Skip to content

[Schema Inaccuracy] verification.verified_at marked as required but not present in API response #4995

New issue
New issue
Open
Open
[Schema Inaccuracy] verification.verified_at marked as required but not present in API response#4995
Labels
documentation
@aitestino

Description

@aitestino
aitestino
opened on Jun 29, 2025

Schema Inaccuracy

The verification schema incorrectly lists verified_at as a required field, but GitHub's API does not return this field in the actual response. This causes validation errors in generated client libraries that strictly enforce the schema.

Expected

The verified_at property in the verification schema should either:

  1. Be removed from the required array (since it's not actually returned by the API), or
  2. Be removed entirely from the schema properties if it's not part of the API response

Current schema definition in api.github.com.2022-11-28.json:

{
  "title": "Verification",
  "type": "object",
  "properties": {
    "verified": {
      "type": "boolean"
    },
    "reason": {
      "type": "string"
    },
    "payload": {
      "type": "string",
      "nullable": true
    },
    "signature": {
      "type": "string",
      "nullable": true
    },
    "verified_at": {
      "type": "string",
      "nullable": true
    }
  },
  "required": [
    "verified",
    "reason",
    "payload",
    "signature",
    "verified_at"  // <-- This field is not returned by the API
  ]
}

Reproduction Steps

  1. Make a request to get commit details with verification information:
$ curl -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/commits/COMMIT_SHA
  1. Observe the actual verification object returned:
{
  "sha": "example_sha",
  "commit": {
    "message": "Example commit message",
    "author": {...},
    "verification": {
      "verified": false,
      "reason": "unsigned",
      "signature": null,
      "payload": null
      // Note: No "verified_at" field is present
    }
  }
}
  1. The same issue occurs when using the git commits endpoint:
$ curl -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/git/commits/COMMIT_SHA

Impact

This schema inaccuracy causes validation errors in strongly-typed client libraries generated from the OpenAPI specification. For example, Python libraries using Pydantic validation will fail with:


pydantic.error_wrappers.ValidationError: 1 validation error for Verification
verified_at
field required (type=value_error.missing)

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions