The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for Dependabot repository access

Use the REST API to manage which repositories Dependabot can access within an organization.

About Dependabot repository access

You can list repositories that Dependabot already has access to and set a default repository access level for Dependabot.

Lists the repositories Dependabot can access in an enterprise

Lists repositories that enterprise admins have allowed Dependabot to access when updating dependencies across organizations in the enterprise.

The authenticated user must be an enterprise owner to use this endpoint.

Fine-grained access tokens for "Lists the repositories Dependabot can access in an enterprise"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Enterprise administration" enterprise permissions (read)

Parameters for "Lists the repositories Dependabot can access in an enterprise"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
enterprise string Required

The slug version of the enterprise name.

Query parameters
page integer

The page number of results to fetch.

Default: 1

per_page integer

Number of results per page.

Default: 30

HTTP response status codes for "Lists the repositories Dependabot can access in an enterprise"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Lists the repositories Dependabot can access in an enterprise"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/enterprises/{enterprise}/dependabot/repository-access
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/dependabot/repository-access

Response

Status: 200
{ "default_level": "public", "accessible_repositories": [ { "id": 123456, "node_id": "MDEwOlJlcG9zaXRvcnkxMjM0NTY=", "name": "example-repo", "full_name": "octocat/example-repo", "owner": { "name": "octocat", "email": "octo@github.com", "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://avatars.githubusercontent.com/u/1?v=4", "gravatar_id": 1, "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat/example-repo", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false, "starred_at": "\"2020-07-09T00:17:55Z\"", "user_view_type": "default" }, "private": false, "html_url": "https://github.com/octocat/example-repo", "description": "This is an example repository.", "fork": false, "url": "https://api.github.com/repos/octocat/example-repo", "archive_url": "https://api.github.com/repos/octocat/example-repo/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octocat/example-repo/assignees{/user}", "blobs_url": "https://api.github.com/repos/octocat/example-repo/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octocat/example-repo/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octocat/example-repo/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octocat/example-repo/comments{/number}", "commits_url": "https://api.github.com/repos/octocat/example-repo/commits{/sha}", "compare_url": "https://api.github.com/repos/octocat/example-repo/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octocat/example-repo/contents/{+path}", "contributors_url": "https://api.github.com/repos/octocat/example-repo/contributors", "deployments_url": "https://api.github.com/repos/octocat/example-repo/deployments", "downloads_url": "https://api.github.com/repos/octocat/example-repo/downloads", "events_url": "https://api.github.com/repos/octocat/example-repo/events", "forks_url": "https://api.github.com/repos/octocat/example-repo/forks", "git_commits_url": "https://api.github.com/repos/octocat/example-repo/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octocat/example-repo/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octocat/example-repo/git/tags{/sha}", "issue_comment_url": "https://api.github.com/repos/octocat/example-repo/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octocat/example-repo/issues/events{/number}", "issues_url": "https://api.github.com/repos/octocat/example-repo/issues{/number}", "keys_url": "https://api.github.com/repos/octocat/example-repo/keys{/key_id}", "labels_url": "https://api.github.com/repos/octocat/example-repo/labels{/name}", "languages_url": "https://api.github.com/repos/octocat/example-repo/languages", "merges_url": "https://api.github.com/repos/octocat/example-repo/merges", "milestones_url": "https://api.github.com/repos/octocat/example-repo/milestones{/number}", "notifications_url": "https://api.github.com/repos/octocat/example-repo/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octocat/example-repo/pulls{/number}", "releases_url": "https://api.github.com/repos/octocat/example-repo/releases{/id}", "stargazers_url": "https://api.github.com/repos/octocat/example-repo/stargazers", "statuses_url": "https://api.github.com/repos/octocat/example-repo/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octocat/example-repo/subscribers", "subscription_url": "https://api.github.com/repos/octocat/example-repo/subscription", "tags_url": "https://api.github.com/repos/octocat/example-repo/tags", "teams_url": "https://api.github.com/repos/octocat/example-repo/teams", "trees_url": "https://api.github.com/repos/octocat/example-repo/git/trees{/sha}", "hooks_url": "https://api.github.com/repos/octocat/example-repo/hooks" } ] }

Updates Dependabot's repository access list for an enterprise

Updates repositories according to the list of repositories that enterprise admins have given Dependabot access to when they've updated dependencies across organizations in the enterprise.

The authenticated user must be an enterprise owner to use this endpoint.

Example request body:

{
  "repository_ids_to_add": [123, 456],
  "repository_ids_to_remove": [789]
}

Fine-grained access tokens for "Updates Dependabot's repository access list for an enterprise"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Enterprise administration" enterprise permissions (write)

Parameters for "Updates Dependabot's repository access list for an enterprise"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
enterprise string Required

The slug version of the enterprise name.

Body parameters
repository_ids_to_add array of integers

List of repository IDs to add.

repository_ids_to_remove array of integers

List of repository IDs to remove.

HTTP response status codes for "Updates Dependabot's repository access list for an enterprise"

Status codeDescription
204

No Content

403

Forbidden

404

Resource not found

Code samples for "Updates Dependabot's repository access list for an enterprise"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

patch/enterprises/{enterprise}/dependabot/repository-access
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/dependabot/repository-access

Response

Status: 204

Set the default repository access level for Dependabot in an enterprise

Sets the default level of repository access Dependabot will have while performing an update across organizations in the enterprise. Available values are:

  • 'public' - Dependabot will only have access to public repositories, unless access is explicitly granted to non-public repositories.
  • 'internal' - Dependabot will only have access to public and internal repositories, unless access is explicitly granted to private repositories.

The authenticated user must be an enterprise owner to use this endpoint.

Fine-grained access tokens for "Set the default repository access level for Dependabot in an enterprise"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Enterprise administration" enterprise permissions (write)

Parameters for "Set the default repository access level for Dependabot in an enterprise"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
enterprise string Required

The slug version of the enterprise name.

Body parameters
default_level string Required

The default repository access level for Dependabot updates.

Can be one of: public, internal

HTTP response status codes for "Set the default repository access level for Dependabot in an enterprise"

Status codeDescription
204

No Content

403

Forbidden

404

Resource not found

Code samples for "Set the default repository access level for Dependabot in an enterprise"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/enterprises/{enterprise}/dependabot/repository-access/default-level
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/dependabot/repository-access/default-level \ -d '{"default_level":"public"}'

Response

Status: 204

Lists the repositories Dependabot can access in an organization

Lists repositories that organization admins have allowed Dependabot to access when updating dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

Fine-grained access tokens for "Lists the repositories Dependabot can access in an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "Lists the repositories Dependabot can access in an organization"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

Query parameters
page integer

The page number of results to fetch.

Default: 1

per_page integer

Number of results per page.

Default: 30

HTTP response status codes for "Lists the repositories Dependabot can access in an organization"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Lists the repositories Dependabot can access in an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/dependabot/repository-access
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/dependabot/repository-access

Response

Status: 200
{ "default_level": "public", "accessible_repositories": [ { "id": 123456, "node_id": "MDEwOlJlcG9zaXRvcnkxMjM0NTY=", "name": "example-repo", "full_name": "octocat/example-repo", "owner": { "name": "octocat", "email": "octo@github.com", "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://avatars.githubusercontent.com/u/1?v=4", "gravatar_id": 1, "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat/example-repo", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false, "starred_at": "\"2020-07-09T00:17:55Z\"", "user_view_type": "default" }, "private": false, "html_url": "https://github.com/octocat/example-repo", "description": "This is an example repository.", "fork": false, "url": "https://api.github.com/repos/octocat/example-repo", "archive_url": "https://api.github.com/repos/octocat/example-repo/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octocat/example-repo/assignees{/user}", "blobs_url": "https://api.github.com/repos/octocat/example-repo/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octocat/example-repo/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octocat/example-repo/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octocat/example-repo/comments{/number}", "commits_url": "https://api.github.com/repos/octocat/example-repo/commits{/sha}", "compare_url": "https://api.github.com/repos/octocat/example-repo/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octocat/example-repo/contents/{+path}", "contributors_url": "https://api.github.com/repos/octocat/example-repo/contributors", "deployments_url": "https://api.github.com/repos/octocat/example-repo/deployments", "downloads_url": "https://api.github.com/repos/octocat/example-repo/downloads", "events_url": "https://api.github.com/repos/octocat/example-repo/events", "forks_url": "https://api.github.com/repos/octocat/example-repo/forks", "git_commits_url": "https://api.github.com/repos/octocat/example-repo/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octocat/example-repo/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octocat/example-repo/git/tags{/sha}", "issue_comment_url": "https://api.github.com/repos/octocat/example-repo/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octocat/example-repo/issues/events{/number}", "issues_url": "https://api.github.com/repos/octocat/example-repo/issues{/number}", "keys_url": "https://api.github.com/repos/octocat/example-repo/keys{/key_id}", "labels_url": "https://api.github.com/repos/octocat/example-repo/labels{/name}", "languages_url": "https://api.github.com/repos/octocat/example-repo/languages", "merges_url": "https://api.github.com/repos/octocat/example-repo/merges", "milestones_url": "https://api.github.com/repos/octocat/example-repo/milestones{/number}", "notifications_url": "https://api.github.com/repos/octocat/example-repo/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octocat/example-repo/pulls{/number}", "releases_url": "https://api.github.com/repos/octocat/example-repo/releases{/id}", "stargazers_url": "https://api.github.com/repos/octocat/example-repo/stargazers", "statuses_url": "https://api.github.com/repos/octocat/example-repo/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octocat/example-repo/subscribers", "subscription_url": "https://api.github.com/repos/octocat/example-repo/subscription", "tags_url": "https://api.github.com/repos/octocat/example-repo/tags", "teams_url": "https://api.github.com/repos/octocat/example-repo/teams", "trees_url": "https://api.github.com/repos/octocat/example-repo/git/trees{/sha}", "hooks_url": "https://api.github.com/repos/octocat/example-repo/hooks" } ] }

Updates Dependabot's repository access list for an organization

Updates repositories according to the list of repositories that organization admins have given Dependabot access to when they've updated dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

Example request body:

{
  "repository_ids_to_add": [123, 456],
  "repository_ids_to_remove": [789]
}

Fine-grained access tokens for "Updates Dependabot's repository access list for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Updates Dependabot's repository access list for an organization"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

Body parameters
repository_ids_to_add array of integers

List of repository IDs to add.

repository_ids_to_remove array of integers

List of repository IDs to remove.

HTTP response status codes for "Updates Dependabot's repository access list for an organization"

Status codeDescription
204

No Content

403

Forbidden

404

Resource not found

Code samples for "Updates Dependabot's repository access list for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

patch/orgs/{org}/dependabot/repository-access
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/dependabot/repository-access

Response

Status: 204

Set the default repository access level for Dependabot

Sets the default level of repository access Dependabot will have while performing an update. Available values are:

  • 'public' - Dependabot will only have access to public repositories, unless access is explicitly granted to non-public repositories.
  • 'internal' - Dependabot will only have access to public and internal repositories, unless access is explicitly granted to private repositories.

Unauthorized users will not see the existence of this endpoint.

This operation supports both server-to-server and user-to-server access.

Fine-grained access tokens for "Set the default repository access level for Dependabot"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Set the default repository access level for Dependabot"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

Body parameters
default_level string Required

The default repository access level for Dependabot updates.

Can be one of: public, internal

HTTP response status codes for "Set the default repository access level for Dependabot"

Status codeDescription
204

No Content

403

Forbidden

404

Resource not found

Code samples for "Set the default repository access level for Dependabot"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/orgs/{org}/dependabot/repository-access/default-level
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/dependabot/repository-access/default-level \ -d '{"default_level":"public"}'

Response

Status: 204