OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.
Use this endpoint to complete the handshake necessary when implementing the GitHub App Manifest flow. When you create a GitHub App with the manifest flow, you receive a temporary code used to retrieve the GitHub App’s id, pem (private key), and webhook_secret.
Creates an installation access token that enables a GitHub App to make authenticated API requests for the app’s installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access. Optionally, you can use the repositories or repository_ids body parameters to specify individual repositories that the installation access token can access. If you don’t use repositories or repository_ids to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to. Up to 500 repositories can be listed in this manner. Optionally, use the permissions body parameter to specify the permissions that the installation access token should have. If permissions is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted. When using the repository or permission parameters to reduce the access of the token, the complexity of the token is increased due to both the number of permissions in the request and the number of repositories the token will have access to. If the complexity is too large, the token will fail to be issued. If this occurs, the error message will indicate the maximum number of repositories that should be requested. For the average application requesting 8 permissions, this limit is around 5000 repositories. With fewer permissions requested, more repositories are supported. You must use a JWT to access this endpoint.
OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application’s client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token’s owner will be deleted. Deleting an application’s grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user’s account and will no longer be listed on the application authorizations settings screen within GitHub.
Uninstalls a GitHub App on a user, organization, or business account. If you prefer to temporarily suspend an app’s access to your account’s resources, then we recommend the "Suspend an app installation" endpoint. You must use a JWT to access this endpoint.
OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization. You must use Basic Authentication when accessing this endpoint, using the application’s client_id and client_secret as the username and password.
Returns the GitHub App associated with the authentication credentials used. To see how many app installations are associated with this GitHub App, see the installations_count in the response. For more details about your app’s installations, see the "List installations for the authenticated app" endpoint. You must use a JWT to access this endpoint.
Note: The :app_slug is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., https://github.com/settings/apps/:app_slug).
Enables an authenticated GitHub App to find the repository’s installation information. The installation’s account type will be either an organization or a user account, depending which account the repository belongs to. You must use a JWT to access this endpoint.
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won’t be processed until the end of their billing cycle, you will also see the upcoming pending change. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won’t be processed until the end of their billing cycle, you will also see the upcoming pending change. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App." You must use a JWT to access this endpoint.
Returns user and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won’t be processed until the end of their billing cycle, you will also see the upcoming pending change. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
Returns repository and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won’t be processed until the end of their billing cycle, you will also see the upcoming pending change. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
List repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access for an installation. The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership. The access the user has to each repository is included in the hash under the permissions key.
Lists installations of your GitHub App that the authenticated user has explicit permission (:read, :write, or :admin) to access. The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership. You can find the permissions for the installation under the permissions key.
Lists all plans that are part of your GitHub Marketplace listing. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
Lists all plans that are part of your GitHub Marketplace listing. GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
Remove a single repository from an installation. The authenticated user must have admin access to the repository. The installation must have the repository_selection of selected.
OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the application’s client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.
Revokes the installation token you’re using to authenticate as an installation and access this endpoint. Once an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the "Create an installation access token for an app" endpoint.
Use a non-scoped user access token to create a repository-scoped and/or permission-scoped user access token. You can specify which repositories the token can access and which permissions are granted to the token. Invalid tokens will return 404 NOT FOUND. You must use Basic Authentication when accessing this endpoint, using the client_id and client_secret of the GitHub App as the username and password.
Suspends a GitHub App on a user, organization, or business account, which blocks the app from accessing the account’s resources. When a GitHub App is suspended, the app’s access to the GitHub API or webhook events is blocked for that account. You must use a JWT to access this endpoint.
Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App." You must use a JWT to access this endpoint.