Third-party access / Teacher(script) fetches student repositories


I wonder if I am asking this from a correct category … because what I understood so far is that API might be tied to personal access tokens. Boot me out, if I am talking nonsense and asking dumb things in a wrong place.

Goal: As a teacher, I want to write a (Python) script which retrieves (clones) student repositories (weekly, on due dates). Said repositories would/should be private (to avoid borrowing solutions from other students).


  • Clone (fetch) private repository (preferably, specific folder therein, but full clone is just fine as well). [must-have]
  • Verify that the repository is private. [nice-to-have, purely optional]
  • Create issues. [nice-to-have… next year]

I don’t think personal authentication tokens are what I should be looking at - “personal” being the operative work, I think.

Does GitHub API have mechanisms/features that would serve my needs? If so, could someone direct me to the relevant documentation, please? (My Google-fu was too weak to find materials that seemed relevant to my case).

Please excuse my question if its “obvious” or “dumb” - this is a completely new area for me and I am having difficulties getting up to speed.

Hello @jasata and welcome to the community.

The one must-have operation is something that you have to either do as a user who has been granted access to the repository or be given a deploy key that the owner of the repository (presumably the student) would generate for you. The other two operations could be performed as a GitHub App or via the API in a user context. You can view the documentation on how to authenticate against the API in our developer documentation.

Let us know if you have more questions.