This version of GitHub Enterprise Server was discontinued on 2024-12-19. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for rules

Use the REST API to manage rulesets for organizations. Organization rulesets control how people can interact with selected branches and tags in repositories in an organization.

Get all organization repository rulesets

Get all the repository rulesets for an organization.

Fine-grained access tokens for "Get all organization repository rulesets"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get all organization repository rulesets"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`
`targets` string A comma-separated list of rule targets to filter by. If provided, only rulesets that apply to the specified targets will be returned. For example, `branch,tag,push`.

HTTP response status codes for "Get all organization repository rulesets"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get all organization repository rulesets"

Request example

get/orgs/{org}/rulesets

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2022-11-28" \
 http(s)://HOSTNAME/api/v3/orgs/ORG/rulesets

Response

Status: 200

[
 {
 "id": 21,
 "name": "super cool ruleset",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://HOSTNAME/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-07-15T08:43:03Z",
 "updated_at": "2023-08-23T16:29:47Z"
 },
 {
 "id": 432,
 "name": "Another ruleset",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "enabled",
 "node_id": "RRS_lACkVXNlcgQQ",
 "_links": {
 "self": {
 "href": "https://HOSTNAME/orgs/my-org/rulesets/432"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/432"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
 }
]

Create an organization repository ruleset

Create a repository ruleset for an organization.

Fine-grained access tokens for "Create an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Create an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
`name` string Required The name of the ruleset.
`target` string The target of the ruleset. Default: `branch` Can be one of: `branch`, `tag`
`enforcement` string Required The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an organization ruleset. The branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties. The push rulesets conditions object does not require the `ref_name` property. For repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.
`rules` array of objects An array of rules within the ruleset.
`source_type` string The type of the source of the ruleset Can be one of: `Repository`, `Organization`

HTTP response status codes for "Create an organization repository ruleset"

Status code	Description
`201`	Created
`404`	Resource not found
`500`	Internal Error

Code samples for "Create an organization repository ruleset"

Request example

post/orgs/{org}/rulesets

curl -L \
 -X POST \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2022-11-28" \
 http(s)://HOSTNAME/api/v3/orgs/ORG/rulesets \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]},"repository_name":{"include":["important_repository","another_important_repository"],"exclude":["unimportant_repository"],"protected":true}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 201

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://HOSTNAME/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Get an organization repository ruleset

Get a repository ruleset for an organization.

Note: To prevent leaking sensitive information, the bypass_actors property is only returned if the user making the API request has write access to the ruleset.

Fine-grained access tokens for "Get an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Get an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Get an organization repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Get an organization repository ruleset"

Request example

get/orgs/{org}/rulesets/{ruleset_id}

curl -L \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2022-11-28" \
 http(s)://HOSTNAME/api/v3/orgs/ORG/rulesets/RULESET_ID

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://HOSTNAME/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Update an organization repository ruleset

Update a ruleset for an organization.

Fine-grained access tokens for "Update an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Update an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

Body parameters
Name, Type, Description
`name` string The name of the ruleset.
`target` string The target of the ruleset. Can be one of: `branch`, `tag`
`enforcement` string The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page. `evaluate` is not available for the `repository` target. Can be one of: `disabled`, `active`, `evaluate`
`bypass_actors` array of objects The actors that can bypass the rules in this ruleset
`conditions` object Conditions for an organization ruleset. The branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties. The push rulesets conditions object does not require the `ref_name` property. For repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.
`rules` array of objects An array of rules within the ruleset.

HTTP response status codes for "Update an organization repository ruleset"

Status code	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Code samples for "Update an organization repository ruleset"

Request example

put/orgs/{org}/rulesets/{ruleset_id}

curl -L \
 -X PUT \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2022-11-28" \
 http(s)://HOSTNAME/api/v3/orgs/ORG/rulesets/RULESET_ID \
 -d '{"name":"super cool ruleset","target":"branch","enforcement":"active","bypass_actors":[{"actor_id":234,"actor_type":"Team","bypass_mode":"always"}],"conditions":{"ref_name":{"include":["refs/heads/main","refs/heads/master"],"exclude":["refs/heads/dev*"]},"repository_name":{"include":["important_repository","another_important_repository"],"exclude":["unimportant_repository"],"protected":true}},"rules":[{"type":"commit_author_email_pattern","parameters":{"operator":"contains","pattern":"github"}}]}'

Response

Status: 200

{
 "id": 21,
 "name": "super cool ruleset",
 "target": "branch",
 "source_type": "Organization",
 "source": "my-org",
 "enforcement": "active",
 "bypass_actors": [
 {
 "actor_id": 234,
 "actor_type": "Team",
 "bypass_mode": "always"
 }
 ],
 "conditions": {
 "ref_name": {
 "include": [
 "refs/heads/main",
 "refs/heads/master"
 ],
 "exclude": [
 "refs/heads/dev*"
 ]
 },
 "repository_name": {
 "include": [
 "important_repository",
 "another_important_repository"
 ],
 "exclude": [
 "unimportant_repository"
 ],
 "protected": true
 }
 },
 "rules": [
 {
 "type": "commit_author_email_pattern",
 "parameters": {
 "operator": "contains",
 "pattern": "github"
 }
 }
 ],
 "node_id": "RRS_lACkVXNlcgQB",
 "_links": {
 "self": {
 "href": "https://HOSTNAME/orgs/my-org/rulesets/21"
 },
 "html": {
 "href": "https://github.com/organizations/my-org/settings/rules/21"
 }
 },
 "created_at": "2023-08-15T08:43:03Z",
 "updated_at": "2023-09-23T16:29:47Z"
}

Delete an organization repository ruleset

Delete a ruleset for an organization.

Fine-grained access tokens for "Delete an organization repository ruleset"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Delete an organization repository ruleset"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`ruleset_id` integer Required The ID of the ruleset.

HTTP response status codes for "Delete an organization repository ruleset"

Status code	Description
`204`	No Content
`404`	Resource not found
`500`	Internal Error

Code samples for "Delete an organization repository ruleset"

Request example

delete/orgs/{org}/rulesets/{ruleset_id}

curl -L \
 -X DELETE \
 -H "Accept: application/vnd.github+json" \
 -H "Authorization: Bearer <YOUR-TOKEN>" \
 -H "X-GitHub-Api-Version: 2022-11-28" \
 http(s)://HOSTNAME/api/v3/orgs/ORG/rulesets/RULESET_ID

Response

Status: 204

URL: https://docs.github.com/en/enterprise-server@3.11/rest/orgs/rules