Announcing the new GitHub Developer Program

Iteration is an essential part of building anything, be it an application, a company...even a developer program. Over the past few months we've had conversations with thousands of developers from all over the globe. Thanks to the insights and feedback shared with us, today we're announcing two exciting changes to the program.

First, we're opening access to the Developer Program to users without a paid account. That means almost any developer, at any stage of production, can take advantage of this opportunity. Second, we've introduced participation levels that will allow members to receive not only benefits from GitHub and our partners, but a path to successful development for your next great application.

Here's how the levels work:

Level 1

If you're just getting started, or need a little help getting off the ground, this level provides you with tools to learn more about the GitHub API and join our integrator community, such as dedicated Developer Program content and events.

Level 2

At this crucial stage, you've already launched a successful app — now we'll help you grow by taking full advantage of level 1 benefits as well as GitHub.com credits and network discounts.

Level 3

At this level, you're maintaining your successful application, and thinking about how to grow. You'll receive level 1 and 2 benefits, as well as GDP member spotlights and consulting services to help you scale successfully, among other rewards.

If you're already enrolled in the GitHub Developer Program, no action is needed on your end. You will receive an email detailing your level, as well as your benefits. If you'd like to join the GitHub Developer Program, visit our homepage to sign up.

If you have any questions or feedback, please get in touch with us!

Protected Branches API Pull Request Review Dismissal Restrictions

Today we're releasing an addition to the Protected Branches API preview, the ability to restrict dismissals to a specific group of users and teams.

To access the Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Merge methods API is now official

We're making the Merge methods API part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.polaris-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

Note: During the preview period, we initially added a squash property in the payload to the pull request merge endpoint. This property was superseded by a merge_method property to support both "squash and merge" as well as "rebase and merge" operations. With the end of the preview period, support for the squash property was removed in favor of the merge_method property.

If you have any questions or feedback, please get in touch with us!

Organization Memberships API is now official

We're making the Organization Membership part of the official GitHub API.

During the preview period you needed to provide the application/vnd.github.korra-preview preview media type in the Accept header to opt-in to the changes. Now that the preview period has ended, you no longer need to specify this custom media type.

If you have any questions or feedback, please get in touch with us!

Protected Branches API Admin Enforcement Updates

Today we're releasing an addition to the Protected Branches API preview, the ability to turn on and off admin settings in one place!

This will be a breaking change in the near future. To make the transition easier, we're allowing you to set admin settings the old way by passing include_admins for required_status_checks or required_pull_request_reviews on the general update branch protection endpoint until April 21, 2017. At that point, the only way to change your admin settings will be to pass enforce_admins, and passing include_admins will receive 404 responses.

To access Protected Branches API during the preview period, you must provide a custom media type in the Accept header:

application/vnd.github.loki-preview+json

If you have any questions or feedback, please let us know!

Discontinue support for weak cryptographic standards

GitHub is announcing the immediate deprecation, and eventual disablement, of our use of the following cryptographic standards:

• TLSv1/TLSv1.1 - This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
• diffie-hellman-group1-sha1 - This applies to all SSH connections to github.com.
• diffie-hellman-group14-sha1 - This applies to all SSH connections to github.com.

All of the above will be disabled on February 1, 2018.

For full details on the deprecation, please see our GitHub Engineering blog post.

As always, if you have any questions, please get in touch.

Community Health API Improvements

Based on initial feedback to our Community Health API, we have made some breaking changes to what the API returns in response to a request. These changes make available more detailed information about each of the files that contributes to the overall health score.

As before, you can access this API during the preview period by providing a custom media type in the Accept header:

application/vnd.github.black-panther-preview

For example:

curl "https://api.github.com/repos/github/hubot/community/profile" \
  -H 'Authorization: token TOKEN' \
  -H "Accept: application/vnd.github.black-panther-preview"

For details on the data returned from this endpoint, refer to the documentation.

If you have any questions or feedback, please let us know.

New user blocking APIs and webhook

You've been able to block users from your personal account and from organizations you administer for a while now. Starting today, you can block and unblock users via the API and can subscribe to receive a webhook when you do.

Blocking users from your personal account

Blocking a user denies them access to your activity and repositories, and prevents them from sending you notifications. With the user blocking API preview, you can block and unblock a particular user, see which users you've blocked, and check whether you've blocked a particular user.

For example, to block the @octocat user from your personal account:

curl https://api.github.com/user/blocks/octocat \
 -X PUT
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Blocking users from your organization

Organization owners can block users to remove their ability to collaborate on the organization's repositories. With the organization user blocking API, organization administrators can see which users the organization has blocked, check if a particular user is blocked, and of course, block or unblock users from the organization.

For example, to get a list of the users that the @atom organization has blocked:

curl https://api.github.com/orgs/atom/blocks \
 -X GET
 -H 'Authorization: token TOKEN' \
 -H "Accept: application/vnd.github.giant-sentry-fist-preview+json"

Accessing the user blocking API during the Early Access period

To access the user blocking API during the Early Access period, you must provide a custom media type in the Accept header:

application/vnd.github.giant-sentry-fist-preview+json

During the preview period, we may change aspects of these API methods based on developer feedback. If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.

New webhook: OrgBlockEvent

You can now subscribe to a new webhook event for when an organization blocks or unblocks a user. You'll automatically begin receiving these events if your organization has a webhook that is subscribed to wildcard events. As always, we continue to recommend listening for the actions in order to future-proof your code.

The new OrgBlockEvent contains the following payload:

• action - Either blocked or unblocked
• blocked_user - The user that was blocked or unblocked
• organization - The organization that blocked or unblocked the user
• sender - The user who sent the blocking/unblocking request on behalf of the organization

As always, if you have any questions or feedback, please get in touch with us.

API changes for Community Health

GitHub cares about healthy communities forming and thriving around open source projects. To promote and support these kinds of projects, we are introducing Community Health metrics to the platform.

We've created a new GitHub endpoint to retrieve community health metrics for any public repository.

You can enable these changes during the preview period by providing a custom media type in the Accept header:

application/vnd.github.black-panther-preview

For example:

curl "https://api.github.com/repos/github/hubot/community/profile" \
  -H 'Authorization: token TOKEN' \
  -H "Accept: application/vnd.github.black-panther-preview"

If you have any questions or feedback, please let us know.

New Webhooks for Projects

We're releasing new webhook events for projects. You'll automatically begin receiving these events if you have a webhook that is subscribed to wildcard events. As always, we continue to recommend listening for the actions in order to future-proof your code.

The new events and actions are detailed below.

ProjectEvent

• created: sent when a project is created.
• edited: sent when a project's name and/or body are updated.
• deleted: sent when a project is deleted.

ProjectColumnEvent

• created: sent when a project column is created.
• edited: sent when a project column's name is updated.
• deleted: sent when a project column is deleted.
• moved: sent when a project column is moved to new position.

ProjectCardEvent

• created: sent when a project card is created.
• edited: sent when a project card's note changes.
• deleted: sent when a project card is deleted.
• moved: sent when a project card is moved to a new position.
• converted: sent when a project card that was a note is converted to an issue.

If you have any questions or feedback, please get in touch!