Format of Personal Access Tokens
- In GitHub, personal access tokens are hex string, like
e72e16c7e42f292c6912e7710c838347ae178b4a
. - In GitLab, personal access tokens are like Base62 string, like
9koXpg98eAheJpvBs5tK
.
Personal Access Tokens as OAuth2 Tokens
- In GitHub, personal access tokens are used as OAuth2 tokens.
- In GitHub, personal access tokens are different from OAuth2 tokens (There are also private tokens, but I couldn't find the way to get it).
HTTP Request Header for Authorization
- In GitHub, personal access tokens are passed via "Authorization" header in HTTP request like
Authorization: token e72e16c7e42f292c6912e7710c838347ae178b4a
(also you can useAuthorization: Bearer
instead ofAuthorization: token
). - In GitHub, personal access tokens are passed via "PRIVATE-TOKEN" header in HTTP request like
PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK
.
Query String for Authorization
- In GitHub, you can pass personal access tokens via query string like
GET /projects?access_token=e72e16c7e42f292c6912e7710c838347ae178b4a
. - In GitLab, you can pass personal access tokens via query string like
GET /projects?private_token=9koXpg98eAheJpvBs5tK
.
HTTP Status Code for Authorization Failure
- In GitHub, you will get 404 error when you failed to authorize (you cannot distinguish the authorization error from the other errors).
- In GitLab, you will get 401 error when you failed to authorize (you can distinguish the authorization error from the other errors).
How to Specify a Project
- In GitHub, you can specify a project by name, like
GET /api/v3/repos/Project/Repository/pulls
. - In GitLab, you cannot specify a project by name. You should use a project ID, like
GET /api/v4/projects/12/merge_requests
. You cannot see the project ID in the Web UI (You have to call API for project IDs, or see hidden tag in HTML source).
How to List All Comments in Pull Requests
- In GitHub, you can list all the comments in pull requests like
GET /api/v3/repos/Project/Repository/pulls/comments
. - In GitLab, you cannot list all the comments in pull requests. You should specify each merge request and get comments like
GET /api/v4/projects/12/merge_requests/42/notes
(42 is the iid of a merge request).
Content-Type header in HTTP response
- HTTP response of GitHub API contains
Content-Type
header likeContent-Type: application/json; charset=utf-8
. - HTTP response of GitLab API does not contain
Content-Type
header, SoInvoke-RestMethod
of PowerShell causes mojibake (see http://satob.hatenablog.com/entry/2018/01/18/014615).