The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for rules

Use the REST API to manage rulesets for repositories. Rulesets control how people can interact with selected branches and tags in a repository.

Get rules for a branch

Returns all active rules that apply to the specified branch. The branch does not need to exist; rules that would apply to a branch with that name will be returned. All active rules that apply will be returned, regardless of the level at which they are configured (e.g. repository or organization). Rules in rulesets with "evaluate" or "disabled" enforcement statuses are not returned.

Fine-grained access tokens for "Get rules for a branch"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Metadata" repository permissions (read)

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

Parameters for "Get rules for a branch"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`branch` string Required The name of the branch. Cannot contain wildcard characters. To use wildcard characters in branch names, use the GraphQL API.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

HTTP response status codes for "Get rules for a branch"

Status code	Description
`200`	OK

Code samples for "Get rules for a branch"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/rules/branches/{branch}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rules/branches/BRANCH

Response

Status: 200

[
 {
 "type": "commit_message_pattern",
 "ruleset_source_type": "Repository",
 "ruleset_source": "monalisa/my-repo",
 "ruleset_id": 42,
 "parameters": {
 "operator": "starts_with",
 "pattern": "issue"
 }
 },
 {
 "type": "commit_author_email_pattern",
 "ruleset_source_type": "Organization",
 "ruleset_source": "my-org",
 "ruleset_id": 73,
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
]

Get all repository rulesets

Get all the rulesets for a repository.

Fine-grained access tokens for "Get all repository rulesets"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Metadata" repository permissions (read)

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

Parameters for "Get all repository rulesets"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`
`includes_parents` boolean Include rulesets configured at higher levels that apply to this repository Default: `true`
`targets` string A comma-separated list of rule targets to filter by. If provided, only rulesets that apply to the specified targets will be returned. For example, `branch,tag,push`.

HTTP response status codes for "Get all repository rulesets"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get all repository rulesets"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/rulesets

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets

Response

Status: 200

[
 {
 "id": 42,
 "name": "super cool ruleset",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/repos/monalisa/my-repo/rulesets/42"
 },
 "html": {
 "href": "https://github.com/monalisa/my-repo/rules/42"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
 },
 {
 "id": 314,
 "name": "Another ruleset",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQQ",
 "_links": {
 "self": {
 "href": "https://api.github.com/repos/monalisa/my-repo/rulesets/314"
 },
 "html": {
 "href": "https://github.com/monalisa/my-repo/rules/314"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
 }
]

Create a repository ruleset

Create a ruleset for a repository.

Fine-grained access tokens for "Create a repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Create a repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Body parameters
Name, Type, Description
`name` string Required The name of the ruleset.
`target` string The target of the ruleset Default: `branch` Can be one of: `branch`, `tag`, `push`
`enforcement` string Required The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Parameters for a repository ruleset ref name condition
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Create a repository ruleset"

Status code	Description
`201`	Created
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Code samples for "Create a repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

post/repos/{owner}/{repo}/rulesets

Copy to clipboard curl request example

curl -L \
 -X POST \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 201

{
 "id": 42,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/repos/monalisa/my-repo/rulesets/42"
 },
 "html": {
 "href": "https://github.com/monalisa/my-repo/rules/42"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
}

Get a repository ruleset

Get a ruleset for a repository.

Note: To prevent leaking sensitive information, the bypass_actors property is only returned if the user making the API request has write access to the ruleset.

Fine-grained access tokens for "Get a repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Metadata" repository permissions (read)

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

Parameters for "Get a repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Query parameters
Name, Type, Description
`includes_parents` boolean Include rulesets configured at higher levels that apply to this repository Default: `true`

HTTP response status codes for "Get a repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get a repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets/RULESET_ID

Response

Status: 200

{
 "id": 42,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/repos/monalisa/my-repo/rulesets/42"
 },
 "html": {
 "href": "https://github.com/monalisa/my-repo/rules/42"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
}

Update a repository ruleset

Update a ruleset for a repository.

Fine-grained access tokens for "Update a repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Update a repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Body parameters
Name, Type, Description
`name` string The name of the ruleset.
`target` string The target of the ruleset Can be one of: `branch`, `tag`, `push`
`enforcement` string The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Parameters for a repository ruleset ref name condition
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Update a repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Code samples for "Update a repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/repos/{owner}/{repo}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X PUT \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets/RULESET_ID \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 200

{
 "id": 42,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://api.github.com/repos/monalisa/my-repo/rulesets/42"
 },
 "html": {
 "href": "https://github.com/monalisa/my-repo/rules/42"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
}

Delete a repository ruleset

Delete a ruleset for a repository.

Fine-grained access tokens for "Delete a repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Delete a repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Delete a repository ruleset"

Status code	Description
`204`	No Content
`404`	Resource not found
`500`	Internal Error

Code samples for "Delete a repository ruleset"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

delete/repos/{owner}/{repo}/rulesets/{ruleset_id}

Copy to clipboard curl request example

curl -L \
 -X DELETE \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets/RULESET_ID

Response

Status: 204

Get repository ruleset history

Get the history of a repository ruleset.

Fine-grained access tokens for "Get repository ruleset history"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Get repository ruleset history"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

HTTP response status codes for "Get repository ruleset history"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get repository ruleset history"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/rulesets/{ruleset_id}/history

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets/RULESET_ID/history

Response

Status: 200

[
 {
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z"
 },
 {
 "version_id": 2,
 "actor": {
 "id": 2,
 "type": "User"
 },
 "updated_at": "2024-09-23T16:29:47Z"
 },
 {
 "version_id": 1,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-08-23T16:29:47Z"
 }
]

Get repository ruleset version

Get a version of a repository ruleset.

Fine-grained access tokens for "Get repository ruleset version"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Get repository ruleset version"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.
`version_id` integer Required The ID of the version

HTTP response status codes for "Get repository ruleset version"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get repository ruleset version"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/rulesets/{ruleset_id}/history/{version_id}

Copy to clipboard curl request example

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2026-03-10" \
 https://api.github.com/repos/OWNER/REPO/rulesets/RULESET_ID/history/VERSION_ID

Response

Status: 200

{
 "version_id": 3,
 "actor": {
 "id": 1,
 "type": "User"
 },
 "updated_at": "2024-10-23T16:29:47Z",
 "state": {
 "id": 42,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Repository",
 "source": "monalisa/my-repo",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ]
 }
}

URL: https://docs.github.com/en/enterprise-cloud@latest/rest/repos/rules

REST API endpoints for rules

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response

Request example

Response