REST API endpoints for blocking users

About blocking users

The token used to authenticate the call must have the admin:org scope in order to make any blocking calls for an organization. Otherwise, the response returns HTTP 404.

List users blocked by an organization

List the users blocked by an organization.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Blocking users" organization permissions (read)

Parameters for "List users blocked by an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

http_status_code

status_code	Description
`200`	OK

code_samples

request_example

get/orgs/{org}/blocks

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/blocks

Response

Status: 200

[
  {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
]

Check if a user is blocked by an organization

Returns a 204 if the given user is blocked by the given organization. Returns a 404 if the organization is not blocking the user, or if the user account has been identified as spam by GitHub.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Blocking users" organization permissions (read)

Parameters for "Check if a user is blocked by an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`username` string Required The handle for the GitHub user account.

http_status_code

status_code	Description
`204`	If the user is blocked
`404`	If the user is not blocked

code_samples

request_example

get/orgs/{org}/blocks/{username}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/blocks/USERNAME

If the user is blocked

Status: 204

Block a user from an organization

Blocks the given user on behalf of the specified organization and returns a 204. If the organization cannot block the given user a 422 is returned.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Blocking users" organization permissions (write)

Parameters for "Block a user from an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`username` string Required The handle for the GitHub user account.

http_status_code

status_code	Description
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

put/orgs/{org}/blocks/{username}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/blocks/USERNAME

Response

Status: 204

Unblock a user from an organization

Unblocks the given user on behalf of the specified organization.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Blocking users" organization permissions (write)

Parameters for "Unblock a user from an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.
`username` string Required The handle for the GitHub user account.

http_status_code

status_code	Description
`204`	No Content

code_samples

request_example

delete/orgs/{org}/blocks/{username}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/blocks/USERNAME

Response

Status: 204