About rate limits for GitHub Apps
GitHub sets a limit on the number of requests a GitHub App can send to the server within a specific time period. This limit helps to prevent abuse and denial-of-service attacks, and ensures that the system remains available for all users.
Determining rate limits for a GitHub App
You can confirm your current rate limit status at any time using the REST API. For more information, see "Resources in the REST API."
Rate limits depend on whether the GitHub App authenticates with a user access token or with an installation access token. A user access token allows an app to act on behalf of a specific user, after the user authorizes the app. An installation access token allows an app to attribute actions to the app itself. For more information about user and installation access tokens, "About authentication with a GitHub App."
Installation access tokens
GitHub Apps authenticating with an installation access token use the installation's minimum rate limit of 5,000 requests per hour. If an application is installed on an organization with more than 20 users, the application receives another 50 requests per hour for each user. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.
User access tokens
User access token requests are limited to 15,000 requests per hour and per authenticated user.
Further reading
- "Resources in the REST API" in the REST API documentation
- "Resource limitations" in the GraphQL API documentation