GitHub App Permissions

Note: To access the API with your GitHub App, you must provide a custom media type in the Accept Header for your requests.

application/vnd.github.machine-man-preview+json

Warning: The API may change without advance notice during the preview period. Preview features are not supported for production use. If you experience any issues, contact GitHub Support.

GitHub Apps are created with a set of permissions. These define what resources the GitHub App can access via the API. For more information, see "Permissions for GitHub Apps."

Metadata permissions

GitHub Apps have the Read-only metadata permission by default. The metadata permission provides access to a collection of read-only endpoints with metadata for various resources. These endpoints do not leak sensitive private repository information.

If you set the metadata permission to No access and select a permission that requires repository access, GitHub will override your selection and set the metadata permission back to Read-only. Setting all permissions that require repository access back to No access will allow you to set the metadata permission to No access.

Collaborators

Commit comments

Events

Git

Keys

Organization members

Search

Permission on "administration"

Branches

Collaborators

Invitations

Keys

Teams

Traffic

Permission on "blocking"

Permission on "checks"

Permission on "contents"

Branches

Commit comments

Git

Import

Releases

Permission on "deployments"

Permission on "emails"

Permission on "followers"

Permission on "gpg keys"

Permission on "issues"

Issues and pull requests are closely related. If your GitHub App has permissions on issues but not on pull requests, these endpoints will be limited to issues. Endpoints that return both issues and pull requests will be filtered. Endpoints that allow operations on both issues and pull requests will be restricted to issues.

Assignees

Events

Labels

Milestones

Permission on "keys"

Keys

Permission on "members"

Invitations

Organization members

Team members

Teams

Permission on "organization administration"

Permission on "organization hooks"

Permission on "organization projects"

Teams

Permission on "organization user blocking"

Permission on "pages"

Permission on "pull requests"

Issues and pull requests are closely related. If your GitHub App has permissions on pull requests but not on issues, these endpoints will be limited to pull requests. Endpoints that return both pull requests and issues will be filtered. Endpoints that allow operations on both pull requests and issues will be restricted to pull requests.

Assignees

Events

Labels

Milestones

Requested reviewers

Reviews

Permission on "repository hooks"

Permission on "repository projects"

Teams

Permission on "single file"

Permission on "starring"

Permission on "statuses"

Permission on "team discussions"