GitHub sets a limit on the number of requests a GitHub App can send to the server within a specific time period. This limit helps to prevent abuse and denial-of-service attacks, and ensures that the system remains available for all users.
GitHub may apply additional secondary rate limits to some actions, to ensure API availability. You can avoid secondary rate limits by following best practices and staying within the rate limit guidelines listed below. For more information about secondary rate limits, see "Best practices for using the REST API" and "Resources in the REST API."
You can confirm your current rate limit status at any time using the REST API. For more information, see "Resources in the REST API."
The rate limits for requests made by a GitHub App depend on where the app is installed. If the app is installed on an organization or repository owned by an enterprise on GitHub.com, the rate limit will be higher than for an app that is installed outside an enterprise. For more information, see "GitHub’s plans" and "Types of GitHub accounts."
Rate limits also depend on whether the GitHub App authenticates with a user access token or with an installation access token. A user access token allows an app to act on behalf of a specific user, after the user authorizes the app. An installation access token allows an app to attribute actions to the app itself. For more information about user and installation access tokens, "About authentication with a GitHub App."
GitHub Apps authenticating with an installation access token use the installation's minimum rate limit of 5,000 requests per hour. If an application is installed on an organization with more than 20 users, the application receives another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.
GitHub Apps that are installed on an organization within an enterprise on GitHub.com are subject to a limit of 15,000 requests per hour per organization that has installed the app.
User access token requests are limited to 5,000 requests per hour and per authenticated user.
User access token requests are subject to a higher limit of 15,000 requests per hour and per authenticated user when the request is from a GitHub App that is owned by a GitHub Enterprise Cloud organization.