---

openapi: 3.0.3

info:

title: GitHub v3 REST API

description: GitHub's v3 REST API.

license:

summary: List commits

description: |-

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Get a commit

description: |-

Returns the contents of a single commit reference. You must have `read` access for the repository to use this endpoint.

**Note:** If there are more than 300 files in the commit diff, the response will include pagination link headers for the remaining files, up to a limit of 3000 files. Each page contains the static commit information, and the only changes are to the file listing.

You can pass the appropriate [media type](https://developer.github.com/v3/media/#commits-commit-comparison-and-pull-requests) to fetch `diff` and `patch` formats. Diffs with binary data will have no `patch` property.

To return only the SHA-1 hash of the commit reference, you can provide the `sha` custom [media type](https://developer.github.com/v3/media/#commits-commit-comparison-and-pull-requests) in the `Accept` header. You can use this endpoint to check if a remote reference's SHA-1 hash is the same as your local reference's SHA-1 hash by providing the local SHA-1 reference as the ETag.

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Compare two commits

description: |-

Both `:base` and `:head` must be branch names in `:repo`. To compare branches across other repositories in the same network as `:repo`, use the format `<USERNAME>:branch`.

The response from the API is equivalent to running the `git log base..head` command; however, commits are returned in chronological order. Pass the appropriate [media type](https://developer.github.com/v3/media/#commits-commit-comparison-and-pull-requests) to fetch diff and patch formats.

The response also includes details on the files that were changed between the two commits. This includes the status of the change (for example, if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a `renamed` status have a `previous_filename` field showing the previous filename of the file, and files with a `modified` status have a `patch` field showing the changes made to the file.

**Working with large comparisons**

The response will include a comparison of up to 250 commits. If you are working with a larger commit range, you can use the [List commits](https://developer.github.com/v3/repos/commits/#list-commits) to enumerate all commits in the range.

For comparisons with extremely large diffs, you may receive an error response indicating that the diff took too long

to generate. You can typically resolve this error by using a smaller commit range.

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Create a commit

description: |-

Creates a new Git [commit object](https://git-scm.com/book/en/v1/Git-Internals-Git-Objects#Commit-Objects).

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Get a commit

description: |-

Gets a Git [commit object](https://git-scm.com/book/en/v1/Git-Internals-Git-Objects#Commit-Objects).

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Create a tag object

description: |-

Note that creating a tag object does not create the reference that makes a tag in Git. If you want to create an annotated tag in Git, you have to do this call to create the tag object, and then [create](https://developer.github.com/v3/git/refs/#create-a-reference) the `refs/tags/[tag]` reference. If you want to create a lightweight tag, you only have to [create](https://developer.github.com/v3/git/refs/#create-a-reference) the tag reference - this call would be unnecessary.

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |

summary: Get a tag

description: |-

**Signature verification object**

The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:

| Name | Type | Description |

| ---- | ---- | ----------- |

| `verified` | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified. |

| `reason` | `string` | The reason for verified value. Possible values and their meanings are enumerated in table below. |

| `signature` | `string` | The signature that was extracted from the commit. |

| `payload` | `string` | The value that was signed. |

These are the possible values for `reason` in the `verification` object:

| Value | Description |

| ----- | ----------- |

| `expired_key` | The key that made the signature is expired. |