository rulesets for an organization.

Fine-grained access tokens for "Get all organization repository rulesets"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get all organization repository rulesets"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`
`targets` string A comma-separated list of rule targets to filter by. If provided, only rulesets that apply to the specified targets will be returned. For example, `branch,tag,push`.

HTTP response status codes for "Get all organization repository rulesets"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get all organization repository rulesets"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/rulesets

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets

Response

Status: 200

[
 {
 "id": 21,
 "name": "super cool ruleset",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
 },
 {
 "id": 432,
 "name": "Another ruleset",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQQ",
 "_links": {
 "self": {
 "href": "https://api.github.com/orgs/my-org/rulesets/432"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/432"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
 }
]

Create an organization repository ruleset

Create a repository ruleset for an organization.

Fine-grained access tokens for "Create an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Create an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
`name` string Required The name of the ruleset.
`target` string The target of the ruleset Default: `branch` Can be one of: `branch`, `tag`, `push`, `repository`
`enforcement` string Required The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an organization ruleset. The branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties. The push rulesets conditions object does not require the `ref_name` property. For repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Create an organization repository ruleset"

Status code	Description
`201`	Created
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Code samples for "Create an organization repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

post/orgs/{org}/rulesets

Copy to clipboard curl request example

curl -L \
 -X POST \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]},"repository_name":{"include":["important_repository","another_important_repository"],"exclude":["unimportant_repository"],"protected":true}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 201

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Get an organization repository ruleset

Get a repository ruleset for an organization.

Note: To prevent leaking sensitive information, the bypass_actors property is only returned if the user making the API request has write access to the ruleset.

Fine-grained access tokens for "Get an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Get an organization repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get an organization repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets/RULESET_ID

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Update an organization repository ruleset

Update a ruleset for an organization.

Fine-grained access tokens for "Update an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Update an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Body parameters
Name, Type, Description
`name` string The name of the ruleset.
`target` string The target of the ruleset Can be one of: `branch`, `tag`, `push`, `repository`
`enforcement` string The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an organization ruleset. The branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties. The push rulesets conditions object does not require the `ref_name` property. For repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Update an organization repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Code samples for "Update an organization repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/orgs/{org}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X PUT \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets/RULESET_ID \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]},"repository_name":{"include":["important_repository","another_important_repository"],"exclude":["unimportant_repository"],"protected":true}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Delete an organization repository ruleset

Delete a ruleset for an organization.

Fine-grained access tokens for "Delete an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Delete an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Delete an organization repository ruleset"

Status code	Description
`204`	No Content
`404`	Resource not found
`500`	Internal Error

Code samples for "Delete an organization repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

delete/orgs/{org}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X DELETE \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets/RULESET_ID

Response

Status: 204

Get organization ruleset history

Get the history of an organization ruleset.

Fine-grained access tokens for "Get organization ruleset history"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get organization ruleset history"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

HTTP response status codes for "Get organization ruleset history"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get organization ruleset history"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/rulesets/{ruleset_id}/history

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets/RULESET_ID/history

Response

Status: 200

[
 {
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z"
 },
 {
 "version_id": 2,
 "actor": {
 "id": 2,
 "type": "User"
 },
 "updated_at": "2024-09-23T16:29:47Z"
 },
 {
 "version_id": 1,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-08-23T16:29:47Z"
 }
]

Get organization ruleset version

Get a version of an organization ruleset.

Fine-grained access tokens for "Get organization ruleset version"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get organization ruleset version"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.
`version_id` integer Required The ID of the version

HTTP response status codes for "Get organization ruleset version"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get organization ruleset version"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/rulesets/{ruleset_id}/history/{version_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/orgs/ORG/rulesets/RULESET_ID/history/VERSION_ID

Response

Status: 200

{
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z",
 "state": {
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ]
 }
}

URL: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/rules

REST API endpoints for rules

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response