Skip to main content

This version of GitHub Enterprise was discontinued on 2023-07-06. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Rate limits for GitHub Apps

Rate limits restrict the rate of traffic to your GitHub Enterprise Server instance, to help ensure consistent access for all users.

About rate limits for GitHub Apps

Rate limits are disabled by default for GitHub Enterprise Server. Contact your site administrator to confirm the rate limits for your instance.

When rate limits are enabled for your GitHub Enterprise Server instance, there is a limit on the number of requests a GitHub App can send to the server within a specific time period. This limit helps to ensure the system remains available for all users.

Determining rate limits for a GitHub App

You can confirm your current rate limit status at any time using the REST API. For more information, see "Resources in the REST API."

Rate limits depend on whether the GitHub App authenticates with a user access token or with an installation access token. A user access token allows an app to act on behalf of a specific user, after the user authorizes the app. An installation access token allows an app to attribute actions to the app itself. For more information about user and installation access tokens, "About authentication with a GitHub App."

Installation access tokens

GitHub Apps authenticating with an installation access token use the installation's minimum rate limit of 5,000 requests per hour. If an application is installed on an organization with more than 20 users, the application receives another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.

User access tokens

By default, user access token requests are limited to 5,000 requests per hour and per authenticated user.

Further reading