Working with the GitHub API

The GitHub API is a powerful tool for developers, researchers, and data analysts. It allows you to programmatically interact with almost every feature available on GitHub’s website — including repositories, issues, users, and more.

In this section, we’ll explore a curated set of endpoints from the GitHub REST API using Postman. We’ll build on what we learned in previous chapters: setting headers, using variables, and making GET, POST, PATCH, and DELETE requests.

The only requirement to access most of GitHub’s API is an authorization token, which you can generate in your GitHub settings.

Getting Your GitHub Authorization Token

To access private endpoints or perform actions like creating issues or repositories, GitHub requires an authorization token. This token acts like a password for your API requests, so keep it secret and secure.

Here’s how to generate one:

  1. Go to GitHub and log into your account.
  2. Navigate to your Developer settings:
    • Click your profile photo (top right) → Settings
    • Scroll down to Developer settings
  3. In the left sidebar, select Personal access tokens → then Tokens (classic)
  4. Click the Generate new token (classic) button.
  5. Fill out the form:
    • Note: Give your token a descriptive name, e.g. Postman Workshop Token
    • Expiration: Choose any short duration (e.g. 7 or 30 days)
    • Scopes:
      • Check the box for repo → this includes issues, pull requests, and repo access
      • You can also select read:user and user:email if you want user info
  6. Click Generate token
Important

GitHub will only show the token once. Copy it immediately and save it somewhere secure (e.g., directly into Postman).

Github Token Form

Github Token Form

Add It to Postman

  1. Create a new environment named GitHub Env.
  2. Add a secret variable:
    • Variable: gh_token
    • Type: secret
    • Initial value: (paste your token here)
    • Current value: will be filled automatically
  3. Save the environment.

You’ll now be able to authorize your GitHub requests by including this header in each request:

Authorization: Bearer {{gh_token}}

Postman will automatically substitute {gh_token} with your real token, keeping it secure.

This is also a good moment to set a default variable for the GitHub base URL.
We’ll use the variable gh_URL to store: https://api.github.com.

Testing the Authorization Token

Let’s confirm that your GitHub token is working correctly by sending a simple authenticated GET request.

We’ll use this endpoint:

GET {{gh_URL}}/user

This returns information about the authenticated user — meaning: you!

Steps

  1. In your GitHub collection in Postman, create a new request called “Get Authenticated User”.
  2. Set the method to GET.
  3. In the URL field, enter: {gh_URL}/user
  4. In the Headers tab, add:
  • Key: Authorization
  • Value: Bearer {{gh_token}}
    (Don’t forget to include Bearer before the token!)
  1. Make sure the GitHub environment is selected.
  2. Click Send.

If everything is working, you’ll get a response that includes your GitHub user information:

  • login (your GitHub username)
  • id
  • public_repos
  • created_at, etc.

Example of a successful GitHub user response in Postman

Example of a successful GitHub user response in Postman

If you receive a 401 Unauthorized error, double-check:

  • Your token is correct and hasn’t expired
  • You added Bearer before {{gh_token}}
  • The header name is exactly: Authorization

Ready to Explore More?

With your environment set up and your authentication tested, you’re now ready to explore a wide range of endpoints in the GitHub API.

From retrieving repository data to creating issues or managing user activity, the GitHub API gives you programmatic access to one of the world’s largest collaborative platforms, and you’ve already taken the most important step: connecting securely.

In the next section, we’ll explore a few real-world use cases with the GitHub API to practice sending GET, POST, PATCH, and DEL requests.