Skip to main content

Permissions required for GitHub Apps

You can find the required permissions for each GitHub App-compatible endpoint.

About GitHub App permissions

GitHub Apps are created with a set of permissions. Permissions define what resources the GitHub App can access via the API. For more information, see "Setting permissions for GitHub Apps."

Metadata

GitHub Apps have the Read-only metadata permission by default. The metadata permission provides access to a collection of read-only endpoints with metadata for various resources. These endpoints do not leak sensitive private repository information.

If you set the metadata permission to No access and select a permission that requires repository access, GitHub will override your selection and set the metadata permission back to Read-only. To set the metadata permission to No access, you must set all permissions that require repository access to No access first.

Collaborators

Commit comments

Events

Git

Organization members

SSH keys

Actions

Administration

Branches

Collaborators

Invitations

SSH keys

Teams

Traffic

Blocking users

Checks

Code scanning alerts

Codespaces

Commit statuses

Contents

Branches

Commit comments

Git

Import

Reactions

Releases

Dependabot alerts

Dependabot secrets

Deployments

Email addresses

Followers

Git SSH keys

GPG keys

Interaction limits

Issues

Issues and pull requests are closely related. For more information, see "List issues assigned to the authenticated user." If your GitHub App has permissions on issues but not on pull requests, these endpoints will be limited to issues. Endpoints that return both issues and pull requests will be filtered. Endpoints that allow operations on both issues and pull requests will be restricted to issues.

Assignees

Events

Labels

Milestones

Reactions

Members

Invitations

Organization members

Team members

Teams

Organization administration

Organization events

Organization projects

Organization user blocking

Organization webhooks

Teams

Pages

GitHub Pages can only be created or unpublished by a repository owner or administrator.

Profile

Pull requests

Pull requests and issues are closely related. If your GitHub App has permissions on pull requests but not on issues, these endpoints will be limited to pull requests. Endpoints that return both pull requests and issues will be filtered. Endpoints that allow operations on both pull requests and issues will be restricted to pull requests.

Assignees

Events

Labels

Milestones

Reactions

Requested reviewers

Reviews

Repository projects

Teams

Repository webhooks

Secrets

Secret scanning alerts

Self-hosted runners

Single file

Starring

Team discussions