Understanding rate limits for GitHub Apps

Rate limits for GitHub Apps help control the rate of traffic.

Server-to-server requests

GitHub Apps making server-to-server requests use the installation's minimum rate limit of 5,000 requests per hour. Organization installations with more than 20 users receive another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.

User-to-server requests

Deprecation Notice: GitHub will discontinue password authentication to the API. You must now authenticate to the GitHub API with an API token, such as an OAuth access token, GitHub App installation access token, or personal access token, depending on what you need to do with the token. Password authentication to the API will be removed on November 13, 2020. For more information, including scheduled brownouts, see the blog post.

GitHub Apps can also act on behalf of a user, making user-to-server requests. These requests are rate limited at 5,000 requests per hour and per authenticated user. All OAuth applications authorized by that user, all of the user's personal access tokens, and all requests authenticated with that user's username and password share the same quota of 5,000 requests per hour for that user.

For more detailed information about rate limits, see "Rate limiting" for REST API v3 and "Resource limitations" for GraphQL API v4.