Api/users/search endpoint returning all users

Kristoffer_Bergman · May 16, 2022, 3:00am

Hello!

I am currently trying out your WEB API, and I noticed that the api/users/search endpoint seems to return users outside of your organization. Is this intentional?

With the information being returned, it’s not really a security risk, but it’s the first time I have seen a “public” API endpoint like this so I was just curious.

Colin · May 16, 2022, 9:25am

Hey there.

A couple things!

https://api.github.com/users allows unauthenticated access
We will stop allowing unauthenticated access this month
Eventually, we’d like to restrict endpoints like this to the organization. We have some work to do around onboarding new team members before we can make that happen.

Kristoffer_Bergman · May 17, 2022, 8:28am

Hello Colin.

Got it! Thank you for the reply.

system · May 24, 2022, 8:29am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.