GitHub App Permissions

GitHub Apps are created with a set of permissions. These define what resources the GitHub App can access via the API.

In order to access the API with your GitHub App, you must provide a custom media type in the Accept Header for your requests.

application/vnd.github.machine-man-preview+json

Metadata permissions

These permissions are enabled for every app. These permissions are a collection of read only endpoints for accessing metadata for various resources that do not leak sensitive private repository information.

  • GET /search/repositories
  • GET /repositories/:repository_id/collaborators
  • POST /installations/:installation_id/access_tokens
  • GET /repositories/:repository_id
  • GET /repositories/:repository_id/collaborators/:collab
  • GET /repositories/:repository_id/comments
  • GET /repositories/:repository_id/commits/*/comments
  • GET /repositories/:repository_id/comments/:id
  • GET /repositories/:repository_id/commits
  • GET /repositories/:repository_id/commits/*
  • GET /repositories/:repository_id/contributors
  • GET /repositories/:repository_id/forks
  • GET /repositories/:repository_id/subscribers
  • GET /repositories/:repository_id/stargazers
  • GET /repositories/:repository_id/watchers
  • GET /repositories/:repository_id/license
  • GET /repositories/:repository_id/stats/contributors
  • GET /repositories/:repository_id/stats/commit_activity
  • GET /repositories/:repository_id/stats/code_frequency
  • GET /repositories/:repository_id/stats/punch_card
  • GET /repositories/:repository_id/stats/participation
  • GET /repositories/:repository_id/tags
  • GET /repositories/:repository_id/languages
  • GET /rate_limit
  • GET /hooks
  • GET /hooks/:name
  • GET /search/users
  • GET /search/code
  • GET /repositories
  • GET /licenses
  • GET /licenses/:license
  • GET /user/:user_id/orgs
  • GET /organizations
  • GET /users
  • GET /user/:user_id
  • GET /user/:user_id/keys
  • GET /user/:user_id/received_events
  • GET /user/:user_id/events
  • GET /events
  • GET /organizations/:organization_id/events
  • GET /user/:user_id/received_events/public
  • GET /user/:user_id/events/public
  • GET /repos/:owner/:repo/comments/:id/reactions

Permission on "contents"

  • GET /repositories/:repository_id/branches/* (:read)
  • GET /repositories/:repository_id/compare/* (:read)
  • GET /repositories/:repository_id/branches (:read)
  • PATCH /repositories/:repository_id/branches/* (:write)
  • PUT /repositories/:repository_id/pulls/:id/merge (:write)
  • POST /repositories/:repository_id/merges (:write)
  • GET /repositories/:repository_id/readme (:read)
  • GET /repositories/:repository_id/contents/?* (:read)
  • PUT /repositories/:repository_id/contents/(.+) (:write)
  • DELETE /repositories/:repository_id/contents/(.+) (:write)
  • GET /repositories/:repository_id/tarball/?*? (:read)
  • GET /repositories/:repository_id/zipball/?*? (:read)

releases

  • GET /repositories/:repository_id/releases (:read)
  • GET /repositories/:repository_id/releases/latest (:read)
  • GET /repositories/:repository_id/releases/tags/* (:read)
  • GET /repositories/:repository_id/releases/:id (:read)
  • GET /repositories/:repository_id/releases/:id/assets (:read)
  • GET /repositories/:repository_id/releases/assets/:id (:read)
  • DELETE /repositories/:repository_id/releases/:id (:write)
  • PATCH /repositories/:repository_id/releases/:id (:write)
  • POST /repositories/:repository_id/releases/:id (:write)
  • POST /repositories/:repository_id/releases (:write)
  • PATCH /repositories/:repository_id/releases/assets/:id (:write)
  • POST /repositories/:repository_id/releases/assets/:id (:write)
  • DELETE /repositories/:repository_id/releases/assets/:id (:write)

RepoCommitComments

  • POST /repositories/:repository_id/commits/*/comments (:write)
  • PATCH /repositories/:repository_id/comments/:id (:write)
  • POST /repositories/:repository_id/comments/:id (:write)

Permission on "single file"

  • GET /repos/:owner/:repo/contents/:path (:read)
  • PUT /repos/:owner/:repo/contents/:path (:write)
  • DELETE /repos/:owner/:repo/contents/:path (:write)

Permission on "administration"

  • GET /repositories/:repository_id/teams (:read)
  • PUT /repositories/:repository_id/collaborators/:collab (:write)
  • DELETE /repositories/:repository_id/collaborators/:collab (:write)
  • PATCH /repositories/:repository_id (:write)
  • DELETE /repositories/:repository_id (:write)
  • GET /repositories/:repository_id/branches/:branch/protection/required_status_checks (:read)
  • GET /repositories/:repository_id/branches/:branch/protection/required_status_checks/contexts (:read)

Permission on "issues"

  • GET /repositories/:repository_id/issues/:id/comments (:read) [A]
  • POST /repositories/:repository_id/issues (:write)
  • GET /repositories/:repository_id/milestones (:read)
  • POST /repositories/:repository_id/issues/:id/comments (:write) [A]
  • PATCH /repositories/:repository_id/issues/:id (:write) [A]
  • GET /repositories/:repository_id/issues (:read) [B]
  • GET /repositories/:repository_id/issues/:id (:read) [A]
  • GET /search/issues

manage issues

  • POST /repositories/:repository_id/issues/:id (:write)

events

  • GET /repositories/:repository_id/issues/:id/events (:read) [A]
  • GET /repositories/:repository_id/issues/events (:read) [B]
  • GET /repositories/:repository_id/issues/events/:id (:read) [B]

assignees

  • GET /repositories/:repository_id/assignees (:read)
  • GET /repositories/:repository_id/assignees/:assignee (:read)

labels

  • GET /repositories/:repository_id/labels (:read)
  • GET /repositories/:repository_id/labels/* (:read)
  • GET /repositories/:repository_id/issues/:id/labels (:read) [A]
  • POST /repositories/:repository_id/labels (:write)
  • PATCH /repositories/:repository_id/labels/* (:write)
  • POST /repositories/:repository_id/labels/* (:write)
  • DELETE /repositories/:repository_id/labels/* (:write)
  • POST /repositories/:repository_id/issues/:id/labels (:write) [A]
  • DELETE /repositories/:repository_id/issues/:id/labels/* (:write) [A]
  • PUT /repositories/:repository_id/issues/:id/labels (:write) [A]
  • DELETE /repositories/:repository_id/issues/:id/labels (:write) [A]

milestones

  • GET /repositories/:repository_id/milestones (:read)
  • GET /repositories/:repository_id/milestones/:id (:read)
  • GET /repositories/:repository_id/milestones/:id/labels (:read)
  • POST /repositories/:repository_id/milestones (:write)
  • PATCH /repositories/:repository_id/milestones/:id (:write)
  • POST /repositories/:repository_id/milestones/:id (:write)
  • DELETE /repositories/:repository_id/milestones/:id (:write)

issue comments

  • GET /repositories/:repository_id/issues/comments (:read) [B]
  • POST /repositories/:repository_id/issues/comments (:write) [B]
  • GET /repositories/:repository_id/issues/comments/:id (:read) [B]
  • PATCH /repositories/:repository_id/issues/comments/:id (:write) [B]
  • POST /repositories/:repository_id/issues/comments/:id (:write) [B]
  • DELETE /repositories/:repository_id/issues/comments/:id (:write) [B]

reactions

  • GET /repos/:owner/:repo/issues/:number/reactions (:read)
  • GET /repos/:owner/:repo/issues/comments/:id/reactions (:read)

Permission on "pull requests"

  • GET /repositories/:repository_id/pulls (:read)
  • GET /repositories/:repository_id/pulls/:id (:read)
  • GET /repositories/:repository_id/pulls/:id/files (:read)
  • GET /repositories/:repository_id/issues/:id/comments (:read) [A]
  • GET /repositories/:repository_id/milestones (:read)
  • POST /repositories/:repository_id/issues/:id/comments (:write) [A]
  • GET /repositories/:repository_id/pulls/:id/merge (:read)
  • GET /repositories/:repository_id/pulls/:id/commits (:read)

PR comments

  • GET /repositories/:repository_id/pulls/comments (:read)
  • POST /repositories/:repository_id/pulls/comments (:write) [B]
  • GET /repositories/:repository_id/pulls/:id/comments (:read)
  • GET /repositories/:repository_id/pulls/comments/:id (:read)
  • POST /repositories/:repository_id/pulls/:id/comments (:write)
  • PATCH /repositories/:repository_id/pulls/comments/:id (:write)
  • POST /repositories/:repository_id/pulls/comments/:id (:write)
  • DELETE /repositories/:repository_id/pulls/comments/:id (:write)

PR reviews

  • GET /repositories/:repository_id/pulls/:number/reviews (:read)
  • POST /repositories/:repository_id/pulls/:number/reviews (:write)
  • GET /repositories/:repository_id/pulls/:number/reviews/:id (:read)
  • GET /repositories/:repository_id/pulls/:number/reviews/:id/comments (:read)

manage PRs

  • POST /repositories/:repository_id/pulls (:write)
  • PATCH /repositories/:repository_id/pulls/:id (:write)

events

  • GET /repositories/:repository_id/issues/:id/events (:read) [A]
  • GET /repositories/:repository_id/issues/events (:read) [B]
  • GET /repositories/:repository_id/issues/events/:id (:read) [B]

assignees

  • GET /repositories/:repository_id/assignees (:read)
  • GET /repositories/:repository_id/assignees/:assignee (:read)

labels

  • GET /repositories/:repository_id/labels (:read)
  • GET /repositories/:repository_id/labels/* (:read)
  • GET /repositories/:repository_id/issues/:id/labels (:read) [A]
  • POST /repositories/:repository_id/labels (:write)
  • PATCH /repositories/:repository_id/labels/* (:write)
  • POST /repositories/:repository_id/labels/* (:write)
  • DELETE /repositories/:repository_id/labels/* (:write)
  • POST /repositories/:repository_id/issues/:id/labels (:write) [A]
  • DELETE /repositories/:repository_id/issues/:id/labels/* (:write) [A]
  • PUT /repositories/:repository_id/issues/:id/labels (:write) [A]
  • DELETE /repositories/:repository_id/issues/:id/labels (:write) [A]

milestones

  • GET /repositories/:repository_id/milestones (:read)
  • GET /repositories/:repository_id/milestones/:id (:read)
  • GET /repositories/:repository_id/milestones/:id/labels (:read)
  • POST /repositories/:repository_id/milestones (:write)
  • PATCH /repositories/:repository_id/milestones/:id (:write)
  • POST /repositories/:repository_id/milestones/:id (:write)
  • DELETE /repositories/:repository_id/milestones/:id (:write)

issue comments

  • GET /repositories/:repository_id/issues/comments (:read) [B]
  • GET /repositories/:repository_id/issues/comments/:id (:read) [B]
  • PATCH /repositories/:repository_id/issues/comments/:id (:write) [B]
  • POST /repositories/:repository_id/issues/comments/:id (:write) [B]
  • DELETE /repositories/:repository_id/issues/comments/:id (:write) [B]

reactions

  • GET /repos/:owner/:repo/pulls/comments/:id/reactions (:read)

Permission on "statuses"

  • POST /repositories/:repository_id/statuses/:sha (:write)
  • GET /repositories/:repository_id/statuses/* (:read)
  • GET /repositories/:repository_id/status/* (:read)

Permission on "deployments"

  • GET /repositories/:repository_id/deployments/:id (:read)
  • POST /repositories/:repository_id/deployments/:deployment_id/statuses (:write)
  • POST /repositories/:repository_id/deployments (:write)
  • GET /repositories/:repository_id/deployments/:deployment_id/statuses (:read)
  • GET /repositories/:repository_id/deployments (:read)

Permission on "pages"

  • GET /repositories/:repository_id/pages (:read)
  • GET /repositories/:repository_id/pages/builds (:read)
  • GET /repositories/:repository_id/pages/builds/latest (:read)
  • GET /repositories/:repository_id/pages/builds/:id (:read)
  • POST /repositories/:repository_id/pages/builds (:write)

Permission on "organization members"

Members

  • GET /orgs/:org/members (:read)
  • GET /orgs/:org/members/:username (:read)
  • DELETE /orgs/:org/members/:username (:write)
  • PUT /orgs/:org/memberships/:username (:write)
  • GET /orgs/:org/memberships/:username (:read)
  • DELETE /orgs/:org/memberships/:username (:write)

Teams

  • GET /orgs/:org/teams (:read)
  • GET /teams/:id (:read)
  • GET /teams/:id/members (:read)
  • GET /teams/:id/memberships/:user (:read)
  • GET /teams/:id/repos (:read)

Permission on "repository projects"

  • GET /repos/:owner/:repo/projects (:read)
  • GET /projects/:id (:read)
  • POST /repos/:owner/:repo/projects (:write)
  • PATCH /projects/:id (:write)
  • DELETE /projects/:id (:write)

Permission on "organization projects"

  • GET /orgs/:org/projects (:read)
  • GET /projects/:id (:read)
  • POST /orgs/:org/projects (:write)
  • PATCH /projects/:id (:write)
  • DELETE /projects/:id (:write)

Issues and pull requests are closely related. Endpoints for issues or pull requests are marked as either:

[A] Restricted to only allow access to a PR, if permissions are only on PRs. Restricted to only allow access to an issue, if permissions are only on issues.

[B] Filter for only Issues or PRs, if permissions are only on Issues or PRs.