KJHOLMES34
diff --git a/‎content/github-cli/github-cli/quickstart.md
+2-21 b/‎content/github-cli/github-cli/quickstart.md
+2-21
diff --git a/‎content/rest/guides/getting-started-with-the-rest-api.md
+306-397 b/‎content/rest/guides/getting-started-with-the-rest-api.md
+306-397
diff --git a/‎content/rest/overview/authenticating-to-the-rest-api.md
+54-3 b/‎content/rest/overview/authenticating-to-the-rest-api.md
+54-3
diff --git a/‎content/rest/overview/resources-in-the-rest-api.md
-204 b/‎content/rest/overview/resources-in-the-rest-api.md
-204
@@ -19,26 +19,7 @@ shortTitle: Quickstart
 
 ## Prerequisites
 
-1. Install {% data variables.product.prodname_cli %} on macOS, Windows, or Linux. For more information, see [Installation](https://github.com/cli/cli#installation) in the {% data variables.product.prodname_cli %} repository.
-1. Authenticate with {% data variables.product.company_short %} by running this command from your terminal.{% ifversion ghes or ghae %} Replace `HOSTNAME` with the name of {% data variables.location.product_location %}. For example, `octo-inc.ghe.com`.{% endif %}
-
-   {%- ifversion fpt or ghec %}
-
-   ```shell
-   gh auth login
-   ```
-
-   {%- else %}
-
-   ```shell
-   gh auth login --hostname HOSTNAME
-   ```
-
-   {%- endif %}
-
-1. Follow the on-screen prompts.
-
-   {% data variables.product.prodname_cli %} automatically stores your Git credentials for you when you choose HTTPS as your preferred protocol for Git operations and answer "yes" to the prompt asking if you would like to authenticate to Git with your {% data variables.product.prodname_dotcom %} credentials. This can be useful as it allows you to use `git push`, `git pull`, and so on, without needing to set up a separate credential manager or use SSH.
+{% data reusables.rest-api.github-cli-install-and-auth %}
 
 ## Some useful commands
 
@@ -101,7 +82,7 @@ You can change configuration settings and add aliases or extensions, to make {%
 - Enter `gh config set SUBCOMMANDS` to configure {% data variables.product.prodname_cli %}'s settings, replacing `SUBCOMMANDS` with the setting you want to adjust.
 
   For example, you can specify the text editor that's used when a {% data variables.product.prodname_cli %} command requires you to edit text - such as when you add the body text for a new issue you're creating. To set your preferred text editor to {% data variables.product.prodname_vscode %} enter `gh config set editor "code -w"`. The `-w` (or `--wait`) flag in this example causes the command to wait for the file to be closed in {% data variables.product.prodname_vscode %} before proceeding with the next step in your terminal.
-  
+
   For more information, see [`gh config set`](https://cli.github.com/manual/gh_config_set).
 
 - Define aliases for commands that you commonly run. For example, if you run `gh alias set prd "pr create --draft"`, you will then be able to run `gh prd` to quickly open a draft pull request. For more information, see [`gh alias`](https://cli.github.com/manual/gh_alias).
 
@@ -18,7 +18,9 @@ shortTitle: Authenticating
 
 Many REST API endpoints require authentication or return additional information if you are authenticated. Additionally, you can make more requests per hour when you are authenticated.
 
-You can authenticate your request by sending a token in the `Authorization` header of your request. In the following example, replace `YOUR-TOKEN` with a reference to your token:
+To authenticate your request, you will need to provide an authentication token with the required scopes or permissions. There a few different ways to get a token: You can create a {% data variables.product.pat_generic %}, generate a token with a {% data variables.product.prodname_github_app %}, or use the built-in `GITHUB_TOKEN` in a {% data variables.product.prodname_actions %} workflow.
+
+After creating a token, you can authenticate your request by sending the token in the `Authorization` header of your request. For example, in the folllowing request, replace `YOUR-TOKEN` with a reference to your token:
 
 ```shell
 curl --request GET \
@@ -33,7 +35,11 @@ curl --request GET \
 
 {% endnote %}
 
-If you try to use a REST API endpoint without a token or with a token that has insufficient permissions, you will receive a `404 Not Found` or `403 Forbidden` response.
+### Failed login limit
+
+If you try to use a REST API endpoint without a token or with a token that has insufficient permissions, you will receive a `404 Not Found` or `403 Forbidden` response. Authenticating with invalid credentials will initially return a `401 Unauthorized` response.
+
+After detecting several requests with invalid credentials within a short period, the API will temporarily reject all authentication attempts for that user (including ones with valid credentials) with a `403 Forbidden` response. For more information, see "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)."
 
 ## Authenticating with a {% data variables.product.pat_generic %}
 
@@ -93,6 +99,50 @@ If you are the owner of a {% data variables.product.prodname_github_app %} or {%
 
 If you want to use the API in a {% data variables.product.prodname_actions %} workflow, {% data variables.product.company_short %} recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. You can grant permissions to the `GITHUB_TOKEN` with the `permissions` key. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)."
 
+If this is not possible, you can store your token as a secret and use the name of your secret in your {% data variables.product.prodname_actions %} workflow. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
+
+### Authenticating in a {% data variables.product.prodname_actions %} workflow using {% data variables.product.prodname_cli %}
+
+To make an authenticated request to the API in a {% data variables.product.prodname_actions %} workflow using {% data variables.product.prodname_cli %}, you can store the value of `GITHUB_TOKEN` as an environment variable, and use the `run` keyword to execute the {% data variables.product.prodname_cli %} `api` subcommand. For more information about the `run` keyword, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
+
+In the following example workflow, replace `PATH` with the path of the endpoint. For more information about the path, see "[AUTOTITLE](/rest/guides/getting-started-with-the-rest-api?tool=cli#path)."{% ifversion ghes or ghae %} Replace `HOSTNAME` with the name of {% data variables.location.product_location %}.{% endif %}
+
+```yaml
+jobs:
+  use_api:
+    runs-on: ubuntu-latest
+    permissions: {}
+    steps:
+      - env:
+          GH_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+        run: |
+          gh api /PATH
+```
+
+### Authenticating in a {% data variables.product.prodname_actions %} workflow using `curl`
+
+To make an authenticated request to the API in a {% data variables.product.prodname_actions %} workflow using `curl`, you can store the value of `GITHUB_TOKEN` as an environment variable, and use the `run` keyword to execute a `curl` request to the API. For more information about the `run` keyword, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
+
+In the following example workflow, replace `PATH` with the path of the endpoint. For more information about the path, see "[AUTOTITLE](/rest/guides/getting-started-with-the-rest-api?tool=cli#path)."{% ifversion ghes or ghae %} Replace `HOSTNAME` with the name of {% data variables.location.product_location %}.{% endif %}
+
+```yaml copy
+jobs:
+  use_api:
+    runs-on: ubuntu-latest
+    permissions: {}
+    steps:
+      - env:
+          GH_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+        run: |
+          curl --request GET \
+          --url "{% data variables.product.api_url_code %}/PATH" \
+          --header "Authorization: Bearer $GH_TOKEN"
+```
+
+### Authenticating in a {% data variables.product.prodname_actions %} workflow using JavaScript
+
+For an example of how to authenticate in a {% data variables.product.prodname_actions %} workflow using JavaScript, see "[AUTOTITLE](/rest/guides/scripting-with-the-rest-api-and-javascript#authenticating-in-github-actions)."
+
 ## Authenticating with username and password
 
 {% ifversion ghes %}
@@ -114,4 +164,5 @@ Authentication with username and password is not supported. If you try to authen
 
 ## Further reading
 
-- "[AUTOTITLE](/rest/overview/keeping-your-api-credentials-secure)."
+- "[AUTOTITLE](/rest/overview/keeping-your-api-credentials-secure)"
+- "[AUTOTITLE](/rest/guides/getting-started-with-the-rest-api#authenticating)"
@@ -12,167 +12,6 @@ topics:
   - API
 ---
 
-{% ifversion api-date-versioning %}
-
-## API version
-
-Available resources may vary between REST API versions. You should use the `X-GitHub-Api-Version` header to specify an API version. For more information, see "[AUTOTITLE](/rest/overview/api-versions)."
-
-{% endif %}
-
-## Schema
-
-{% ifversion fpt or ghec %}All API access is over HTTPS, and{% else %}The API is{% endif %} accessed from `{% data variables.product.api_url_code %}`.  All data is
-sent and received as JSON.
-
-```shell
-$ curl -I {% data variables.product.api_url_pre %}/users/octocat/orgs
-
-> HTTP/2 200
-> Server: nginx
-> Date: Fri, 12 Oct 2012 23:33:14 GMT
-> Content-Type: application/json; charset=utf-8
-> ETag: "a00049ba79152d03380c34652f2cb612"
-> X-GitHub-Media-Type: github.v3
-> x-ratelimit-limit: 5000
-> x-ratelimit-remaining: 4987
-> x-ratelimit-reset: 1350085394{% ifversion ghes %}
-> X-GitHub-Enterprise-Version: {{ currentVersion | remove: "enterprise-server@" }}.0{% elsif ghae %}
-> X-GitHub-Enterprise-Version: GitHub AE{% endif %}
-> Content-Length: 5
-> Cache-Control: max-age=0, private, must-revalidate
-> X-Content-Type-Options: nosniff
-```
-
-Blank fields are included as `null` instead of being omitted.
-
-All timestamps return in UTC time, ISO 8601 format:
-
-    YYYY-MM-DDTHH:MM:SSZ
-
-For more information about timezones in timestamps, see [this section](#timezones).
-
-### Summary representations
-
-When you fetch a list of resources, the response includes a _subset_ of the
-attributes for that resource. This is the "summary" representation of the
-resource. (Some attributes are computationally expensive for the API to provide.
-For performance reasons, the summary representation excludes those attributes.
-To obtain those attributes, fetch the "detailed" representation.)
-
-**Example**: When you get a list of repositories, you get the summary
-representation of each repository. Here, we fetch the list of repositories owned
-by the [octokit](https://github.com/octokit) organization:
-
-    GET /orgs/octokit/repos
-
-### Detailed representations
-
-When you fetch an individual resource, the response typically includes _all_
-attributes for that resource. This is the "detailed" representation of the
-resource. (Note that authorization sometimes influences the amount of detail
-included in the representation.)
-
-**Example**: When you get an individual repository, you get the detailed
-representation of the repository. Here, we fetch the
-[octokit/octokit.rb](https://github.com/octokit/octokit.rb) repository:
-
-    GET /repos/octokit/octokit.rb
-
-The documentation provides an example response for each API method. The example
-response illustrates all attributes that are returned by that method.
-
-## Authentication
-
-{% data variables.product.company_short %} recommends that you create a token to authenticate to the REST API. For more information about which type of token to create, see "[AUTOTITLE](/rest/overview/authenticating-to-the-rest-api)."
-
-You can authenticate your request by sending a token in the `Authorization` header of your request:
-
-```shell
-curl --request GET \
---url "{% data variables.product.api_url_code %}/octocat" \
---header "Authorization: Bearer YOUR-TOKEN"{% ifversion api-date-versioning %} \
---header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
-```
-
-{% note %}
-
-**Note:** {% data reusables.getting-started.bearer-vs-token %}
-
-{% endnote %}
-
-If you try to use a REST API endpoint without a token or with a token that has insufficient permissions, you will receive a `404 Not Found` or `403 Forbidden` response.
-
-{% ifversion fpt or ghes or ghec %}
-
-### OAuth2 key/secret
-
-{% data reusables.apps.deprecating_auth_with_query_parameters %}
-
-```shell
-curl -u my_client_id:my_client_secret '{% data variables.product.api_url_pre %}/user/repos'
-```
-
-Using your `client_id` and `client_secret` does _not_ authenticate as a user, it will only identify your {% data variables.product.prodname_oauth_app %} to increase your rate limit. Permissions are only granted to users, not applications, and you will only get back data that an unauthenticated user would see. Don't leak your {% data variables.product.prodname_oauth_app %}'s client secret to your users.
-
-{% ifversion ghes %}
-You will be unable to authenticate using your OAuth2 key and secret while in private mode, and trying to authenticate will return `401 Unauthorized`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-private-mode)".
-{% endif %}
-{% endif %}
-
-{% ifversion fpt or ghec %}
-
-For more information about rate limits for {% data variables.product.prodname_oauth_apps %}, see "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)."
-
-{% endif %}
-
-### Failed login limit
-
-Authenticating with invalid credentials will return `401 Unauthorized`:
-
-```shell
-$ curl -I {% data variables.product.api_url_pre %} --header "Authorization: Bearer INVALID-TOKEN"
-> HTTP/2 401
-
-> {
->   "message": "Bad credentials",
->   "documentation_url": "{% data variables.product.doc_url_pre %}"
-> }
-```
-
-After detecting several requests with invalid credentials within a short period,
-the API will temporarily reject all authentication attempts for that user
-(including ones with valid credentials) with `403 Forbidden`:
-
-```shell
-> HTTP/2 403
-> {
->   "message": "Maximum number of login attempts exceeded. Please try again later.",
->   "documentation_url": "{% data variables.product.doc_url_pre %}"
-> }
-```
-
-## Parameters
-
-Many API methods take optional parameters. For `GET` requests, any parameters not
-specified as a segment in the path can be passed as an HTTP query string
-parameter:
-
-```shell
-curl -i "{% data variables.product.api_url_pre %}/repos/vmg/redcarpet/issues?state=closed"
-```
-
-In this example, the 'vmg' and 'redcarpet' values are provided for the `:owner`
-and `:repo` parameters in the path while `:state` is passed in the query
-string.
-
-For `POST`, `PATCH`, `PUT`, and `DELETE` requests, parameters not included in the URL should be encoded as JSON
-with a Content-Type of 'application/json':
-
-```shell
-curl -i --header "Authorization: Bearer YOUR-TOKEN" -d '{"scopes":["repo_deployment"]}' {% data variables.product.api_url_pre %}/authorizations
-```
-
 ## Root endpoint
 
 You can issue a `GET` request to the root endpoint to get all the endpoint categories that the REST API supports:
@@ -186,20 +25,6 @@ $ curl {% ifversion fpt or ghae or ghec %}
 
 See the guide on "[AUTOTITLE](/graphql/guides/using-global-node-ids)" for detailed information about how to find `node_id`s via the REST API and use them in GraphQL operations.
 
-## HTTP verbs
-
-Where possible, the {% data variables.product.product_name %} REST API strives to use appropriate HTTP verbs for each
-action. Note that HTTP verbs are case-sensitive.
-
-Verb | Description
------|-----------
-`HEAD` | Can be issued against any resource to get just the HTTP header info.
-`GET` | Used for retrieving resources.
-`POST` | Used for creating resources.
-`PATCH` | Used for updating resources with partial JSON data. For instance, an Issue resource has `title` and `body` attributes. A `PATCH` request may accept one or more of the attributes to update the resource.
-`PUT` | Used for replacing resources or collections. For `PUT` requests with no `body` attribute, be sure to set the `Content-Length` header to zero.
-`DELETE` |Used for deleting resources.
-
 ## Hypermedia
 
 All resources may have one or more `*_url` properties linking to other
@@ -221,35 +46,6 @@ gem:
     >> tmpl.expand all: 1, participating: 1
     => "/notifications?all=1&participating=1"
 
-{% ifversion fpt or ghec %}
-
-## User agent required
-
-All API requests MUST include a valid `User-Agent` header. Requests with no `User-Agent`
-header will be rejected. We request that you use your {% data variables.product.product_name %} username, or the name of your
-application, for the `User-Agent` header value. This allows us to contact you if there are problems.
-
-Here's an example:
-
-```shell
-User-Agent: Awesome-Octocat-App
-```
-
-curl sends a valid `User-Agent` header by default. If you provide an invalid `User-Agent` header via curl (or via an alternative client), you will receive a `403 Forbidden` response:
-
-```shell
-$ curl -IH 'User-Agent: ' {% data variables.product.api_url_pre %}/meta
-> HTTP/1.0 403 Forbidden
-> Connection: close
-> Content-Type: text/html
-
-> Request forbidden by administrative rules.
-> Please make sure your request has a User-Agent header.
-> Check  for other possible causes.
-```
-
-{% endif %}
-
 ## Cross origin resource sharing
 
 The API supports Cross Origin Resource Sharing (CORS) for AJAX requests from