エンタープライズ資格情報承認用の REST API エンドポイント

Revoke all credential authorizations for an enterprise

Revokes all credential authorizations for all organizations within the enterprise. This includes any guest, outside, or repository collaborators.

For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all credentials (PATs v1, PATs v2, and SSH keys) owned by enterprise members by setting the revoke_credentials parameter to true.

This operation is performed asynchronously. A background job will be queued to process the revocations.

Warning

If you use a personal access token to call this endpoint, that token may also be revoked or destroyed as part of this operation.

The authenticated user must be an enterprise owner or have the write_enterprise_credentials permission to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

"Revoke all credential authorizations for an enterprise" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Enterprise credentials" enterprise permissions (write)

"Revoke all credential authorizations for an enterprise" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`enterprise` string 必須 The slug version of the enterprise name.

ボディパラメータ
名前, タイプ, 説明
`revoke_credentials` boolean Whether to also destroy the actual credentials (PATs and SSH keys) owned by enterprise members. This option is only available for Enterprise Managed User (EMU) enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned by enterprise members will be destroyed in addition to the credential authorizations. デフォルト: `false`

"Revoke all credential authorizations for an enterprise" の HTTP 応答状態コード

状態コード	説明
`202`	Accepted - The revocation request has been queued
`403`	Forbidden
`404`	Resource not found
`422`	Validation error - The `revoke_credentials` option is only available for EMU enterprises

"Revoke all credential authorizations for an enterprise" のコードサンプル

GHE.com でGitHubにアクセスする場合は、api.github.com を、api.SUBDOMAIN.ghe.com にある企業の専用サブドメインに置き換えます。

要求の例

post/enterprises/{enterprise}/credential-authorizations/revoke-all

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/enterprises/ENTERPRISE/credential-authorizations/revoke-all \
  -d '{"revoke_credentials":false}'

Accepted - The revocation request has been queued

Status: 202

{
  "message": "Credential authorization revocation has been queued"
}

Revoke credential authorizations for a user in an enterprise

Revokes all credential authorizations for a single user within the enterprise. This includes any credential authorizations the user has across all organizations in the enterprise.

For Enterprise Managed User (EMU) enterprises, you can optionally also destroy all credentials (PATs v1, PATs v2, and SSH keys) owned by the user by setting the revoke_credentials parameter to true.

This operation is performed asynchronously. A background job will be queued to process the revocations.

Warning

If you use a personal access token to call this endpoint and target yourself, that token may also be revoked or destroyed as part of this operation.

The authenticated user must be an enterprise owner or have the write_enterprise_credentials permission to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

"Revoke credential authorizations for a user in an enterprise" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Enterprise credentials" enterprise permissions (write)

"Revoke credential authorizations for a user in an enterprise" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`enterprise` string 必須 The slug version of the enterprise name.
`username` string 必須 The handle for the GitHub user account.

ボディパラメータ
名前, タイプ, 説明
`revoke_credentials` boolean Whether to also destroy the actual credentials (PATs and SSH keys) owned by the user. This option is only available for Enterprise Managed User (EMU) enterprises. When set to `true`, all PATs (v1 and v2) and SSH keys owned by the user will be destroyed in addition to the credential authorizations. デフォルト: `false`

"Revoke credential authorizations for a user in an enterprise" の HTTP 応答状態コード

状態コード	説明
`202`	Accepted - The revocation request has been queued
`403`	Forbidden
`404`	Resource not found
`422`	Validation error - The target user cannot be revoked, or `revoke_credentials` is not available for this enterprise

"Revoke credential authorizations for a user in an enterprise" のコードサンプル

GHE.com でGitHubにアクセスする場合は、api.github.com を、api.SUBDOMAIN.ghe.com にある企業の専用サブドメインに置き換えます。

要求の例

post/enterprises/{enterprise}/credential-authorizations/{username}/revoke

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/enterprises/ENTERPRISE/credential-authorizations/USERNAME/revoke \
  -d '{"revoke_credentials":false}'

Accepted - The revocation request has been queued

Status: 202

{
  "message": "Credential authorization revocation for user 'octocat' has been queued"
}