| title | Working with push protection from the REST API | ||||
|---|---|---|---|---|---|
| shortTitle | Push protection from the REST API | ||||
| intro | Learn your options for unblocking your push to {% data variables.product.prodname_dotcom %} using the REST API if {% data variables.product.prodname_secret_scanning %} detects a secret in the content of your API request. | ||||
| permissions | {% data reusables.permissions.push-protection-resolve-block %} | ||||
| versions |
|
||||
| topics |
|
||||
| redirect_from |
|
||||
| contentType | concepts |
Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.
The "Create a blob" and "Create or update file contents" endpoints in the REST API include push protection. See AUTOTITLE and AUTOTITLE.
If you make a request with these endpoints whose content includes a supported secret, the REST API will return a 409 error, indicating that a secret has been detected.
To resolve the error, you can either:
- Remove the secret from the content of your API request before trying again.
- Create a push protection bypass: You can bypass push protection using the "Create a push protection bypass" endpoint. For more information, see AUTOTITLE.