The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for protection rules

Use the REST API to create, configure, and delete deployment protection rules.

Get all deployment protection rules for an environment

Gets all custom deployment protection rules that are enabled for an environment. Anyone with read access to the repository can use this endpoint. For more information about environments, see "Using environments for deployment."

For more information about the app that is providing this custom deployment rule, see the documentation for the GET /apps/{app_slug} endpoint.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

  • "Actions" repository permissions (read)

allows_public_read_access

Parameters for "Get all deployment protection rules for an environment"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
environment_name string Required

The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

owner string Required

The account owner of the repository. The name is not case sensitive.

http_status_code

status_codeDescription
200

List of deployment protection rules

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME/deployment_protection_rules

List of deployment protection rules

Status: 200
{ "total_count": 2, "custom_deployment_protection_rules": [ { "id": 3, "node_id": "IEH37kRlcGxveW1lbnRTdGF0ddiv", "enabled": true, "app": { "id": 1, "node_id": "GHT58kRlcGxveW1lbnRTdTY!bbcy", "slug": "a-custom-app", "integration_url": "https://api.github.com/apps/a-custom-app" } }, { "id": 4, "node_id": "MDE2OkRlcGxveW1lbnRTdHJ41128", "enabled": true, "app": { "id": 1, "node_id": "UHVE67RlcGxveW1lbnRTdTY!jfeuy", "slug": "another-custom-app", "integration_url": "https://api.github.com/apps/another-custom-app" } } ] }

Create a custom deployment protection rule on an environment

Enable a custom deployment protection rule for an environment.

The authenticated user must have admin or owner permissions to the repository to use this endpoint.

For more information about the app that is providing this custom deployment rule, see the documentation for the GET /apps/{app_slug} endpoint, as well as the guide to creating custom deployment protection rules.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

  • "Administration" repository permissions (write)

Parameters for "Create a custom deployment protection rule on an environment"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
environment_name string Required

The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

owner string Required

The account owner of the repository. The name is not case sensitive.

Body parameters
integration_id integer

The ID of the custom app that will be enabled on the environment.

http_status_code

status_codeDescription
201

The enabled custom deployment protection rule

code_samples

data_residency_notice

request_example

post/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME/deployment_protection_rules \ -d '{"integration_id":5}'

The enabled custom deployment protection rule

Status: 201
{ "id": 3, "node_id": "IEH37kRlcGxveW1lbnRTdGF0ddiv", "enabled": true, "app": { "id": 1, "node_id": "GHT58kRlcGxveW1lbnRTdTY!bbcy", "slug": "a-custom-app", "integration_url": "https://api.github.com/apps/a-custom-app" } }

List custom deployment rule integrations available for an environment

Gets all custom deployment protection rule integrations that are available for an environment.

The authenticated user must have admin or owner permissions to the repository to use this endpoint.

For more information about environments, see "Using environments for deployment."

For more information about the app that is providing this custom deployment rule, see "GET an app".

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

  • "Administration" repository permissions (read)

Parameters for "List custom deployment rule integrations available for an environment"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
environment_name string Required

The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

owner string Required

The account owner of the repository. The name is not case sensitive.

Query parameters
page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

http_status_code

status_codeDescription
200

A list of custom deployment rule integrations available for this environment.

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/apps
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME/deployment_protection_rules/apps

A list of custom deployment rule integrations available for this environment.

Status: 200
[ { "total_count": 2 }, { "available_custom_deployment_protection_rule_integrations": [ { "id": 1, "node_id": "GHT58kRlcGxveW1lbnRTdTY!bbcy", "slug": "a-custom-app", "integration_url": "https://api.github.com/apps/a-custom-app" }, { "id": 2, "node_id": "UHVE67RlcGxveW1lbnRTdTY!jfeuy", "slug": "another-custom-app", "integration_url": "https://api.github.com/apps/another-custom-app" } ] } ]

Get a custom deployment protection rule

Gets an enabled custom deployment protection rule for an environment. Anyone with read access to the repository can use this endpoint. For more information about environments, see "Using environments for deployment."

For more information about the app that is providing this custom deployment rule, see GET /apps/{app_slug}.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

  • "Actions" repository permissions (read)

allows_public_read_access

Parameters for "Get a custom deployment protection rule"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

environment_name string Required

The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F.

protection_rule_id integer Required

The unique identifier of the protection rule.

http_status_code

status_codeDescription
200

OK

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/{protection_rule_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME/deployment_protection_rules/PROTECTION_RULE_ID

Response

Status: 200
{ "id": 3, "node_id": "IEH37kRlcGxveW1lbnRTdGF0ddiv", "enabled": true, "app": { "id": 1, "node_id": "GHT58kRlcGxveW1lbnRTdTY!bbcy", "slug": "a-custom-app", "integration_url": "https://api.github.com/apps/a-custom-app" } }

Disable a custom protection rule for an environment

Disables a custom deployment protection rule for an environment.

The authenticated user must have admin or owner permissions to the repository to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

  • "Administration" repository permissions (write)

Parameters for "Disable a custom protection rule for an environment"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
environment_name string Required

The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

owner string Required

The account owner of the repository. The name is not case sensitive.

protection_rule_id integer Required

The unique identifier of the protection rule.

http_status_code

status_codeDescription
204

No Content

code_samples

data_residency_notice

request_example

delete/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/{protection_rule_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME/deployment_protection_rules/PROTECTION_RULE_ID

Response

Status: 204