The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for repository interactions

Use the REST API to temporarily restrict which type of user can comment, open issues, or create pull requests in a public repository.

Who can use this feature?

People with owner or admin access to temporarily restrict which type of user can comment, open issues, or create pull requests in a public repository.

About repository interactions

People with owner or admin access can use the REST API to temporarily restrict which type of user can comment, open issues, or create pull requests in a public repository. When restrictions are enabled, only the specified type of GitHub user will be able to participate in interactions. Restrictions automatically expire after a defined duration. Here's more about the types of GitHub users:

Existing users: When you limit interactions to existing_users, new users with accounts less than 24 hours old who have not previously contributed and are not collaborators will be temporarily restricted in the repository.
Contributors only: When you limit interactions to contributors_only, users who have not previously contributed and are not collaborators will be temporarily restricted in the repository.
Collaborators only: When you limit interactions to collaborators_only, users who are not collaborators will be temporarily restricted in the repository.

If an interaction limit is enabled for the user or organization that owns the repository, the limit cannot be changed for the individual repository. Instead, use the User or Organization interactions endpoints to change the interaction limit.

Get interaction restrictions for a repository

Shows which type of GitHub user can interact with this repository and when the restriction expires. If there are no restrictions, you will see an empty response.

Fine-grained access tokens for "Get interaction restrictions for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (read)

Parameters for "Get interaction restrictions for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

HTTP response status codes for "Get interaction restrictions for a repository"

Status code	Description
`200`	OK

Code samples for "Get interaction restrictions for a repository"

Request example

get/repos/{owner}/{repo}/interaction-limits

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits

Response

Status: 200

{
  "limit": "collaborators_only",
  "origin": "repository",
  "expires_at": "2018-08-17T04:18:39Z"
}

Set interaction restrictions for a repository

Temporarily restricts interactions to a certain type of GitHub user within the given repository. You must have owner or admin access to set these restrictions. If an interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict response and will not be able to use this endpoint to change the interaction limit for a single repository.

Fine-grained access tokens for "Set interaction restrictions for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Set interaction restrictions for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Body parameters
Name, Type, Description
`limit` string Required The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect. Can be one of: `existing_users`, `contributors_only`, `collaborators_only`
`expiry` string The duration of the interaction restriction. Default: `one_day`. Can be one of: `one_day`, `three_days`, `one_week`, `one_month`, `six_months`

HTTP response status codes for "Set interaction restrictions for a repository"

Status code	Description
`200`	OK
`409`	Conflict

Code samples for "Set interaction restrictions for a repository"

Request example

put/repos/{owner}/{repo}/interaction-limits

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits \
  -d '{"limit":"collaborators_only","expiry":"one_day"}'

Response

Status: 200

{
  "limit": "collaborators_only",
  "origin": "repository",
  "expires_at": "2018-08-17T04:18:39Z"
}

Remove interaction restrictions for a repository

Removes all interaction restrictions from the given repository. You must have owner or admin access to remove restrictions. If the interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict response and will not be able to use this endpoint to change the interaction limit for a single repository.

Fine-grained access tokens for "Remove interaction restrictions for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Remove interaction restrictions for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

HTTP response status codes for "Remove interaction restrictions for a repository"

Status code	Description
`204`	No Content
`409`	Conflict

Code samples for "Remove interaction restrictions for a repository"

Request example

delete/repos/{owner}/{repo}/interaction-limits

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits

Response

Status: 204

Get pull request creation cap bypass list for a repository

Lists the users that are on the pull request creation cap bypass list for a repository. Users on this list can create pull requests regardless of any configured pull request creation cap.

Only users with maintainer permissions can view the bypass list.

Fine-grained access tokens for "Get pull request creation cap bypass list for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Get pull request creation cap bypass list for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

HTTP response status codes for "Get pull request creation cap bypass list for a repository"

Status code	Description
`200`	OK
`403`	Forbidden
`404`	Resource not found

Code samples for "Get pull request creation cap bypass list for a repository"

Request example

get/repos/{owner}/{repo}/interaction-limits/pulls/bypass-list

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits/pulls/bypass-list

Response

Status: 200

[
  {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
]

Add users to the pull request creation cap bypass list for a repository

Adds users to the pull request creation cap bypass list for a repository. Users on this list can create pull requests regardless of any configured pull request creation cap.

Only users with maintainer permissions can modify the bypass list. You can add a maximum of 100 users per request. The bypass list can only hold a maximum of 100 users.

Fine-grained access tokens for "Add users to the pull request creation cap bypass list for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Add users to the pull request creation cap bypass list for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Body parameters
Name, Type, Description
`users` array of strings Required A list of user logins to add or remove from the bypass list.

HTTP response status codes for "Add users to the pull request creation cap bypass list for a repository"

Status code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Add users to the pull request creation cap bypass list for a repository"

Request example

put/repos/{owner}/{repo}/interaction-limits/pulls/bypass-list

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits/pulls/bypass-list \
  -d '{"users":["octocat","monalisa"]}'

Response

Status: 204

Remove users from the pull request creation cap bypass list for a repository

Removes users from the pull request creation cap bypass list for a repository. Removed users will be subject to any configured pull request creation cap.

Only users with maintainer permissions can modify the bypass list. You can remove a maximum of 100 users per request.

Fine-grained access tokens for "Remove users from the pull request creation cap bypass list for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" repository permissions (write)

Parameters for "Remove users from the pull request creation cap bypass list for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Body parameters
Name, Type, Description
`users` array of strings Required A list of user logins to add or remove from the bypass list.

HTTP response status codes for "Remove users from the pull request creation cap bypass list for a repository"

Status code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Code samples for "Remove users from the pull request creation cap bypass list for a repository"

Request example

delete/repos/{owner}/{repo}/interaction-limits/pulls/bypass-list

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/interaction-limits/pulls/bypass-list \
  -d '{"users":["octocat"]}'

Response

Status: 204