Add mentions of organization APIs for fine-grained PATs management - [Public Beta] (#35712)

2023-03-24 14:44:29 -04:00 · 2023-03-24 14:44:29 -04:00 · 7bb90fd5cd
--- a/content/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization.md
+++ b/content/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization.md
@ -20,6 +20,12 @@ When organization members create a {% data variables.product.pat_v2 %} to access

 {% endnote %}

+{% ifversion pat-v2-org-admin-api %}
+
+Organization admins can also use the REST API to review and manage {% data variables.product.pat_v2 %} requests. These endpoints can only be called by {% data variables.product.prodname_github_apps %}, and cannot be called with {% data variables.product.pat_generic_plural %} or {% data variables.product.prodname_oauth_apps %}. For more information, see "[AUTOTITLE](/rest/orgs/orgs#list-requests-to-access-organization-resources-with-fine-grained-personal-access-tokens)."
+
+{% endif %}
+
 ## Managing {% data variables.product.pat_v2 %} requests

 {% data reusables.profile.access_org %}
@ -38,3 +44,4 @@ Alternatively, you can approve or deny multiple tokens at once:
 {% data reusables.user-settings.patv2-filters %}
 1. Select each token that you want to approve or reject.
 1. Select the **request selected...** dropdown menu and click **Approve...** or **Deny...**.
+
--- a/content/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization.md
+++ b/content/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization.md
@ -16,7 +16,13 @@ When a token is revoked, the user who created the token will receive an email no

 Organization owners can only view and revoke {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}. Unless the organization {% ifversion ghec or ghes or ghae %}or enterprise {% endif %}has restricted access by {% data variables.product.pat_v1_plural %}, any {% data variables.product.pat_v1 %} can access organization resources until the token expires. For more information about restricting access by {% data variables.product.pat_v1_plural %}, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)"{% ifversion ghec or ghes or ghae %} and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)"{% endif %}.

-{% ifversion ghec %} Organization owners can also view and revoke {% data variables.product.pat_v1_plural %} if their organization requires SAML single-sign on. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-authorized-credentials)". For more information about using the REST API to do this, see "[AUTOTITLE](/rest/orgs/orgs#list-saml-sso-authorizations-for-an-organization)" and "[AUTOTITLE](/rest/orgs/orgs#remove-a-saml-sso-authorization-for-an-organization)."{% endif %}
+{% ifversion ghec %} Organization owners can also view and revoke {% data variables.product.pat_v1_plural %} if their organization requires SAML single-sign on. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-authorized-credentials)". For more information about using the REST API to do this, see "[List SAML SSO authorizations for an organization](/rest/orgs/orgs#list-saml-sso-authorizations-for-an-organization)" and "[Remove a SAML SSO authorization for an organization](/rest/orgs/orgs#remove-a-saml-sso-authorization-for-an-organization)."{% endif %}
+
+{% ifversion pat-v2-org-admin-api %} 
+
+Organization admins can also use the REST API to review and revoke {% data variables.product.pat_v2 %}s. These endpoints can only be called by {% data variables.product.prodname_github_apps %}, and cannot be called with {% data variables.product.pat_generic_plural %} or {% data variables.product.prodname_oauth_apps %}. For more information, see "[AUTOTITLE](/rest/orgs/orgs#list-fine-grained-personal-access-tokens-with-access-to-organization-resources)."
+
+{% endif %}

 ## Reviewing and revoking  {% data variables.product.pat_v2 %}s

--- a/data/features/pat-v2-org-admin-api.yml
+++ b/data/features/pat-v2-org-admin-api.yml
@ -0,0 +1,7 @@
+# Issue 9059
+# API for org admins to review/manage PATv2s and requests for PATvs
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.10'
+  ghae: '>=3.10'