About GitHub App permissions
GitHub Apps are created with a set of permissions. Permissions define what resources the GitHub App can access via the API. For more information, see "Choosing permissions for a GitHub App."
Some endpoints require additional permissions. When this is the case, the "Additional permissions" column will indicate the other permissions that are required to use the endpoint.
Business permissions for "Enterprise administration"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /enterprises/{enterprise}/settings/billing/advanced-security | write | UAT IAT | ✖️ |
GET /enterprises/{enterprise}/audit-log | read | UAT IAT | ✖️ |
Organization permissions for "Administration"
Organization permissions for "Custom repository roles"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /organizations/{organization_id}/custom_roles | read | UAT IAT |
Organization permissions for "Events"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /users/{username}/events/orgs/{org} | read | UAT | ✖️ |
Organization permissions for "Members"
Organization permissions for "Organization dependabot secrets"
Organization permissions for "Projects"
Organization permissions for "Secrets"
Organization permissions for "Self-hosted runners"
Organization permissions for "Team discussions"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id} | write | UAT IAT | ✖️ |
DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id} | write | UAT IAT | ✖️ |
Organization permissions for "Webhooks"
Organization pre receive hooks permissions
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
DELETE /orgs/{org}/pre-receive-hooks/{pre_receive_hook_id} | write | UAT IAT | ✖️ |
GET /orgs/{org}/pre-receive-hooks | read | UAT IAT | ✖️ |
GET /orgs/{org}/pre-receive-hooks/{pre_receive_hook_id} | read | UAT IAT | ✖️ |
Repository permissions for "Actions"
Repository permissions for "Administration"
Repository permissions for "Checks"
Repository permissions for "Code scanning alerts"
Repository permissions for "Commit statuses"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /repos/{owner}/{repo}/statuses/{sha} | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/commits/{ref}/status | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/commits/{ref}/statuses | read | UAT IAT | ✖️ |
Repository permissions for "Contents"
Repository permissions for "Dependabot secrets"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | write | UAT IAT | ✖️ |
DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets/public-key | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name} | read | UAT IAT | ✖️ |
Repository permissions for "Deployments"
Repository permissions for "Environments"
Repository permissions for "Issues"
Repository permissions for "Metadata"
Repository permissions for "Pages"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /repos/{owner}/{repo}/pages | write | UAT IAT | |
PUT /repos/{owner}/{repo}/pages | write | UAT IAT | |
DELETE /repos/{owner}/{repo}/pages | write | UAT IAT | |
POST /repos/{owner}/{repo}/pages/builds | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pages | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pages/builds | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pages/builds/latest | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pages/builds/{build_id} | read | UAT IAT | ✖️ |
Repository permissions for "Projects"
Repository permissions for "Pull requests"
Repository permissions for "Secret scanning alerts"
Repository permissions for "Secrets"
Repository permissions for "Webhooks"
Repository permissions for "Workflows"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /repos/{owner}/{repo}/git/refs | write | UAT IAT | |
PATCH /repos/{owner}/{repo}/git/refs/{ref} | write | UAT IAT |
Repository pre receive hooks permissions
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
DELETE /repos/{owner}/{repo}/pre-receive-hooks/{pre_receive_hook_id} | write | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pre-receive-hooks | read | UAT IAT | ✖️ |
GET /repos/{owner}/{repo}/pre-receive-hooks/{pre_receive_hook_id} | read | UAT IAT | ✖️ |
User permissions for "Email addresses"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/emails | write | UAT | ✖️ |
DELETE /user/emails | write | UAT | ✖️ |
GET /user/emails | read | UAT | ✖️ |
GET /user/public_emails | read | UAT | ✖️ |
User permissions for "Followers"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/following/{username} | write | UAT | ✖️ |
DELETE /user/following/{username} | write | UAT | ✖️ |
GET /user/followers | read | UAT | ✖️ |
GET /user/following | read | UAT | ✖️ |
GET /user/following/{username} | read | UAT | ✖️ |
User permissions for "GPG keys"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/gpg_keys | write | UAT | ✖️ |
DELETE /user/gpg_keys/{gpg_key_id} | write | UAT | ✖️ |
GET /user/gpg_keys | read | UAT | ✖️ |
GET /user/gpg_keys/{gpg_key_id} | read | UAT | ✖️ |
User permissions for "Gists"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /gists | write | UAT | |
PATCH /gists/{gist_id} | write | UAT | |
DELETE /gists/{gist_id} | write | UAT | |
POST /gists/{gist_id}/comments | write | UAT | |
PATCH /gists/{gist_id}/comments/{comment_id} | write | UAT | |
DELETE /gists/{gist_id}/comments/{comment_id} | write | UAT | |
POST /gists/{gist_id}/forks | write | UAT | |
PUT /gists/{gist_id}/star | write | UAT | |
DELETE /gists/{gist_id}/star | write | UAT |
User permissions for "Git SSH keys"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
POST /user/keys | write | UAT | ✖️ |
DELETE /user/keys/{key_id} | write | UAT | ✖️ |
GET /user/keys | read | UAT | ✖️ |
GET /user/keys/{key_id} | read | UAT | ✖️ |
GET /users/{username}/keys | read | UAT IAT | ✖️ |
User permissions for "Notifications"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /notifications | read | UAT |
User permissions for "Profile"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PATCH /user | write | UAT | ✖️ |
User permissions for "Starring"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
PUT /user/starred/{owner}/{repo} | write | UAT | ✖️ |
DELETE /user/starred/{owner}/{repo} | write | UAT | ✖️ |
GET /user/starred | read | UAT | ✖️ |
GET /user/starred/{owner}/{repo} | read | UAT | ✖️ |
GET /users/{username}/starred | read | UAT IAT | ✖️ |
User permissions for "Watching"
Endpoint | Access | Token types | Additional permissions |
---|---|---|---|
GET /user/subscriptions | read | UAT | ✖️ |
GET /users/{username}/subscriptions | read | UAT IAT | ✖️ |