Connect to our Discord channel
| title | intro | redirect_from | versions | topics |
|---|---|---|---|---|
| Managing enterprise accounts | You can manage your enterprise account and the organizations it owns with the GraphQL API. | [/v4/guides/managing-enterprise-accounts] | [{free-pro-team *} {enterprise-server *} {github-ae *}] | [API] |
To help you monitor and make changes in your organizations and maintain compliance, you can use the Enterprise Accounts API and the Audit Log API, which are only available as GraphQL APIs.
The enterprise account endpoints work for both GitHub Enterprise Cloud and for GitHub Enterprise Server.
GraphQL allows you to request and return just the data you specify. For example, you can create a GraphQL query, or request for information, to see all the new organization members added to your organization. Or you can make a mutation, or change, to invite an administrator to your enterprise account.
With the Audit Log API, you can monitor when someone:
The Audit Log API enables you to keep copies of your audit log data. For queries made with the Audit Log API, the GraphQL response can include data for up to 90 to 120 days. For a list of the fields available with the Audit Log API, see the "AuditEntry interface."
With the Enterprise Accounts API, you can:
For a list of the fields available with the Enterprise Accounts API, see "GraphQL fields and types for the Enterprise account API."
Follow these steps to get started using GraphQL to manage your enterprise accounts:
For some example queries, see "An example query using the Enterprise Accounts API."
To authenticate with GraphQL, you need to generate a personal access token (PAT) from developer settings. For more information, see "Creating a personal access token."
Grant admin and full control permissions to your personal access token for areas of GHES you'd like to access. For full permission to private repositories, organizations, teams, user data, and access to enterprise billing and profile data, we recommend you select these scopes for your personal access token:
Models
Annotations
repoadmin:orguseradmin:enterpriseThe enterprise account specific scopes are:
- admin:enterprise: Gives full control of enterprises (includes manage_billing:enterprise and read:enterprise)
- manage_billing:enterprise: Read and write enterprise billing data.
- read:enterprise: Read enterprise profile data.
We recommend you use GraphiQL or another standalone GraphQL client that lets you configure the base URL.
You may also consider using these GraphQL clients:
The next steps will use Insomnia.
Add the base url and POST method to your GraphQL client. When using GraphQL to request information (queries), change information (mutations), or transfer data using the GitHub API, the default HTTP method is POST and the base url follows this syntax:
https://<HOST>/api/graphqlhttps://api.github.com/graphqlTo authenticate, open the authentication options menu and select Bearer token. Next, add your personal access token that you copied earlier.
Content-Type as the header and application/json as the value.
Now you are ready to start making queries.
This GraphQL query requests the total number of {% if currentVersion != "github-ae@latest" %}public{% else %}private{% endif %} repositories in each of your appliance's organizations using the Enterprise Accounts API. To customize this query, replace <enterprise-account-name> with the slug of your Enterprise's instance slug.
{% if currentVersion != "github-ae@latest" %}
query publicRepositoriesByOrganization($slug: String!) {
enterprise(slug: $slug) {
...enterpriseFragment
}
}
fragment enterpriseFragment on Enterprise {
... on Enterprise{
name
organizations(first: 100){
nodes{
name
... on Organization{
name
repositories(privacy: PUBLIC){
totalCount
}
}
}
}
}
}
# Passing our Enterprise Account as a variable
variables {
"slug": "<enterprise-account-name>"
}
{% else %}
query privateRepositoriesByOrganization($slug: String!) {
enterprise(slug: $slug) {
...enterpriseFragment
}
}
fragment enterpriseFragment on Enterprise {
... on Enterprise{
name
organizations(first: 100){
nodes{
name
... on Organization{
name
repositories(privacy: PRIVATE){
totalCount
}
}
}
}
}
}
# Passing our Enterprise Account as a variable
variables {
"slug": "<enterprise-account-name>"
}
{% endif %}
The next GraphQL query example shows how challenging it is to retrieve the number of {% if currentVersion != "github-ae@latest" %}public{% else %}private{% endif %} repositories in each organization without using the Enterprise Account API. Notice that the GraphQL Enterprise Accounts API has made this task simpler for enterprises since you only need to customize a single variable. To customize this query, replace <name-of-organization-one> and <name-of-organization-two>, etc. with the organization names on your instance.
{% if currentVersion != "github-ae@latest" %}
# Each organization is queried separately
{
organizationOneAlias: organization(login: "nameOfOrganizationOne") {
# How to use a fragment
...repositories
}
organizationTwoAlias: organization(login: "nameOfOrganizationTwo") {
...repositories
}
# organizationThreeAlias ... and so on up-to lets say 100
}
## How to define a fragment
fragment repositories on Organization {
name
repositories(privacy: PUBLIC){
totalCount
}
}
{% else %}
# Each organization is queried separately
{
organizationOneAlias: organization(login: "name-of-organization-one") {
# How to use a fragment
...repositories
}
organizationTwoAlias: organization(login: "name-of-organization-two") {
...repositories
}
# organizationThreeAlias ... and so on up-to lets say 100
}
## How to define a fragment
fragment repositories on Organization {
name
repositories(privacy: PRIVATE){
totalCount
}
}
{% endif %}
{% if currentVersion != "github-ae@latest" %}
query publicRepositoriesByOrganization {
organizationOneAlias: organization(login: "<name-of-organization-one>") {
# How to use a fragment
...repositories
}
organizationTwoAlias: organization(login: "<name-of-organization-two>") {
...repositories
}
# organizationThreeAlias ... and so on up-to lets say 100
}
# How to define a fragment
fragment repositories on Organization {
name
repositories(privacy: PUBLIC){
totalCount
}
}
{% else %}
query privateRepositoriesByOrganization {
organizationOneAlias: organization(login: "<name-of-organization-one>") {
# How to use a fragment
...repositories
}
organizationTwoAlias: organization(login: "<name-of-organization-two>") {
...repositories
}
# organizationThreeAlias ... and so on up-to lets say 100
}
# How to define a fragment
fragment repositories on Organization {
name
repositories(privacy: PRIVATE){
totalCount
}
}
{% endif %}
This GraphQL query requests the last 5 log entries for an enterprise organization. To customize this query, replace <org-name> and <user-name>.
{
organization(login: "<org-name>") {
auditLog(last: 5, query: "actor:<user-name>") {
edges {
node {
... on AuditEntry {
# Get Audit Log Entry by 'Action'
action
actorLogin
createdAt
# User 'Action' was performed on
user{
name
email
}
}
}
}
}
}
}
For more information about getting started with GraphQL, see "Introduction to GraphQL" and "Forming Calls with GraphQL."
Here's an overview of the new queries, mutations, and schema defined types available for use with the Enterprise Accounts API.
For more details about the new queries, mutations, and schema defined types available for use with the Enterprise Accounts API, see the sidebar with detailed GraphQL definitions from any GraphQL reference page.
You can access the reference docs from within the GraphQL explorer on GitHub. For more information, see "Using the explorer." For other information, such as authentication and rate limit details, check out the guides.
Press p or to see the previous file or, n or to see the next file
Are you sure you want to delete this access key?
Are you sure you want to delete this access key?
Are you sure you want to delete this access key?
Are you sure you want to delete this access key?