lukeenterprise/OT

## OT

Via OAuth Tokens
Alternatively, you can use personal access tokens or OAuth tokens instead of your password.
curl -u username:token https://api.github.com/user
This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.

Authenticating for SAML SSO
Note: Integrations and OAuth applications that generate tokens on behalf of others are automatically whitelisted.
If you're using the API to access an organization that enforces SAML SSO for authentication, you'll need to create a personal access token (PAT) and whitelist the token for that organization. Visit the URL specified in X-GitHub-SSO to whitelist the token for the organization.
curl -v -H "Authorization: token TOKEN" https://api.github.com/repos/octodocs-test/test
X-GitHub-SSO: required; url=https://github.com/orgs/octodocs-test/sso?authorization_request=AZSCKtL4U8yX1H3sCQIVnVgmjmon5fWxks5YrqhJgah0b2tlbl9pZM4EuMz4
{
  "message": "Resource protected by organization SAML enforcement. You must grant your personal token access to this organization.",
  "documentation_url": "https://help.github.com"
}
When requesting data that could come from multiple organizations (for example, requesting a list of issues created by the user), the X-GitHub-SSO header indicates which organizations require whitelisting:
curl -v -H "Authorization: token TOKEN" https://api.github.com/user/issues
X-GitHub-SSO: partial-results; organizations=21955855,20582480
The value organizations is a comma-separated list of organization IDs for organizations that require whitelisting.

Working with two-factor authentication
When you have two-factor authentication enabled, Basic Authentication for most endpoints in the REST API v3 requires that you use a personal access token or OAuth token instead of your username and password.
You can use GitHub developer settings to generate a new personal access token or the Create a new authorization endpoint in the OAuth Authorizations API to generate a new OAuth token. Then you would use these tokens to authenticate using OAuth token with the GitHub API. The only time you need to authenticate with your username and password is when you create your OAuth token or use the OAuth Authorizations API.

Using the OAuth Authorizations API with two-factor authentication
When you make calls to the OAuth Authorizations API, Basic Authentication requires that you use a one-time password (OTP) and your username and password instead of tokens. When you attempt to authenticate with the OAuth Authorizations API, the server will respond with a 401 Unauthorized and one of these headers to let you know that you need a two-factor authentication code:
X-GitHub-OTP: required; SMS or X-GitHub-OTP: required; app.
This header tells you how your account receives its two-factor authentication codes. Depending how you set up your account, you will either receive your OTP codes via SMS or you will use an application like Google Authenticator or 1Password. For more information, see "Configuring two-factor authentication." Pass the OTP in the header:
curl --request POST \
  --url https://api.github.com/authorizations \
  --header 'authorization: Basic PASSWORD' \
  --header 'content-type: application/json' \
  --header 'x-github-otp: OTP' \
  --data '{"scopes": ["public_repo"], "note": "test"}'

	Via OAuth Tokens
	Alternatively, you can use personal access tokens or OAuth tokens instead of your password.
	curl -u username:token https://api.github.com/user
	This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.

	Authenticating for SAML SSO
	Note: Integrations and OAuth applications that generate tokens on behalf of others are automatically whitelisted.
	If you're using the API to access an organization that enforces SAML SSO for authentication, you'll need to create a personal access token (PAT) and whitelist the token for that organization. Visit the URL specified in X-GitHub-SSO to whitelist the token for the organization.
	curl -v -H "Authorization: token TOKEN" https://api.github.com/repos/octodocs-test/test
	X-GitHub-SSO: required; url=https://github.com/orgs/octodocs-test/sso?authorization_request=AZSCKtL4U8yX1H3sCQIVnVgmjmon5fWxks5YrqhJgah0b2tlbl9pZM4EuMz4
	{
	"message": "Resource protected by organization SAML enforcement. You must grant your personal token access to this organization.",
	"documentation_url": "https://help.github.com"
	}
	When requesting data that could come from multiple organizations (for example, requesting a list of issues created by the user), the X-GitHub-SSO header indicates which organizations require whitelisting:
	curl -v -H "Authorization: token TOKEN" https://api.github.com/user/issues
	X-GitHub-SSO: partial-results; organizations=21955855,20582480
	The value organizations is a comma-separated list of organization IDs for organizations that require whitelisting.

	Working with two-factor authentication
	When you have two-factor authentication enabled, Basic Authentication for most endpoints in the REST API v3 requires that you use a personal access token or OAuth token instead of your username and password.
	You can use GitHub developer settings to generate a new personal access token or the Create a new authorization endpoint in the OAuth Authorizations API to generate a new OAuth token. Then you would use these tokens to authenticate using OAuth token with the GitHub API. The only time you need to authenticate with your username and password is when you create your OAuth token or use the OAuth Authorizations API.

	Using the OAuth Authorizations API with two-factor authentication
	When you make calls to the OAuth Authorizations API, Basic Authentication requires that you use a one-time password (OTP) and your username and password instead of tokens. When you attempt to authenticate with the OAuth Authorizations API, the server will respond with a 401 Unauthorized and one of these headers to let you know that you need a two-factor authentication code:
	X-GitHub-OTP: required; SMS or X-GitHub-OTP: required; app.
	This header tells you how your account receives its two-factor authentication codes. Depending how you set up your account, you will either receive your OTP codes via SMS or you will use an application like Google Authenticator or 1Password. For more information, see "Configuring two-factor authentication." Pass the OTP in the header:
	curl --request POST \
	--url https://api.github.com/authorizations \
	--header 'authorization: Basic PASSWORD' \
	--header 'content-type: application/json' \
	--header 'x-github-otp: OTP' \
	--data '{"scopes": ["public_repo"], "note": "test"}'