jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity
Files
repo-sync
docs/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md
Hirsch Singhal fcb5246fd7 Enterprise installations for GitHub Apps and enterprise app managers (#56338) 
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: isaacmbrown <isaacmbrown@github.com>
2025-07-01 19:32:09 +00:00

3.6 KiB
Raw Permalink Blame History

title, intro, versions, topics, shortTitle
title intro versions topics shortTitle
Authenticating as a GitHub App You can authenticate as a {% data variables.product.prodname_github_app %} in order to generate an installation access token or manage your app.
fpt ghes ghec
* * *
GitHub Apps
Authenticate as an app

About authentication as a {% data variables.product.prodname_github_app %}

You must authenticate as a {% data variables.product.prodname_github_app %} in order to make REST API requests as the application. For example, if you want to use the API to generate an installation access token for accessing organization{% ifversion enterprise-installed-apps %} or enterprise{% endif %} resources, list installations across accounts for your app, or suspend an app installation, you must authenticate as an app.

If a REST API endpoint requires you to authenticate as an app, the documentation for that endpoint will indicate that you must use a JWT to access the endpoint. The GraphQL API does not support any queries or mutations that require you to authenticate with a JWT.

Using a JSON Web Token (JWT) to authenticate as a {% data variables.product.prodname_github_app %}

  1. Generate a JSON Web Token (JWT) for your app. For more information, see AUTOTITLE.

  2. Include the JWT in the Authorization header of your request. In the following example, replace YOUR_JWT with your JWT.

    curl --request GET \
--url "{% data variables.product.rest_url %}/app/installations" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer YOUR_JWT" \
--header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"

Using the Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}

You can use {% data variables.product.company_short %}'s Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}. One advantage of using the SDK to authenticate is that you do not need to generate a JSON web token (JWT) yourself. Additionally, the SDK will take care of regenerating the JWT when it expires.

Note

You must install and import octokit in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see Usage in the octokit/octokit repository.

  1. Get the ID of your app. You can find your app's ID on the settings page for your {% data variables.product.prodname_github_app %}. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see AUTOTITLE.

  2. Generate a private key. For more information, see AUTOTITLE.

  3. Import App from octokit.

    import { App } from "octokit";

  4. Create a new instance of App. In the following example, replace APP_ID with a reference to your app's ID. Replace PRIVATE_KEY with a reference to the value of your app's private key.

     const app = new App({
  appId: APP_ID,
  privateKey: PRIVATE_KEY,
});

  5. Use an octokit method to make a request to a REST API endpoint that requires a JWT. For example:

    await app.octokit.request("/app")
Reference in New Issue View Git Blame Copy Permalink