# REST API endpoints for blocking users Use the REST API to block and unblock users in an organization. ## About blocking users The token used to authenticate the call must have the `admin:org` scope in order to make any blocking calls for an organization. Otherwise, the response returns `HTTP 404`. > [!NOTE] > Most endpoints use `Authorization: Bearer ` and `Accept: application/vnd.github+json` headers, plus `X-GitHub-Api-Version: 2026-03-10`. Curl examples below omit these standard headers for brevity. ## List users blocked by an organization ``` GET /orgs/{org}/blocks ``` List the users blocked by an organization. ### Parameters #### Headers - **`accept`** (string) Setting to `application/vnd.github+json` is recommended. #### Path and query parameters - **`org`** (string) (required) The organization name. The name is not case sensitive. - **`per_page`** (integer) The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30` - **`page`** (integer) The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1` ### HTTP response status codes - **200** - OK ### Code examples #### Example **Request:** ```curl curl -L \ -X GET \ https://api.github.com/orgs/ORG/blocks ``` **Response schema (Status: 200):** Array of `Simple User`: * `name`: string or null * `email`: string or null * `login`: required, string * `id`: required, integer, format: int64 * `node_id`: required, string * `avatar_url`: required, string, format: uri * `gravatar_id`: required, string or null * `url`: required, string, format: uri * `html_url`: required, string, format: uri * `followers_url`: required, string, format: uri * `following_url`: required, string * `gists_url`: required, string * `starred_url`: required, string * `subscriptions_url`: required, string, format: uri * `organizations_url`: required, string, format: uri * `repos_url`: required, string, format: uri * `events_url`: required, string * `received_events_url`: required, string, format: uri * `type`: required, string * `site_admin`: required, boolean * `starred_at`: string * `user_view_type`: string ## Check if a user is blocked by an organization ``` GET /orgs/{org}/blocks/{username} ``` Returns a 204 if the given user is blocked by the given organization. Returns a 404 if the organization is not blocking the user, or if the user account has been identified as spam by GitHub. ### Parameters #### Headers - **`accept`** (string) Setting to `application/vnd.github+json` is recommended. #### Path and query parameters - **`org`** (string) (required) The organization name. The name is not case sensitive. - **`username`** (string) (required) The handle for the GitHub user account. ### HTTP response status codes - **204** - If the user is blocked - **404** - If the user is not blocked ### Code examples #### Example **Request:** ```curl curl -L \ -X GET \ https://api.github.com/orgs/ORG/blocks/USERNAME ``` **Response schema (Status: 204):** ## Block a user from an organization ``` PUT /orgs/{org}/blocks/{username} ``` Blocks the given user on behalf of the specified organization and returns a 204. If the organization cannot block the given user a 422 is returned. ### Parameters #### Headers - **`accept`** (string) Setting to `application/vnd.github+json` is recommended. #### Path and query parameters - **`org`** (string) (required) The organization name. The name is not case sensitive. - **`username`** (string) (required) The handle for the GitHub user account. ### HTTP response status codes - **204** - No Content - **422** - Validation failed, or the endpoint has been spammed. ### Code examples #### Example **Request:** ```curl curl -L \ -X PUT \ https://api.github.com/orgs/ORG/blocks/USERNAME ``` **Response schema (Status: 204):** ## Unblock a user from an organization ``` DELETE /orgs/{org}/blocks/{username} ``` Unblocks the given user on behalf of the specified organization. ### Parameters #### Headers - **`accept`** (string) Setting to `application/vnd.github+json` is recommended. #### Path and query parameters - **`org`** (string) (required) The organization name. The name is not case sensitive. - **`username`** (string) (required) The handle for the GitHub user account. ### HTTP response status codes - **204** - No Content ### Code examples #### Example **Request:** ```curl curl -L \ -X DELETE \ https://api.github.com/orgs/ORG/blocks/USERNAME ``` **Response schema (Status: 204):**