Upcoming access restrictions to public API endpoints and UI views - GitHub Changelog
Try GitHub Copilot CLI
Attend GitHub Universe
Search
Back to changelog
As part of our ongoing commitment to protect our users and ensure responsible use of our platform, the Notifications team will soon introduce access restrictions to several public API endpoints and related UI views.
What’s changing
Access to the following public API endpoints will be limited to admins and collaborators:
List stargazers endpoint: /repos/{owner}/{repo}/stargazers
List watchers endpoint: /repos/{owner}/{repo}/subscribers
We will deprecate the endpoint and remove access to the underlying information:
List repositories watched by a user endpoint: /users/{username}/subscriptions
During the deprecation period, the endpoint will remain accessible but will return empty responses. Full removal will occur in a subsequent phase.
The following UI views will also be affected:
Repository stargazers view: /stargazers
Repository “You Know” stargazers view: /stargazers/you_know
Repository watchers view: /watchers
Some users may begin receiving empty responses or a 403 Forbidden status when accessing the endpoints or views listed above.
Why we are making this change
These endpoints and views currently expose public lists of stargazers and watchers, and this information has increasingly been misused to collect user data for spam activities which negatively impacts user experience and platform trust.
By restricting access, we aim to reduce misuse of public data, prevent user data from being leveraged for spam, and strengthen overall platform security.
We will continue monitoring usage patterns and evaluating additional safeguards to ensure a safe and reliable environment for all users.
Related Posts
Jun.30 Improvement
GitHub code coverage merge protection for pull requests
application security
Jun.30 Improvement
Upcoming cloud data retention policy for closed security alerts
application security<br>supply chain security
...<br>+1
Jun.24 Improvement
Self-service credential revocation for incident response
application security<br>enterprise management tools
...<br>+1
Jun.23 Improvement
Secret scanning adds extended metadata for Replicate secrets
application security
Jun.23 Release
Fetch Code Quality findings via REST API
application security
Jun.17 Improvement
Secret scanning updates – June 2026
application security
Jun.16 Release
GitHub Code Quality generally available July 20, 2026
application security<br>platform governance
...<br>+1
Jun.16 Release
Organization-level enablement for GitHub Code Quality
application security<br>enterprise management tools
...<br>+1
Jun.10 Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
application security
Subscribe to our developer newsletter
Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.
Enter your email*
Subscribe
By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.
Back to top
© 2026 GitHub, Inc.
Terms
Privacy
Manage Cookies
Do not share my personal information
LinkedIn icon
GitHub on LinkedIn
Instagram icon
GitHub on Instagram
YouTube icon
GitHub on YouTube
X icon
GitHub on X
TikTok icon
GitHub on TikTok
Twitch icon
GitHub on Twitch
GitHub icon
GitHub’s organization on GitHub