diff --git a/content/graphql/guides/using-global-node-ids.md b/content/graphql/guides/using-global-node-ids.md index b0ce285a876c..bd6094bbacd8 100644 --- a/content/graphql/guides/using-global-node-ids.md +++ b/content/graphql/guides/using-global-node-ids.md @@ -35,7 +35,7 @@ Let's walk through an example. If you [request the authenticated user](/rest/users#get-the-authenticated-user): ```shell -$ curl -i -u USERNAME:TOKEN {% data variables.product.api_url_pre %}/user +$ curl -i --header "Authorization: Bearer YOUR-TOKEN" {% data variables.product.api_url_pre %}/user ``` you'll get a response that includes the `node_id` of the authenticated user: diff --git a/content/rest/overview/resources-in-the-rest-api.md b/content/rest/overview/resources-in-the-rest-api.md index 4f9f2689987d..f6764f09839b 100644 --- a/content/rest/overview/resources-in-the-rest-api.md +++ b/content/rest/overview/resources-in-the-rest-api.md @@ -129,7 +129,7 @@ Read [more about unauthenticated rate limiting](#increasing-the-unauthenticated- Authenticating with invalid credentials will return `401 Unauthorized`: ```shell -$ curl -I {% data variables.product.api_url_pre %} -u foo:bar +$ curl -I {% data variables.product.api_url_pre %} --header "Authorization: Bearer INVALID-TOKEN" > HTTP/2 401 > { @@ -143,8 +143,6 @@ the API will temporarily reject all authentication attempts for that user (including ones with valid credentials) with `403 Forbidden`: ```shell -$ curl -i {% data variables.product.api_url_pre %} -u {% ifversion fpt or ghae or ghec %} --u VALID_USERNAME:VALID_TOKEN {% endif %}{% ifversion ghes %}-u VALID_USERNAME:VALID_PASSWORD {% endif %} > HTTP/2 403 > { > "message": "Maximum number of login attempts exceeded. Please try again later.", @@ -170,7 +168,7 @@ For `POST`, `PATCH`, `PUT`, and `DELETE` requests, parameters not included in th with a Content-Type of 'application/json': ```shell -$ curl -i -u username -d '{"scopes":["repo_deployment"]}' {% data variables.product.api_url_pre %}/authorizations +$ curl -i --header "Authorization: Bearer YOUR-TOKEN" -d '{"scopes":["repo_deployment"]}' {% data variables.product.api_url_pre %}/authorizations ``` ## Root endpoint diff --git a/content/rest/overview/troubleshooting.md b/content/rest/overview/troubleshooting.md index f8fcfbe284ec..e0511872b25a 100644 --- a/content/rest/overview/troubleshooting.md +++ b/content/rest/overview/troubleshooting.md @@ -65,19 +65,21 @@ On November 13, 2020 username and password authentication to the REST API and th If you're using `username` and `password` for API calls, then they are no longer able to authenticate. For example: ```bash -curl -u my_user:my_password https://api.github.com/user/repos +curl -u YOUR-USERNAME:YOUR-PASSWORD https://api.github.com/user/repos ``` -Instead, use a [{% data variables.product.pat_generic %}](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) when testing endpoints or doing local development: +Instead, use a {% data variables.product.pat_generic %} or an access token for a {% data variables.product.prodname_github_app %} when testing endpoints or doing local development: ```bash -curl -H 'Authorization: Bearer my_access_token' https://api.github.com/user/repos +curl -H 'Authorization: Bearer YOUR-TOKEN' https://api.github.com/user/repos ``` +For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)." + For OAuth Apps, you should use the [web application flow](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#web-application-flow) to generate an OAuth token to use in the API call's header: ```bash -curl -H 'Authorization: Bearer my-oauth-token' https://api.github.com/user/repos +curl -H 'Authorization: Bearer YOUR-OAUTH-TOKEN' https://api.github.com/user/repos ``` ## Timeouts diff --git a/content/rest/webhooks/index.md b/content/rest/webhooks/index.md index 02f79ee34bfe..9a2245d97fdd 100644 --- a/content/rest/webhooks/index.md +++ b/content/rest/webhooks/index.md @@ -68,10 +68,10 @@ Name | Type | Required | Description ``hub.callback``|`string` | {% octicon "x" aria-label="Optional" %} | The URI to receive the updates to the topic. ``hub.secret``|`string` | {% octicon "x" aria-label="Optional" %} | A shared secret key that generates a hash signature of the outgoing body content. You can verify a push came from GitHub by comparing the raw request body with the contents of the {% ifversion fpt or ghes or ghec %}`X-Hub-Signature` or `X-Hub-Signature-256` headers{% elsif ghae %}`X-Hub-Signature-256` header{% endif %}. You can see [the PubSubHubbub documentation](https://pubsubhubbub.github.io/PubSubHubbub/pubsubhubbub-core-0.4.html#authednotify) for more details. -A example request with curl looks like: +An example request with curl looks like: ``` shell -curl -u "user" -i \ +curl --header "Authorization: Bearer YOUR-TOKEN" -i \ {% data variables.product.api_url_pre %}/hub \ -F "hub.mode=subscribe" \ -F "hub.topic=https://github.com/{owner}/{repo}/events/push" \