Skip to main content

This version of GitHub Enterprise was discontinued on 2023-01-18. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Rate limits for GitHub Apps

Rate limits for GitHub Apps and OAuth Apps help control the rate of traffic to your GitHub Enterprise Server instance.

Note: The following rate limits are the default rate limits for GitHub Enterprise Server. Contact your site administrator to confirm the rate limits for your GitHub Enterprise Server instance.

Note: You can confirm your current rate limit status at any time. For more information, see "Checking your rate limit status."

Server-to-server requests

GitHub Apps making server-to-server requests use the installation's minimum rate limit of 5,000 requests per hour. If an application is installed on an organization with more than 20 users, the application receives another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.

User-to-server requests

GitHub Apps and OAuth Apps can also act on behalf of a user, making user-to-server requests after the user authorizes the app. For more information, see "Authorizing GitHub Apps" and "Authorizing OAuth Apps."

User-to-server requests from OAuth Apps are authenticated with an OAuth token. User-to-server requests from GitHub Apps are authenticated with either an OAuth token or an expiring user access token. For more information, see "Identifying and authorizing users for GitHub Apps" and "Authorizing OAuth Apps."

By default, user-to-server requests are limited to 5,000 requests per hour and per authenticated user. All requests from OAuth applications authorized by a user or a personal access token owned by the user, and requests authenticated with any of the user's authentication credentials, share the same quota of 5,000 requests per hour for that user.

Further reading