{"meta":{"title":"Scripting with the REST API and JavaScript","intro":"Write a script using the Octokit.js SDK to interact with the REST API.","product":"REST API","breadcrumbs":[{"href":"/en/rest","title":"REST API"},{"href":"/en/rest/guides","title":"Guides"},{"href":"/en/rest/guides/scripting-with-the-rest-api-and-javascript","title":"Script with JavaScript"}],"documentType":"article"},"body":"# Scripting with the REST API and JavaScript\n\nWrite a script using the Octokit.js SDK to interact with the REST API.\n\n## About Octokit.js\n\nIf you want to write a script using JavaScript to interact with GitHub's REST API, GitHub recommends that you use the Octokit.js SDK. Octokit.js is maintained by GitHub. The SDK implements best practices and makes it easier for you to interact with the REST API via JavaScript. Octokit.js works with all modern browsers, Node.js, and Deno. For more information about Octokit.js, see [the Octokit.js README](https://github.com/octokit/octokit.js/#readme).\n\n## Prerequisites\n\nThis guide assumes that you are familiar with JavaScript and the GitHub REST API. For more information about the REST API, see [Getting started with the REST API](/en/rest/guides/getting-started-with-the-rest-api).\n\nYou must install and import `octokit` in order to use the Octokit.js library. This guide uses import statements in accordance with ES6. For more information about different installation and import methods, see [the Octokit.js README's Usage section](https://github.com/octokit/octokit.js/#usage).\n\n## Instantiating and authenticating\n\n> \\[!WARNING]\n> Treat your authentication credentials like a password.\n>\n> To keep your credentials secure, you can store your credentials as a secret and run your script through GitHub Actions. For more information, see [Using secrets in GitHub Actions](/en/actions/security-guides/encrypted-secrets).\n\n> You can also store your credentials as a Codespaces secret and run your script in Codespaces. For more information, see [Managing your account-specific secrets for GitHub Codespaces](/en/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces).\n\n> If these options are not possible, consider using another CLI service to store your credentials securely.\n\n### Authenticating with a personal access token\n\nIf you want to use the GitHub REST API for personal use, you can create a personal access token. For more information about creating a personal access token, see [Managing your personal access tokens](/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).\n\nFirst, import `Octokit` from `octokit`. Then, pass your personal access token when you create an instance of `Octokit`. In the following example, replace `YOUR-TOKEN` with a reference to your personal access token.\n\n```javascript copy\nimport { Octokit } from \"octokit\";\n\nconst octokit = new Octokit({ \n  auth: 'YOUR-TOKEN',\n});\n```\n\n### Authenticating with a GitHub App\n\nIf you want to use the API on behalf of an organization or another user, GitHub recommends that you use a GitHub App. If an endpoint is available to GitHub Apps, the REST reference documentation for that endpoint will indicate what type of GitHub App token is required. For more information, see [Registering a GitHub App](/en/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app) and [About authentication with a GitHub App](/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app).\n\nInstead of importing `Octokit` from `octokit`, import `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to your app's private key. Replace `INSTALLATION_ID` with the ID of the installation of your app that you want to authenticate on behalf of. You can find your app's ID and generate a private key on the settings page for your app. For more information, see [Managing private keys for GitHub Apps](/en/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps). You can get an installation ID with the `GET /users/{username}/installation`, `GET /repos/{owner}/{repo}/installation`, or `GET /orgs/{org}/installation` endpoints. For more information, see [REST API endpoints for GitHub Apps](/en/rest/apps/apps).\n\n```javascript copy\nimport { App } from \"octokit\";\n\nconst app = new App({\n  appId: APP_ID,\n  privateKey: PRIVATE_KEY,\n});\n\nconst octokit = await app.getInstallationOctokit(INSTALLATION_ID);\n```\n\n### Authenticating in GitHub Actions\n\nIf you want to use the API in a GitHub Actions workflow, GitHub recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. You can grant permissions to the `GITHUB_TOKEN` with the `permissions` key. For more information about `GITHUB_TOKEN`, see [GITHUB\\_TOKEN](/en/actions/concepts/security/github_token).\n\nIf your workflow needs to access resources outside of the workflow's repository, then you will not be able to use `GITHUB_TOKEN`. In that case, store your credentials as a secret and replace `GITHUB_TOKEN` in the examples below with the name of your secret. For more information about secrets, see [Using secrets in GitHub Actions](/en/actions/security-guides/encrypted-secrets).\n\nIf you use the `run` keyword to execute your JavaScript script in your GitHub Actions workflows, you can store the value of `GITHUB_TOKEN` as an environment variable. Your script can access the environment variable as `process.env.VARIABLE_NAME`.\n\nFor example, this workflow step stores `GITHUB_TOKEN` in an environment variable called `TOKEN`:\n\n```yaml\n- name: Run script\n  env:\n    TOKEN: ${{ secrets.GITHUB_TOKEN }}\n  run: |\n    node .github/actions-scripts/use-the-api.mjs\n```\n\nThe script that the workflow runs uses `process.env.TOKEN` to authenticate:\n\n```javascript copy\nimport { Octokit } from \"octokit\";\n\nconst octokit = new Octokit({ \n  auth: process.env.TOKEN,\n});\n```\n\n### Instantiating without authentication\n\nYou can use the REST API without authentication, although you will have a lower rate limit and will not be able to use some endpoints. To create an instance of `Octokit` without authenticating, do not pass the `auth` argument.\n\n```javascript copy\nimport { Octokit } from \"octokit\";\n\nconst octokit = new Octokit({ });\n```\n\n## Making requests\n\nOctokit supports multiple ways of making requests. You can use the `request` method to make requests if you know the HTTP verb and path for the endpoint. You can use the `rest` method if you want to take advantage of autocompletion in your IDE and typing. For paginated endpoints, you can use the `paginate` method to request multiple pages of data.\n\n### Using the `request` method to make requests\n\nTo use the `request` method to make requests, pass the HTTP method and path as the first argument. Pass any body, query, or path parameters in an object as the second argument. For example, to make a `GET` request to `/repos/{owner}/{repo}/issues` and pass the `owner`, `repo`, and `per_page` parameters:\n\n```javascript copy\nawait octokit.request(\"GET /repos/{owner}/{repo}/issues\", {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 2\n});\n```\n\nThe `request` method automatically passes the `Accept: application/vnd.github+json` header. To pass additional headers or a different `Accept` header, add a `headers` property to the object that is passed as a second argument. The value of the `headers` property is an object with the header names as keys and header values as values. For example, to send a `content-type` header with a value of `text/plain` and a `x-github-api-version` header with a value of `2026-03-10`:\n\n```javascript copy\nawait octokit.request(\"POST /markdown/raw\", {\n  text: \"Hello **world**\",\n  headers: {\n    \"content-type\": \"text/plain\",\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n```\n\n### Using `rest` endpoint methods to make requests\n\nEvery REST API endpoint has an associated `rest` endpoint method in Octokit. These methods generally autocomplete in your IDE for convenience. You can pass any parameters as an object to the method.\n\n```javascript copy\nawait octokit.rest.issues.listForRepo({\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 2\n});\n```\n\nAdditionally, if you are using a typed language such as TypeScript, you can import types to use with these methods. For more information, see [the TypeScript section in the plugin-rest-endpoint-methods.js README](https://github.com/octokit/plugin-rest-endpoint-methods.js/#typescript).\n\n### Making paginated requests\n\nIf the endpoint is paginated and you want to fetch more than one page of results, you can use the `paginate` method. `paginate` will fetch the next page of results until it reaches the last page and then return all of the results as a single array. A few endpoints return paginated results as array in an object, as opposed to returning the paginated results as an array. `paginate` always returns an array of items even if the raw result was an object.\n\nFor example, the following example gets all of the issues from the `github/docs` repository. Although it requests 100 issues at a time, the function won't return until the last page of data is reached.\n\n```javascript copy\nconst issueData = await octokit.paginate(\"GET /repos/{owner}/{repo}/issues\", {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 100,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n```\n\nThe `paginate` method accepts an optional map function, which you can use to collect only the data that you want from the response. This reduces memory usage by your script. The map function can take a second argument, `done`, which you can call to end the pagination before the last page is reached. This lets you fetch a subset of pages. For example, the following example continues to fetch results until an issue that includes \"test\" in the title is returned. For the pages of data that were returned, only the issue title and author are stored.\n\n```javascript copy\nconst issueData = await octokit.paginate(\"GET /repos/{owner}/{repo}/issues\", {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 100,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n},\n    (response, done) => response.data.map((issue) => {\n    if (issue.title.includes(\"test\")) {\n      done()\n    }\n    return ({title: issue.title, author: issue.user.login})\n  })\n);\n```\n\nInstead of fetching all of the results at once, you can use `octokit.paginate.iterator()` to iterate through a single page at a time. For example, the following example fetches one page of results at a time and processes each object from the page before fetching the next page. Once an issue that includes \"test\" in the title is reached, the script stops the iteration and returns the issue title and issue author of each object that was processed. The iterator is the most memory efficient method for fetching paginated data.\n\n```javascript copy\nconst iterator = octokit.paginate.iterator(\"GET /repos/{owner}/{repo}/issues\", {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 100,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n\nlet issueData = []\nlet breakLoop = false\nfor await (const {data} of iterator) {\n  if (breakLoop) break\n  for (const issue of data) {\n    if (issue.title.includes(\"test\")) {\n      breakLoop = true\n      break\n    } else {\n      issueData = [...issueData, {title: issue.title, author: issue.user.login}];\n    }\n  }\n}\n```\n\nYou can use the `paginate` method with the `rest` endpoint methods as well. Pass the `rest` endpoint method as the first argument. Pass any parameters as the second argument.\n\n```javascript copy\nconst iterator = octokit.paginate.iterator(octokit.rest.issues.listForRepo, {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 100,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n```\n\nFor more information about pagination, see [Using pagination in the REST API](/en/rest/guides/using-pagination-in-the-rest-api).\n\n## Catching errors\n\n### Catching all errors\n\nSometimes, the GitHub REST API will return an error. For example, you will get an error if your access token is expired or if you omitted a required parameter. Octokit.js automatically retries the request when it gets an error other than `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, and `422 Unprocessable Entity`. If an API error occurs even after retries, Octokit.js throws an error that includes the HTTP status code of the response (`response.status`) and the response headers (`response.headers`). You should handle these errors in your code. For example, you can use a try/catch block to catch errors:\n\n```javascript copy\nlet filesChanged = []\n\ntry {\n  const iterator = octokit.paginate.iterator(\"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\", {\n    owner: \"github\",\n    repo: \"docs\",\n    pull_number: 22809,\n    per_page: 100,\n    headers: {\n      \"x-github-api-version\": \"2026-03-10\",\n    },\n  });\n\n  for await (const {data} of iterator) {\n    filesChanged = [...filesChanged, ...data.map(fileData => fileData.filename)];\n  }\n} catch (error) {\n  if (error.response) {\n    console.error(`Error! Status: ${error.response.status}. Message: ${error.response.data.message}`)\n  }\n  console.error(error)\n}\n```\n\n### Handling intended error codes\n\nSometimes, GitHub uses a 4xx status code to indicate a non-error response. If the endpoint you are using does this, you can add additional handling for specific errors. For example, the `GET /user/starred/{owner}/{repo}` endpoint will return a `404` if the repository is not starred. The following example uses the `404` response to indicate that the repository was not starred; all other errors codes are treated as errors.\n\n```javascript copy\ntry {\n  await octokit.request(\"GET /user/starred/{owner}/{repo}\", {\n    owner: \"github\",\n    repo: \"docs\",\n    headers: {\n      \"x-github-api-version\": \"2026-03-10\",\n    },\n  });\n\n  console.log(`The repository is starred by me`);\n\n} catch (error) {\n  if (error.status === 404) {\n    console.log(`The repository is not starred by me`);\n  } else {\n    console.error(`An error occurred while checking if the repository is starred: ${error?.response?.data?.message}`);\n  }\n}\n```\n\n### Handling rate limit errors\n\nIf you receive a rate limit error, you may want to retry your request after waiting. When you are rate limited, GitHub responds with a `403 Forbidden` error and the `x-ratelimit-remaining` response header value will be `\"0\"`. The response headers will include a `x-ratelimit-reset` header, which tells you the time at which the current rate limit window resets, in UTC epoch seconds. You can retry your request after the time specified by `x-ratelimit-reset`.\n\n```javascript copy\nasync function requestRetry(route, parameters) {\n  try {\n    const response = await octokit.request(route, parameters);\n    return response\n  } catch (error) {\n    if (error.response && error.status === 403 && error.response.headers['x-ratelimit-remaining'] === '0') {\n      const resetTimeEpochSeconds = error.response.headers['x-ratelimit-reset'];\n      const currentTimeEpochSeconds = Math.floor(Date.now() / 1000);\n      const secondsToWait = resetTimeEpochSeconds - currentTimeEpochSeconds;\n      console.log(`You have exceeded your rate limit. Retrying in ${secondsToWait} seconds.`);\n      setTimeout(requestRetry, secondsToWait * 1000, route, parameters);\n    } else {\n      console.error(error);\n    }\n  }\n}\n\nconst response = await requestRetry(\"GET /repos/{owner}/{repo}/issues\", {\n    owner: \"github\",\n    repo: \"docs\",\n    per_page: 2\n  })\n```\n\n## Using the response\n\nThe `request` method returns a promise that resolves to an object if the request was successful. The object properties are `data` (the response body returned by the endpoint), `status` (the HTTP response code), `url` (the URL of the request), and `headers` (an object containing the response headers). Unless otherwise specified, the response body is in JSON format. Some endpoints do not return a response body; in those cases, the `data` property is omitted.\n\n```javascript copy\nconst response = await octokit.request(\"GET /repos/{owner}/{repo}/issues/{issue_number}\", {\n  owner: \"github\",\n  repo: \"docs\",\n  issue_number: 11901,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n\nconsole.log(`The status of the response is: ${response.status}`)\nconsole.log(`The request URL was: ${response.url}`)\nconsole.log(`The x-ratelimit-remaining response header is: ${response.headers[\"x-ratelimit-remaining\"]}`)\nconsole.log(`The issue title is: ${response.data.title}`)\n```\n\nSimilarly, the `paginate` method returns a promise. If the request was successful, the promise resolves to an array of data returned by the endpoint. Unlike the `request` method, the `paginate` method does not return the status code, URL, or headers.\n\n```javascript copy\nconst data = await octokit.paginate(\"GET /repos/{owner}/{repo}/issues\", {\n  owner: \"github\",\n  repo: \"docs\",\n  per_page: 100,\n  headers: {\n    \"x-github-api-version\": \"2026-03-10\",\n  },\n});\n\nconsole.log(`${data.length} issues were returned`)\nconsole.log(`The title of the first issue is: ${data[0].title}`)\n```\n\n## Example script\n\nHere is a full example script that uses Octokit.js. The script imports `Octokit` and creates a new instance of `Octokit`. If you wanted to authenticate with a GitHub App instead of a personal access token, you would import and instantiate `App` instead of `Octokit`. For more information, see [Authenticating with a GitHub App](#authenticating-with-a-github-app).\n\nThe `getChangedFiles` function gets all of the files changed for a pull request. The `commentIfDataFilesChanged` function calls the `getChangedFiles` function. If any of the files that the pull request changed include `/data/` in the file path, then the function will comment on the pull request.\n\n```javascript copy\nimport { Octokit } from \"octokit\";\n\nconst octokit = new Octokit({ \n  auth: 'YOUR-TOKEN',\n});\n\nasync function getChangedFiles({owner, repo, pullNumber}) {\n  let filesChanged = []\n\n  try {\n    const iterator = octokit.paginate.iterator(\"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\", {\n      owner: owner,\n      repo: repo,\n      pull_number: pullNumber,\n      per_page: 100,\n      headers: {\n        \"x-github-api-version\": \"2026-03-10\",\n      },\n    });\n\n    for await (const {data} of iterator) {\n      filesChanged = [...filesChanged, ...data.map(fileData => fileData.filename)];\n    }\n  } catch (error) {\n    if (error.response) {\n      console.error(`Error! Status: ${error.response.status}. Message: ${error.response.data.message}`)\n    }\n    console.error(error)\n  }\n\n  return filesChanged\n}\n\nasync function commentIfDataFilesChanged({owner, repo, pullNumber}) {\n  const changedFiles = await getChangedFiles({owner, repo, pullNumber});\n\n  const filePathRegex = new RegExp(/\\/data\\//, \"i\");\n  if (!changedFiles.some(fileName => filePathRegex.test(fileName))) {\n    return;\n  }\n\n  try {\n    const {data: comment} = await octokit.request(\"POST /repos/{owner}/{repo}/issues/{issue_number}/comments\", {\n      owner: owner,\n      repo: repo,\n      issue_number: pullNumber,\n      body: `It looks like you changed a data file. These files are auto-generated. \\n\\nYou must revert any changes to data files before your pull request will be reviewed.`,\n      headers: {\n        \"x-github-api-version\": \"2026-03-10\",\n      },\n    });\n\n    return comment.html_url;\n  } catch (error) {\n    if (error.response) {\n      console.error(`Error! Status: ${error.response.status}. Message: ${error.response.data.message}`)\n    }\n    console.error(error)\n  }\n}\n\nawait commentIfDataFilesChanged({owner: \"github\", repo: \"docs\", pullNumber: 191});\n```\n\n## Next steps\n\n* To learn more about Octokit.js see [the Octokit.js documentation](https://github.com/octokit/octokit.js/#readme).\n* For some real life examples, look at how GitHub Docs uses Octokit.js by [searching the GitHub Docs repository](https://github.com/search?q=repo%3Agithub%2Fdocs%20path%3A.github%20octokit\\&type=code)."}