Managing allowed IP addresses for a GitHub App

You can add an IP allow list to your GitHub App to prevent your app from being blocked by an organization's own allow list.

About IP address allow lists for GitHub Apps

Enterprise and organization owners can restrict access to assets by configuring an IP address allow list. This list specifies the IP addresses that are allowed to connect. For more information, see "Enforcing policies for security settings in your enterprise."

When an organization has an allow list, third-party applications that connect via a GitHub App will be denied access unless both of the following are true:

  • The creator of the GitHub App has configured an allow list for the application that specifies the IP addresses at which their application runs. See below for details of how to do this.
  • The organization owner has chosen to permit the addresses in the GitHub App's allow list to be added to their own allow list. For more information, see "Managing allowed IP addresses for your organization."

Note: The addresses in the IP allow list of a GitHub App only affect requests made by installations of the GitHub App. The automatic addition of a GitHub App's IP address to an organization's allow list does not allow access to a GitHub user who connects from that IP address.

Adding an IP address allow list to a GitHub App

  1. Navigate to your account settings.
    • For a GitHub App owned by a user account, in the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
    • For a GitHub App owned by an organization, in the upper-right corner of any page, click your profile photo, then click Your organizations. Then, to the right of the organization, click Settings. Your organizations in the profile menu The settings button
  2. In the left sidebar, click Developer settings. Developer settings section
  3. In the left sidebar, click GitHub Apps. GitHub Apps section
  4. To the right of the GitHub App you want to modify, click Edit. App selection
  5. Scroll down to the "IP allow list" section. Basic information section for your GitHub App
  6. At the bottom of the "IP allow list" section, enter an IP address, or a range of addresses in CIDR notation. Key field to add IP address
  7. Optionally, enter a description of the allowed IP address or range. Key field to add name for IP address The description is for your reference and is not used in the allow list of organizations where the GitHub App is installed. Instead, organization allow lists will include "Managed by the NAME GitHub App" as the description.
  8. Click Add. Add allowed ip address button

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.