Upcoming access restrictions to public API endpoints and UI views

petercooper1 pts0 comments

Upcoming access restrictions to public API endpoints and UI views - GitHub Changelog

Try GitHub Copilot CLI

Attend GitHub Universe

Search

Back to changelog

As part of our ongoing commitment to protect our users and ensure responsible use of our platform, the Notifications team will soon introduce access restrictions to several public API endpoints and related UI views.

What’s changing

Access to the following public API endpoints will be limited to admins and collaborators:

List stargazers endpoint: /repos/{owner}/{repo}/stargazers

List watchers endpoint: /repos/{owner}/{repo}/subscribers

We will deprecate the endpoint and remove access to the underlying information:

List repositories watched by a user endpoint: /users/{username}/subscriptions

During the deprecation period, the endpoint will remain accessible but will return empty responses. Full removal will occur in a subsequent phase.

The following UI views will also be affected:

Repository stargazers view: /stargazers

Repository “You Know” stargazers view: /stargazers/you_know

Repository watchers view: /watchers

Some users may begin receiving empty responses or a 403 Forbidden status when accessing the endpoints or views listed above.

Why we are making this change

These endpoints and views currently expose public lists of stargazers and watchers, and this information has increasingly been misused to collect user data for spam activities which negatively impacts user experience and platform trust.

By restricting access, we aim to reduce misuse of public data, prevent user data from being leveraged for spam, and strengthen overall platform security.

We will continue monitoring usage patterns and evaluating additional safeguards to ensure a safe and reliable environment for all users.

Related Posts

Jun.30 Improvement

GitHub code coverage merge protection for pull requests

application security

Jun.30 Improvement

Upcoming cloud data retention policy for closed security alerts

application security<br>supply chain security

...<br>+1

Jun.24 Improvement

Self-service credential revocation for incident response

application security<br>enterprise management tools

...<br>+1

Jun.23 Improvement

Secret scanning adds extended metadata for Replicate secrets

application security

Jun.23 Release

Fetch Code Quality findings via REST API

application security

Jun.17 Improvement

Secret scanning updates – June 2026

application security

Jun.16 Release

GitHub Code Quality generally available July 20, 2026

application security<br>platform governance

...<br>+1

Jun.16 Release

Organization-level enablement for GitHub Code Quality

application security<br>enterprise management tools

...<br>+1

Jun.10 Improvement

Incremental analysis for Go, C/C++, and CodeQL CLI

application security

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Enter your email*

Subscribe

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

Back to top

&copy; 2026 GitHub, Inc.

Terms

Privacy

Manage Cookies

Do not share my personal information

LinkedIn icon

GitHub on LinkedIn

Instagram icon

GitHub on Instagram

YouTube icon

GitHub on YouTube

X icon

GitHub on X

TikTok icon

GitHub on TikTok

Twitch icon

GitHub on Twitch

GitHub icon

GitHub’s organization on GitHub

github security application stargazers icon access

Related Articles