About rate limits for OAuth Apps
GitHub sets a limit on the number of requests an OAuth App can send to the server within a specific time period. This limit helps to prevent abuse and denial-of-service attacks, and ensures that the system remains available for all users.
GitHub may apply additional secondary rate limits to some actions, to ensure API availability. You can avoid secondary rate limits by following best practices and staying within the rate limit guidelines listed below. For more information about secondary rate limits, see "Best practices for integrators" and "Resources in the REST API."
OAuth Apps act on behalf of a user, by making requests with a user access token after the user authorizes the app. User access token requests from OAuth Apps are authenticated with an OAuth token. For more information, see "Authorizing OAuth Apps."
Determining rate limits for an OAuth App
You can confirm your current rate limit status at any time using the REST API. For more information, see "Resources in the REST API."
OAuth Apps are limited to 5,000 requests per hour and per authenticated user. All requests from OAuth Apps that are authorized by a user or a personal access token owned by the user, and requests authenticated with any of the user's authentication credentials, share the same quota of 5,000 requests per hour for that user.
OAuth Apps are subject to a higher limit of 15,000 requests per hour and per authenticated user when both of the following are true:
- The request is from an OAuth App that's owned or approved by a GitHub Enterprise Cloud organization.
- The authenticated user is a member of the GitHub Enterprise Cloud organization.
For more information about rate limits, see "Resources in the REST API" and "Rate limit" in the REST API documentation.
- "Resource limitations" in the GraphQL API documentation