docs/content/apps/creating-github-apps/setting-up-a-github-app/about-apps.md

title, intro, redirect_from, versions, topics

title	intro	redirect_from	versions	topics
About apps	You can build integrations with the {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} APIs to add flexibility and reduce friction in your own workflow.{% ifversion fpt or ghec %} You can also share integrations with others on [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace).{% endif %}	/apps/building-integrationssetting-up-a-new-integration /apps/building-integrations /apps/getting-started-with-building-apps /apps/about-apps /developers/apps/about-apps /developers/apps/getting-started-with-apps/about-apps /apps/creating-github-apps/creating-github-apps/about-apps	fpt ghes ghae ghec * * * *	GitHub Apps

Apps on {% data variables.product.prodname_dotcom %} allow you to automate and improve your workflow. You can build apps to improve your workflow.{% ifversion fpt or ghec %} You can also share or sell apps in {% data variables.product.prodname_marketplace %}. To learn how to list an app on {% data variables.product.prodname_marketplace %}, see "AUTOTITLE."{% endif %}

{% data reusables.marketplace.github_apps_preferred %}, but GitHub supports both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %}. For information on choosing a type of app, see "AUTOTITLE."

{% data reusables.apps.general-apps-restrictions %}

For a walkthrough of the process of building a {% data variables.product.prodname_github_app %}, see "AUTOTITLE."

About {% data variables.product.prodname_github_apps %}

{% data variables.product.prodname_github_apps %} are first-class actors within GitHub. A {% data variables.product.prodname_github_app %} acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.

{% data variables.product.prodname_github_apps %} can be installed directly on organizations and personal accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your {% data variables.product.prodname_github_app %}, you can select the repositories you want it to access. For example, you can set up an app called MyGitHub that writes issues in the octocat repository and only the octocat repository. To install a {% data variables.product.prodname_github_app %}, you must be an organization owner or have admin permissions in a repository.

{% data reusables.apps.app_manager_role %}

{% data variables.product.prodname_github_apps %} are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "AUTOTITLE."

To improve your workflow, you can create a {% data variables.product.prodname_github_app %} that contains multiple scripts or an entire application, and then connect that app to many other tools. For example, you can connect {% data variables.product.prodname_github_apps %} to GitHub, Slack, other in-house apps you may have, email programs, or other APIs.

Keep these ideas in mind when creating {% data variables.product.prodname_github_apps %}:

{% ifversion fpt or ghec %}

• {% data reusables.apps.maximum-github-apps-allowed %} {% endif %}

• A {% data variables.product.prodname_github_app %} should take actions independent of a user (unless the app is using a user access token). {% data reusables.apps.expiring_user_authorization_tokens %}

• Make sure the {% data variables.product.prodname_github_app %} integrates with specific repositories.

• The {% data variables.product.prodname_github_app %} should connect to a personal account or an organization.

• Don't expect the {% data variables.product.prodname_github_app %} to know and do everything a user can.

• Don't use a {% data variables.product.prodname_github_app %} if you just need a "Login with GitHub" service. But a {% data variables.product.prodname_github_app %} can generate a user access token to log users in and do other things.

• Don't build a {% data variables.product.prodname_github_app %} if you only want to act as a GitHub user and do everything that user can do.{% ifversion fpt or ghec %}

• {% data reusables.apps.general-apps-restrictions %}{% endif %}

To begin developing {% data variables.product.prodname_github_apps %}, start with "AUTOTITLE."{% ifversion fpt or ghec %} To learn how to use {% data variables.product.prodname_github_app %} Manifests, which allow people to create preconfigured {% data variables.product.prodname_github_apps %}, see "AUTOTITLE."{% endif %}

About {% data variables.product.prodname_oauth_apps %}

OAuth2 is a protocol that lets external applications request authorization to private details in a user's {% data variables.product.prodname_dotcom %} account without accessing their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data and can be revoked by users at any time.

{% data reusables.apps.deletes_ssh_keys %}

An {% data variables.product.prodname_oauth_app %} uses {% data variables.product.prodname_dotcom %} as an identity provider to authenticate as the user who grants access to the app. This means when a user grants an {% data variables.product.prodname_oauth_app %} access, they grant permissions to all repositories they have access to in their account, and also to any organizations they belong to that haven't blocked third-party access.

Building an {% data variables.product.prodname_oauth_app %} is a good option if you are creating more complex processes than a simple script can handle. Note that {% data variables.product.prodname_oauth_apps %} are applications that need to be hosted somewhere.

Keep these ideas in mind when creating {% data variables.product.prodname_oauth_apps %}:

{% ifversion fpt or ghec %}

• {% data reusables.apps.maximum-oauth-apps-allowed %} {% endif %}
• An {% data variables.product.prodname_oauth_app %} should always act as the authenticated {% data variables.product.prodname_dotcom %} user across all of {% data variables.product.prodname_dotcom %} (for example, when providing user notifications).
• An {% data variables.product.prodname_oauth_app %} can be used as an identity provider by enabling a "Login with {% data variables.product.prodname_dotcom %}" for the authenticated user.
• Don't build an {% data variables.product.prodname_oauth_app %} if you want your application to act on a single repository. With the repo OAuth scope, {% data variables.product.prodname_oauth_apps %} can act on all of the authenticated user's repositories.
• Don't build an {% data variables.product.prodname_oauth_app %} to act as an application for your team or company. {% data variables.product.prodname_oauth_apps %} authenticate as a single user, so if one person creates an {% data variables.product.prodname_oauth_app %} for a company to use, and then they leave the company, no one else will have access to it.{% ifversion fpt or ghec %}
• {% data reusables.apps.oauth-apps-restrictions %}{% endif %}

For more on {% data variables.product.prodname_oauth_apps %}, see "AUTOTITLE" and "AUTOTITLE."

{% data variables.product.pat_generic_caps %}s

A {% data variables.product.pat_generic %} is a string of characters that functions similarly to an OAuth token in that you can specify its permissions via scopes. A {% data variables.product.pat_generic %} is also similar to a password, but you can have many of them and you can revoke access to each one at any time.

As an example, you can enable a {% data variables.product.pat_generic %} to write to your repositories. If then you run a curl command or write a script that creates an issue in your repository, you would pass the {% data variables.product.pat_generic %} to authenticate. You can store the {% data variables.product.pat_generic %} as an environment variable to avoid typing it every time you use it.

Keep these ideas in mind when using {% data variables.product.pat_generic %}s:

• Remember to use this token to represent yourself only.
• You can perform one-off curl requests.
• You can run personal scripts.
• Don't set up a script for your whole team or company to use.
• Don't set up a shared personal account to act as a bot user.
• Grant your token the minimal privileges it needs.
• Set an expiration for your {% data variables.product.pat_generic %}s, to help keep your information secure.

Determining which integration to build

Before you get started creating integrations, you need to determine the best way to access, authenticate, and interact with the {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} APIs.

To decide whether to use {% data variables.product.pat_generic %}s, {% data variables.product.prodname_github_apps %}, or {% data variables.product.prodname_oauth_apps %} for your integration, consider these questions about how your integration needs to behave and what it needs to access:

• Will my integration act only as me, or will it act more like an application?
• Do I want it to act independently of me as its own entity?
• Will it access everything that I can access, or do I want to limit its access?
• Is it simple or complex? For example, {% data variables.product.pat_generic %}s are good for simple scripts and curl commands, whereas an {% data variables.product.prodname_oauth_app %} can handle more complex scripting.

If the integration will act only as you, but you want to limit its access, use a {% data variables.product.prodname_github_app %} or a {% data variables.product.pat_v2 %}.

If the integration will act more like an application, consider whether you want the integration to act independently of you as its own entity. If so, use a {% data variables.product.prodname_github_app %}.

Requesting support

{% data reusables.support.help_resources %}