GitScope LogoGitScope
Developer API

API Reference

Integrate GitHub analytics into your workflows with the GitScope REST API.

Authentication

All API requests must include a valid session cookie from NextAuth.js. The API uses the same authentication as the web interface — there are no separate API tokens. All requests must be made over HTTPS.

Session-based authentication (automatic with browser cookies)

Public Endpoints

These endpoints are available to all users, including guests (limited by rate limits):

GET/api/github/proxy?path={github_api_path}

Proxy requests to GitHub API with optional user token. Rate limited.

GET /api/github/proxy?path=repos/facebook/react
GET/api/github/rate-limit

Check current GitHub API rate limit status

GET/api/github/trending

Get trending repositories by language and time window

GET/api/github/search

Search GitHub repositories and users

GET/api/csrf

Get a fresh CSRF token for state-changing requests

Authenticated Endpoints

These endpoints require a valid session (GitHub OAuth or email/password):

GET/api/user/settings

Get user profile, connected providers, AI tier, and recent jobs

GET/api/user/history

Get user's repository search history

POST/api/user/history

Add a repository to search history

GET/api/user/notifications

Get user's in-app notifications

PATCH/api/user/account

Update password or GitHub PAT

GET/api/user/ai-capabilities

Get AI features available for user's tier

GitHub OAuth Required

These endpoints require GitHub OAuth sign-in specifically:

GET/api/user/code-impact?repo={owner/repo}

Get code impact analysis for a repository

GET/api/user/pr-risk?repo={owner/repo}

Get PR risk analysis and scoring

GET/api/user/dora-metrics?repo={owner/repo}

Get DORA metrics (deployment frequency, lead time, etc.)

GET/api/user/dependency-map?repo={owner/repo}

Get dependency analysis and security advisories

POST/api/ai/analyze

AI-powered repository analysis via Claude

Rate Limits

Guest (no auth)60 req/hr
Authenticated5,000 req/hr
AI Analysis10 req/min
Auth Endpoints5 req/min

Rate limits are per IP for guests, per token for authenticated users.

Security

  • HTTPS required for all requests
  • CSRF tokens for state-changing operations
  • Secure, httpOnly, SameSite=Strict cookies
  • IP-based rate limiting with abuse detection
View Security Policy

Coming Soon

gitscope-js (npm)
gitscope-go (module)
gitscope-python (pip)

Official SDKs are planned for future release. For now, use the REST API directly.