Page:
Branch-Protection-API
Clone
Branch Protection API
Branch protection rules control who can push, force-push, delete, merge, and approve on protected branches.
See the swagger docs for full API reference.
Repo-Level Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/repos/{owner}/{repo}/branch_protections |
List branch protection rules |
| POST | /api/v1/repos/{owner}/{repo}/branch_protections |
Create rule |
| GET | /api/v1/repos/{owner}/{repo}/branch_protections/{name} |
Get rule |
PATCH /api/v1/repos/{owner}/{repo}/branch_protections/{name} |
Edit rule | |
| DELETE | /api/v1/repos/{owner}/{repo}/branch_protections/{name} |
Delete rule |
Org-Level Endpoints
See Org Branch Protection API for org-level rulesets that cascade to all repos.
Delete Allowlist (New)
Branch protection rules now support a configurable delete allowlist, following the same pattern as the force-push allowlist.
API Fields
| Field | Type | Description |
|---|---|---|
enable_delete |
bool | Enable deletion of this protected branch |
enable_delete_allowlist |
bool | Restrict deletion to allowlisted users/teams |
delete_allowlist_usernames |
string[] | Usernames allowed to delete |
delete_allowlist_teams |
string[] | Team names allowed to delete |
delete_allowlist_deploy_keys |
bool | Allow deploy keys to delete |
delete_allowlist_actions_user |
bool | Allow actions bot to delete |
Behavior
- Default (
enable_delete: false): Protected branch cannot be deleted - Enabled without allowlist: Anyone with admin access can delete (higher threshold than force-push which uses write access)
- Enabled with allowlist: Only specified users/teams/deploy keys can delete
Example: Allow CI to Delete rc Branch
{
"rule_name": "rc",
"enable_delete": true,
"enable_delete_allowlist": true,
"delete_allowlist_actions_user": true
}
Revision History
| Date | Change |
|---|---|
| 2026-06-28 | Added delete allowlist fields (#696), restructured as full reference |
| 2026-06-27 | Initial page (redirect to org API) |