curl zipball or tarball from private GitHub release

What specific syntax must be used in order to download a binary tarball or zipball from a GitHub Release of a private GitHub repository?

Here is what we have tried:

Starting with documentation at this link, I have pursued the following with undesired failed results described as follows:

The following command from docs gives JSON response, but no artifact:

curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ghp_long8alpha8numeric8token" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/AccountName/RepoName/releases/tags/vers.a.b.c --ssl-no-revoke  

The zipball and tarball addresses returned by the preceding command look like:

"tarball_url": "https://api.github.com/repos/AccountName/RepoName/tarball/vers.a.b.c",
"zipball_url": "https://api.github.com/repos/AccountName/RepoName/zipball/vers.a.b.c",

Curl the URLs given by the preceding command

Next, I tried the following line, which puts the tarball_url from the preceding command's output into a curl command. But the following line returns a 0KB empty file named vers.a.b.c

curl -O -H "Authorization: Bearer ghp_long8alpha8numeric8token" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/AccountName/RepoName/tarball/vers.a.b.c --ssl-no-revoke

Curl the URL given in the GitHub website GUI

Finally, I navigated a web browser in the GitHub.com GUI to the Release page of the private repository and I right-clicked on the Source code (zip) link and chose "Copy link address" to get the URL that serves the zipball for users of the GitHub UI website. And I assembled the following command using the URL that works for point-and-click human users of the GUI. But the following command returns an empty zipball.

curl -O -H "Authorization: Bearer ghp_long8alpha8numeric8token" -H "X-GitHub-Api-Version: 2022-11-28" https://github.com/AccountName/RepoName/archive/refs/tags/vers.a.b.c.zip --ssl-no-revoke

The requirement is to be cross-platform and to use cURL. The initial environment in which we are testing this must be windows cmd.

BK2204's suggestion

Per bk2204's suggestion below, I tried the command:

curl -L -O -H "Authorization: Bearer ghp_long8alpha8numeric8token" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/AccountName/RepoName/tarball/vers.a.b.c --ssl-no-revoke

The result is a 20 KB text file that contains 311 unreadable lines. Not sure if the unreadable lines represent compressed data. But the file is unusable in its present form regardless.

What precise syntax must be used to successfully download the tarball or zipball?

The second set of curl commands you're using (the ones that fetch the tarball_url and zipball_url values) need to use the -L option to curl, because they will always redirect to another location, and the -L option indicates that redirects should be followed.

You can see that you're receiving a 3xx request in this case by using the -v option to curl, which prints the headers sent and received.

The service that serves archives and raw files at GitHub is on a separate domain, and the redirect will be to a URL on that domain, codeload.github.com. However, you're doing the right thing by using the API, because codeload.github.com doesn't use the same kind of tokens, so by accessing the API with your request, the redirection you receive will contain a temporary token that codeload.github.com will verify to give you the desired tarball or zipball.

You should not use the domain github.com for automated requests, including archives, because that domain is not designed to handle automated requests and has much stricter rate limits than the API. Making a substantial number of automated requests to the main domain (outside of HTTPS Git requests) will likely result in you receiving a 429 for some time.

The specific syntax to use is this:

curl -H "Authorization: Bearer $TOKEN" -L \
     -o foo.tar.gz \
     https://api.github.com/repos/$OWNER/$NAME/tarball/$REV

You will need to substitute $TOKEN, $OWNER, $NAME, and $REV. Instead, you may replace the URL with the one received from tarball_url or zipball_url, as appropriate.

Note that if you are not receiving the expected results, you are probably not authenticating correctly, and you should use the -v option to see what status code you're receiving. I have verified that this syntax works to download from my private repository.