From 56ce718a1eb226425ba49aeb4d60fd567fde3dc2 Mon Sep 17 00:00:00 2001 From: Sarah Edwards Date: Wed, 14 Feb 2024 16:52:32 -0800 Subject: [PATCH] Update references to the fine-grained permission docs (#49213) --- .../about-authentication-with-a-github-app.md | 6 +++--- .../authenticating-as-a-github-app-installation.md | 2 +- .../choosing-permissions-for-a-github-app.md | 2 +- .../registering-a-github-app-from-a-manifest.md | 2 +- .../registering-a-github-app-using-url-parameters.md | 2 +- .../managing-your-personal-access-tokens.md | 5 ++++- .../rest/authentication/authenticating-to-the-rest-api.md | 6 ++++-- .../guides/scripting-with-the-rest-api-and-javascript.md | 2 +- .../rest/guides/scripting-with-the-rest-api-and-ruby.md | 2 +- .../using-the-rest-api/troubleshooting-the-rest-api.md | 8 ++++---- 10 files changed, 21 insertions(+), 16 deletions(-) diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md index e9a58a1e9c..50c7b3b007 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md @@ -19,12 +19,12 @@ redirect_from: ## Authentication as a {% data variables.product.prodname_github_app %} -Your app should authenticate as itself when it needs to generate an installation access token. An installation access token is required to authenticate as an app installation. Your app should also authenticate as itself when it needs to make API requests to manage resources related to the app. For example, when it needs to list the accounts where it is installed. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app)". +To authenticate as itself, your app will use a JSON Web Token (JWT). Your app should authenticate as itself when it needs to generate an installation access token. An installation access token is required to authenticate as an app installation. Your app should also authenticate as itself when it needs to make API requests to manage resources related to the app. For example, when it needs to list the accounts where it is installed. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app)." ## Authentication as an app installation -Your app should authenticate as an app installation when you want to attribute app activity to the app. Authenticating as an app installation lets your app access resources that are owned by the user or organization that installed the app. Authenticating as an app installation is ideal for automation workflows that don't involve user input. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." +To authenticate as an installation, your app will use an installation access token. Your app should authenticate as an app installation when you want to attribute app activity to the app. Authenticating as an app installation lets your app access resources that are owned by the user or organization that installed the app. Authenticating as an app installation is ideal for automation workflows that don't involve user input. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app)." ## Authentication on behalf of a user -Your app should authenticate on behalf of a user when you want to attribute app activity to a user. Similar to authenticating as an app installation, your app can access resources that are owned by the user or organization that installed the app. Authenticating on behalf of a user is ideal when you want to ensure that your app only takes actions that could be performed by a specific user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." +To authenticate on behalf of a user, your app will use a user access token. Your app should authenticate on behalf of a user when you want to attribute app activity to a user. Similar to authenticating as an app installation, your app can access resources that are owned by the user or organization that installed the app. Authenticating on behalf of a user is ideal when you want to ensure that your app only takes actions that could be performed by a specific user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md index e8573e61ee..462c171a1d 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md @@ -18,7 +18,7 @@ For example, if you want your app to change the `Status` field of an issue on a To make an API request as an installation, you must first generate an installation access token. Then, you will send the installation access token in the `Authorization` header of your subsequent API requests. You can also use {% data variables.product.company_short %}'s Octokit SDKs, which can generate an installation access token for you. -If a REST API endpoint works with a {% data variables.product.prodname_github_app %} installation access token, the REST reference documentation for that endpoint will say "Works with {% data variables.product.prodname_github_apps %}." Additionally, your app must have the required permissions to use the endpoint. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app)." +Some REST API endpoints do not accept installation access tokens, and most REST API endpoints require your app to have certain permissions to use an endpoint. To see whether a REST API endpoint accepts installation access tokens and to see what permissions are required, refer to the documentation for the endpoint. App installations can also use the GraphQL API. Similar to the REST API, the app must have certain permissions to access objects in the GraphQL API. For GraphQL requests, you should test that your app has the required permissions for the GraphQL queries and mutations that you want to make. diff --git a/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md b/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md index e5d4140b19..cc8b87265c 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md +++ b/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md @@ -47,7 +47,7 @@ On your {% data variables.product.prodname_github_app %} registration page, the ## Choosing permissions for REST API access -For more information about which REST API endpoints you can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For more information, see the documentation for the endpoint. +The REST API reference documentation for each endpoint states whether the endpoint works with {% data variables.product.prodname_github_apps %} and states what permissions are required in order for the app to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.prodname_github_app %} can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." For example, to use the `GET /orgs/{org}/dependabot/secrets` endpoint, your app must have at least read-level permission for the "organization dependabot secrets" permission. diff --git a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md index aaa9eaaa28..ae3afcc022 100644 --- a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md +++ b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md @@ -67,7 +67,7 @@ The person registering the app will be redirected to a GitHub page with an input `description` | `string` | A description of the {% data variables.product.prodname_github_app %}. `public` | `boolean` | Set to `true` when your {% data variables.product.prodname_github_app %} is available to the public or `false` when it is only accessible to the owner of the app. `default_events` | `array` | The list of [events](/webhooks-and-events/webhooks/webhook-events-and-payloads) the {% data variables.product.prodname_github_app %} subscribes to. -`default_permissions` | `object` | The set of [permissions](/rest/overview/permissions-required-for-github-apps) needed by the GitHub App. The format of the object uses the permission name for the key (for example, `issues`) and the access type for the value (for example, `write`). +`default_permissions` | `object` | The set of permissions needed by the GitHub App. The format of the object uses the permission name for the key (for example, `issues`) and the access type for the value (for example, `write`). For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app)." `request_oauth_on_install` | `boolean` | Set to `true` to request the user to authorize the {% data variables.product.prodname_github_app %}, after the {% data variables.product.prodname_github_app %} is installed. `setup_on_update` | `boolean` | Set to `true` to redirect users to the `setup_url` after they update your {% data variables.product.prodname_github_app %} installation. diff --git a/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md b/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md index 11c3ae4fdb..61820905f7 100644 --- a/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md +++ b/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md @@ -61,7 +61,7 @@ Parameter name | Type | Description ## {% data variables.product.prodname_github_app %} permissions -You can use query parameters to select the permissions for the {% data variables.product.prodname_github_app %} registration. For more information about the possible permissions you can select for the app, and the endpoints that the app can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." For the URL query parameter, use the permission name as the query parameter name, and set the query value to one of the possible values for that permission set. +You can use query parameters to select the permissions for the {% data variables.product.prodname_github_app %} registration. For the URL query parameter, use the permission name as the query parameter name, and set the query value to one of the possible values for that permission set. For example, to select "Read & write" permissions in the user interface for `contents`, your query string would include `contents=write`. To select "Read-only" permissions in the user interface for `blocking`, your query string would include `blocking=read`. To select "No access" in the user interface for `checks`, your query string would not include the `checks` permission. diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index 9c5a44361d..60809c9e63 100644 --- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -103,7 +103,10 @@ For more information about best practices, see "[AUTOTITLE](/rest/overview/keepi 1. Optionally, if the resource owner is an organization that requires approval for {% data variables.product.pat_v2 %}s, below the resource owner, in the box, enter a justification for the request. 1. Under **Repository access**, select which repositories you want the token to access. You should choose the minimal repository access that meets your needs. Tokens always include read-only access to all public repositories on {% data variables.product.prodname_dotcom %}. 1. If you selected **Only select repositories** in the previous step, under the **Selected repositories** dropdown, select the repositories that you want the token to access. -1. Under **Permissions**, select which permissions to grant the token. Depending on which resource owner and which repository access you specified, there are repository, organization, and account permissions. You should choose the minimal permissions necessary for your needs. For more information about what permissions are required for each REST API operation, see "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)." +1. Under **Permissions**, select which permissions to grant the token. Depending on which resource owner and which repository access you specified, there are repository, organization, and account permissions. You should choose the minimal permissions necessary for your needs. + + The REST API reference document for each endpoint states whether the endpoint works with {% data variables.product.pat_v2 %}s and states what permissions are required in order for the token to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.pat_v2 %} can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)." + 1. Click **Generate token**. If you selected an organization as the resource owner and the organization requires approval for {% data variables.product.pat_v2 %}s, then your token will be marked as `pending` until it is reviewed by an organization administrator. Your token will only be able to read public resources until it is approved. If you are an owner of the organization, your request is automatically approved. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization)." diff --git a/content/rest/authentication/authenticating-to-the-rest-api.md b/content/rest/authentication/authenticating-to-the-rest-api.md index 500788847a..840b68734d 100644 --- a/content/rest/authentication/authenticating-to-the-rest-api.md +++ b/content/rest/authentication/authenticating-to-the-rest-api.md @@ -45,7 +45,9 @@ After detecting several requests with invalid credentials within a short period, If you want to use the {% data variables.product.company_short %} REST API for personal use, you can create a {% data variables.product.pat_generic %}.{% ifversion pat-v2 %} If possible, {% data variables.product.company_short %} recommends that you use a {% data variables.product.pat_v2 %} instead of a {% data variables.product.pat_v1 %}.{% endif %} For more information about creating a {% data variables.product.pat_generic %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." -{% ifversion pat-v2 %}If you are using a {% data variables.product.pat_v2 %}, your {% data variables.product.pat_v2 %} requires specific permissions in order to access each REST API endpoint. For more information about the permissions that are required for each endpoint, see "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)." If you are using a {% data variables.product.pat_v1 %}, your {% else %}Your {% endif %}{% data variables.product.pat_v1 %} requires specific scopes in order to access each REST API endpoint. For general guidance about what scopes to choose, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)." +{% ifversion pat-v2 %}If you are using a {% data variables.product.pat_v2 %}, your {% data variables.product.pat_v2 %} requires specific permissions in order to access each REST API endpoint. The REST API reference document for each endpoint states whether the endpoint works with {% data variables.product.pat_v2 %}s and states what permissions are required in order for the token to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.pat_v2 %} can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)."{% endif %} + +{% ifversion pat-v2 %}If you are using a {% data variables.product.pat_v1 %}, your {% else %}Your {% endif %}{% data variables.product.pat_v1 %} requires specific scopes in order to access each REST API endpoint. For general guidance about what scopes to choose, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)." {% ifversion fpt or ghec %}If you use a {% data variables.product.pat_v1 %} to access an organization that enforces SAML single sign-on (SSO) for authentication, you will need to authorize your token after creation.{% ifversion pat-v2 %} {% data variables.product.pat_v2_caps %}s are authorized during token creation, before access to the organization is granted.{% endif %} For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)." @@ -56,7 +58,7 @@ If you do not authorize your {% data variables.product.pat_v1 %} for SAML SSO be If you want to use the API for an organization or on behalf of another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)." -Your {% data variables.product.prodname_github_app %} requires specific permissions in order to access each REST API endpoint. For more information about the permissions that are required for each endpoint, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." +The REST API reference documentation for each endpoint states whether the endpoint works with {% data variables.product.prodname_github_apps %} and states what permissions are required in order for the app to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.prodname_github_app %} can access with each permission, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." You can also create an OAuth token with an {% data variables.product.prodname_oauth_app %} to access the REST API. However, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %} instead. {% data variables.product.prodname_github_apps %} allow more control over the access and permission that the app has. diff --git a/content/rest/guides/scripting-with-the-rest-api-and-javascript.md b/content/rest/guides/scripting-with-the-rest-api-and-javascript.md index 0f35ab90b3..7fa59895c4 100644 --- a/content/rest/guides/scripting-with-the-rest-api-and-javascript.md +++ b/content/rest/guides/scripting-with-the-rest-api-and-javascript.md @@ -53,7 +53,7 @@ const octokit = new Octokit({ {% ifversion ghes %} ### Authenticating with a {% data variables.product.prodname_github_app %} -If you want to use the API on behalf of an organization or another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. If an endpoint is available to {% data variables.product.prodname_github_apps %}, the REST reference documentation for that endpoint will say "Works with {% data variables.product.prodname_github_apps %}." For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)," "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)," and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." +If you want to use the API on behalf of an organization or another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. If an endpoint is available to {% data variables.product.prodname_github_apps %}, the REST reference documentation for that endpoint will indicate what type of {% data variables.product.prodname_github_app %} token is required. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)." Instead of importing `Octokit` from `octokit`, import `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to your app's private key. Replace `INSTALLATION_ID` with the ID of the installation of your app that you want to authenticate on behalf of. You can find your app's ID and generate a private key on the settings page for your app. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)." You can get an installation ID with the `GET /users/{username}/installation`, `GET /repos/{owner}/{repo}/installation`, or `GET /orgs/{org}/installation` endpoints. For more information, see "[AUTOTITLE](/rest/apps/apps)" in the REST reference documentation.{% ifversion ghes %} Replace `HOSTNAME` with the name of {% data variables.location.product_location %}.{% endif %} diff --git a/content/rest/guides/scripting-with-the-rest-api-and-ruby.md b/content/rest/guides/scripting-with-the-rest-api-and-ruby.md index ab8bb1b64b..8f5882287a 100644 --- a/content/rest/guides/scripting-with-the-rest-api-and-ruby.md +++ b/content/rest/guides/scripting-with-the-rest-api-and-ruby.md @@ -50,7 +50,7 @@ octokit = Octokit::Client.new(access_token: 'YOUR-TOKEN') ### Authenticating with a {% data variables.product.prodname_github_app %} -If you want to use the API on behalf of an organization or another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. If an endpoint is available to {% data variables.product.prodname_github_apps %}, the REST reference documentation for that endpoint will say "Works with {% data variables.product.prodname_github_app %}." For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)," "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)," and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." +If you want to use the API on behalf of an organization or another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. If an endpoint is available to {% data variables.product.prodname_github_apps %}, the REST reference documentation for that endpoint will indicate what type of {% data variables.product.prodname_github_app %} token is required. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)" and "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)." Instead of requiring `octokit`, create an instance of `Octokit::Client` by passing your {% data variables.product.prodname_github_app %}'s information as options. In the following example, replace `APP_ID` with your app's ID, `PRIVATE_KEY` with your app's private key, and `INSTALLATION_ID` with the ID of the installation of your app that you want to authenticate on behalf of. You can find your app's ID and generate a private key on the settings page for your app. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)." You can get an installation ID with the `GET /users/{username}/installation`, `GET /repos/{owner}/{repo}/installation`, or `GET /orgs/{org}/installation` endpoints. For more information, see "[AUTOTITLE](/rest/apps/apps)" in the REST reference documentation.{% ifversion ghes %} Replace `HOSTNAME` with the name of {% data variables.location.product_location %}.{% endif %} diff --git a/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md b/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md index b87280dfd1..60256c9ab6 100644 --- a/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md +++ b/content/rest/using-the-rest-api/troubleshooting-the-rest-api.md @@ -41,18 +41,18 @@ If you get a `404 Not Found` response when you know that the resource that you a - The owner of the token has any permissions that are required to use the endpoint. For example, if an endpoint can only be used by organization owners, only users that are owners of the affected organization can use the endpoint. - The token has not been expired or revoked. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation)."{% ifversion pat-v2 %} - If you are using a {% data variables.product.pat_v2 %}, you should ensure that: - - The token has the permissions that are required to use the endpoint. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)." + - The token has the permissions that are required to use the endpoint. For more information about the required permissions, see the documentation for the endpoint. - The resource owner that was specified for the token matches the owner of the resource that the endpoint will affect. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)." - The token has access to any private repositories that the endpoint will affect. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)." - The owner of the token has any permissions that are required to use the endpoint. For example, if an endpoint can only be used by organization owners, only users that are owners of the affected organization can use the endpoint. - The token has not been expired or revoked. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation)."{% endif %} - If you are using a {% data variables.product.prodname_github_app %} installation access token, you should ensure that: - - The {% data variables.product.prodname_github_app %} has the permissions that are required to use the endpoint. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." + - The {% data variables.product.prodname_github_app %} has the permissions that are required to use the endpoint. For more information about the required permissions, see the documentation for the endpoint. - The endpoint is only affecting resources owned by the account where the {% data variables.product.prodname_github_app %} is installed. - The {% data variables.product.prodname_github_app %} has access to any repositories that the endpoint will affect. - The token has not been expired or revoked. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation)." - If you are using a {% data variables.product.prodname_github_app %} user access token, you should ensure that: - - The {% data variables.product.prodname_github_app %} has the permissions that are required to use the endpoint. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)." + - The {% data variables.product.prodname_github_app %} has the permissions that are required to use the endpoint. For more information about the required permissions, see the documentation for the endpoint. - The user that authorized the token has any permissions that are required to use the endpoint. For example, if an endpoint can only be used by organization owners, only users that are owners of the affected organization can use the endpoint. - The {% data variables.product.prodname_github_app %} has access to any repositories that the endpoint will affect. - The user has access to any repositories that the endpoint will affect. @@ -95,7 +95,7 @@ You can check the status of the REST API at [githubstatus.com](https://www.githu ## Resource not accessible -If you are using a {% data variables.product.prodname_github_app %}{% ifversion pat-v2 %} or {% data variables.product.pat_v2 %}{% endif %} and you receive a "Resource not accessible by integration"{% ifversion pat-v2 %} or "Resource not accessible by {% data variables.product.pat_generic %}"{% endif %} error, then your token has insufficient permissions. For more information about the permissions required for each endpoint, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps){% ifversion pat-v2 %}" and "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens){% endif %}." +If you are using a {% data variables.product.prodname_github_app %}{% ifversion pat-v2 %} or {% data variables.product.pat_v2 %}{% endif %} and you receive a "Resource not accessible by integration"{% ifversion pat-v2 %} or "Resource not accessible by {% data variables.product.pat_generic %}"{% endif %} error, then your token has insufficient permissions. For more information about the required permissions, see the documentation for the endpoint. {% ifversion rest-permissions-header %}