About GitHub App permissions
GitHub Apps are created with a set of permissions. Permissions define what resources the GitHub App can access via the API. For more information, see "Choosing permissions for a GitHub App."
To help you choose the correct permissions, you will receive the X-Accepted-GitHub-Permissions
header in the REST API response. The header will tell you what permissions are required in order to access the endpoint. For more information, see "Troubleshooting."
Some endpoints require additional permissions. When this is the case, the "Additional permissions" column will indicate the other permissions that are required to use the endpoint.
Business permissions for "Enterprise administration"
Organization permissions for "Administration"
Organization permissions for "Blocking users"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /orgs/{org}/blocks/{username} | write | UAT IAT | ✖️ |
DELETE /orgs/{org}/blocks/{username} | write | UAT IAT | ✖️ |
GET /orgs/{org}/blocks | read | UAT IAT | ✖️ |
GET /orgs/{org}/blocks/{username} | read | UAT IAT | ✖️ |
Organization permissions for "Custom repository roles"
Organization permissions for "Events"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /users/{username}/events/orgs/{org} | read | UAT | ✖️ |
Organization permissions for "GitHub Copilot for Business"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /orgs/{org}/copilot/billing | write | UAT IAT | ✖️ |
GET /orgs/{org}/copilot/billing/seats | write | UAT IAT | ✖️ |
POST /orgs/{org}/copilot/billing/selected_teams | write | UAT IAT | ✖️ |
Organization permissions for "Members"
Organization permissions for "Organization announcement banners"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PATCH /orgs/{org}/announcement | write | UAT IAT | ✖️ |
DELETE /orgs/{org}/announcement | write | UAT IAT | ✖️ |
GET /orgs/{org}/announcement | read | UAT IAT | ✖️ |
Organization permissions for "Organization codespaces secrets"
Organization permissions for "Organization codespaces settings"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /orgs/{org}/codespaces/access | write | UAT IAT | ✖️ |
POST /orgs/{org}/codespaces/access/selected_users | write | UAT IAT | ✖️ |
DELETE /orgs/{org}/codespaces/access/selected_users | write | UAT IAT | ✖️ |
Organization permissions for "Organization codespaces"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name} | write | UAT IAT | |
POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop | write | UAT IAT | |
GET /orgs/{org}/codespaces | read | UAT IAT | |
GET /orgs/{org}/members/{username}/codespaces | read | UAT IAT |
Organization permissions for "Organization dependabot secrets"
Organization permissions for "Personal access token requests"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /orgs/{org}/personal-access-token-requests | write | UAT IAT | ✖️ |
POST /orgs/{org}/personal-access-token-requests/{pat_request_id} | write | UAT IAT | ✖️ |
GET /orgs/{org}/personal-access-token-requests | read | UAT IAT | ✖️ |
GET /orgs/{org}/personal-access-token-requests/{pat_request_id}/repositories | read | UAT IAT | ✖️ |
Organization permissions for "Personal access tokens"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /orgs/{org}/personal-access-tokens | write | UAT IAT | ✖️ |
POST /orgs/{org}/personal-access-tokens/{pat_id} | write | UAT IAT | ✖️ |
GET /orgs/{org}/personal-access-tokens | read | UAT IAT | ✖️ |
GET /orgs/{org}/personal-access-tokens/{pat_id}/repositories | read | UAT IAT | ✖️ |
Organization permissions for "Projects"
Organization permissions for "Secrets"
Organization permissions for "Self-hosted runners"
Organization permissions for "Team discussions"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id} | write | UAT IAT | ✖️ |
DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id} | write | UAT IAT | ✖️ |
Organization permissions for "Variables"
Organization permissions for "Webhooks"
Repository permissions for "Actions"
Repository permissions for "Administration"
Repository permissions for "Checks"
Repository permissions for "Code scanning alerts"
Repository permissions for "Codespaces lifecycle admin"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop | write | UAT IAT | |
POST /user/codespaces/{codespace_name}/exports | write | UAT | ✖️ |
POST /user/codespaces/{codespace_name}/start | write | UAT | ✖️ |
POST /user/codespaces/{codespace_name}/stop | write | UAT | ✖️ |
GET /user/codespaces/{codespace_name}/exports/{export_id} | read | UAT | ✖️ |
Repository permissions for "Codespaces metadata"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /repos/{owner}/{repo}/codespaces/devcontainers | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/codespaces/machines | read | UAT IAT | ✖️ |
GET /user/codespaces/{codespace_name}/machines | read | UAT | ✖️ |
Repository permissions for "Codespaces secrets"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /repos/{owner}/{repo}/codespaces/secrets | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/codespaces/secrets/public-key | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name} | write | UAT IAT | ✖️ |
PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name} | write | UAT IAT | |
DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name} | write | UAT IAT |
Repository permissions for "Codespaces"
Repository permissions for "Commit statuses"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /repos/{owner}/{repo}/statuses/{sha} | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/commits/{ref}/status | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/commits/{ref}/statuses | read | UAT IAT | ✖️ |
Repository permissions for "Contents"
Repository permissions for "Dependabot alerts"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number} | write | UAT IAT | ✖️ |
GET /orgs/{org}/dependabot/alerts | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/alerts | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number} | read | UAT IAT | ✖️ |
Repository permissions for "Dependabot secrets"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | write | UAT IAT | ✖️ |
DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets/public-key | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | read | UAT IAT | ✖️ |
Repository permissions for "Deployments"
Repository permissions for "Environments"
Repository permissions for "Issues"
Repository permissions for "Metadata"
Repository permissions for "Pages"
Repository permissions for "Projects"
Repository permissions for "Pull requests"
Repository permissions for "Repository security advisories"
Repository permissions for "Secret scanning alerts"
Repository permissions for "Secrets"
Repository permissions for "Variables"
Repository permissions for "Webhooks"
Repository permissions for "Workflows"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /repos/{owner}/{repo}/git/refs | write | UAT IAT | |
PATCH /repos/{owner}/{repo}/git/refs/{ref} | write | UAT IAT |
User permissions for "Block another user"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/blocks/{username} | write | UAT | ✖️ |
DELETE /user/blocks/{username} | write | UAT | ✖️ |
GET /user/blocks | read | UAT | ✖️ |
GET /user/blocks/{username} | read | UAT | ✖️ |
User permissions for "Codespaces user secrets"
User permissions for "Email addresses"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PATCH /user/email/visibility | write | UAT | ✖️ |
POST /user/emails | write | UAT | ✖️ |
DELETE /user/emails | write | UAT | ✖️ |
GET /user/emails | read | UAT | ✖️ |
GET /user/public_emails | read | UAT | ✖️ |
User permissions for "Followers"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/following/{username} | write | UAT | ✖️ |
DELETE /user/following/{username} | write | UAT | ✖️ |
GET /user/followers | read | UAT | ✖️ |
GET /user/following | read | UAT | ✖️ |
GET /user/following/{username} | read | UAT | ✖️ |
User permissions for "GPG keys"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/gpg_keys | write | UAT | ✖️ |
DELETE /user/gpg_keys/{gpg_key_id} | write | UAT | ✖️ |
GET /user/gpg_keys | read | UAT | ✖️ |
GET /user/gpg_keys/{gpg_key_id} | read | UAT | ✖️ |
User permissions for "Gists"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /gists | write | UAT | |
PATCH /gists/{gist_id} | write | UAT | |
DELETE /gists/{gist_id} | write | UAT | |
POST /gists/{gist_id}/comments | write | UAT | |
PATCH /gists/{gist_id}/comments/{comment_id} | write | UAT | |
DELETE /gists/{gist_id}/comments/{comment_id} | write | UAT | |
POST /gists/{gist_id}/forks | write | UAT | |
PUT /gists/{gist_id}/star | write | UAT | |
DELETE /gists/{gist_id}/star | write | UAT |
User permissions for "Git SSH keys"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/keys | write | UAT | ✖️ |
DELETE /user/keys/{key_id} | write | UAT | ✖️ |
GET /user/keys | read | UAT | ✖️ |
GET /user/keys/{key_id} | read | UAT | ✖️ |
GET /users/{username}/keys | read | UAT IAT | ✖️ |
User permissions for "Interaction limits"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/interaction-limits | write | UAT | ✖️ |
DELETE /user/interaction-limits | write | UAT | ✖️ |
GET /user/interaction-limits | read | UAT | ✖️ |
User permissions for "Notifications"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /notifications | read | UAT |
User permissions for "Plan"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /users/{username}/settings/billing/actions | read | UAT | ✖️ |
GET /users/{username}/settings/billing/packages | read | UAT | ✖️ |
GET /users/{username}/settings/billing/shared-storage | read | UAT | ✖️ |
User permissions for "Profile"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PATCH /user | write | UAT | ✖️ |
POST /user/social_accounts | write | UAT | ✖️ |
DELETE /user/social_accounts | write | UAT | ✖️ |
User permissions for "SSH signing keys"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/ssh_signing_keys | write | UAT | ✖️ |
DELETE /user/ssh_signing_keys/{ssh_signing_key_id} | write | UAT | ✖️ |
GET /user/ssh_signing_keys | read | UAT | ✖️ |
GET /user/ssh_signing_keys/{ssh_signing_key_id} | read | UAT | ✖️ |
User permissions for "Starring"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/starred/{owner}/{repo} | write | UAT | ✖️ |
DELETE /user/starred/{owner}/{repo} | write | UAT | ✖️ |
GET /user/starred | read | UAT | ✖️ |
GET /user/starred/{owner}/{repo} | read | UAT | ✖️ |
GET /users/{username}/starred | read | UAT IAT | ✖️ |
User permissions for "Watching"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /user/subscriptions | read | UAT | ✖️ |
GET /users/{username}/subscriptions | read | UAT IAT | ✖️ |