Rate limits for GitHub Apps

Rate limits for GitHub Apps help control the rate of traffic.

In this article

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Server-to-server requests

GitHub Apps making server-to-server requests use the installation's minimum rate limit of 5,000 requests per hour. Organization installations with more than 20 users receive another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.

User-to-server requests

Deprecation Notice: GitHub will discontinue password authentication to the API. You must now authenticate to the GitHub API with an API token, such as an OAuth access token, GitHub App installation access token, or personal access token, depending on what you need to do with the token. For more information, see the blog post.

Authenticating to the API using a password is currently available and not yet deprecated in GitHub Enterprise Server. GitHub will announce the deprecation and provide advanced notice before removing support for this feature.

GitHub Apps can also act on behalf of a user, making user-to-server requests.

User-to-server requests are rate limited at 5,000 requests per hour and per authenticated user. All OAuth applications authorized by that user, personal access tokens owned by that user, and requests authenticated with that user's username and password share the same quota of 5,000 requests per hour for that user.

For more detailed information about rate limits, see "Rate limiting" for REST API and "Resource limitations" for GraphQL API.

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.