User-level permissions for GitHub Apps

August 23, 2018
tarebyte

It's now possible to add user-level permissions to your GitHub App to access certain user resources, such as user emails.

User authorization

Unlike repository and organization-level permissions, which are granted at the time of installation on an organization or user account, these permissions are granted by individual users as part of the user authorization flow.

Requesting

This new type of permission can be requested just like existing repository and organization-level permissions within your GitHub App's settings.

Existing integrations

Since these permissions are granted on an individual user basis, you can add them to your existing integration without prompting administrators to upgrade their integration. You will, however, need to send existing users through the user authorization flow to authorize the new permission and get a new user-to-server token for these requests.

Note: This update only affects users of GitHub.com and future versions of GitHub Enterprise.

Feedback

If you have any questions or feedback, please let us know!

This content may be out of date. For the newest content, see the API posts on the GitHub Blog.

All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.