# GitHub App
## Advantages
### Security
**GitHub Apps** provide enhanced control and security compared to **OAuth**. Instead of broad scopes, **GitHub Apps** use **granular permissions**, giving administrators better control over what the app can access and perform:
* **Granular permissions** — **GitHub Apps** request only the permissions they need, unlike **OAuth** apps which rely on wider permission scopes.
* **Repository-specific access** — users or organization owners can choose which repositories the app can access, whereas **OAuth** apps gain access to all repositories available to the authorizing user.
* **Short-lived tokens** — **GitHub Apps** use tokens that expire quickly, reducing the risk of token misuse. In contrast, **OAuth** app tokens remain valid until explicitly revoked.
These features make **GitHub Apps** more suitable for organizations with strict security requirements, offering stronger protection against potential security risks.
### Rate limit
**GitHub Apps** that use **installation access tokens** are allowed initially **5,000 requests per hour**. This limit can increase under specific conditions:
* **GitHub Enterprise Cloud organizations** — installations associated with an **Enterprise Cloud** organization have a limit of **15,000 requests per hour**.
* **Scaling by repositories and users** — for installations that are not a part of an **Enterprise Cloud** organization:
* Organizations with **more than 20 repositories** receive an additional **50 requests per hour per repository**.
* Organizations with **more than 20 users** receive an additional **50 requests per hour per user**.
* The total limit is capped at **12,500 requests per hour**.
The above rules help ensure fair usage while maintaining system stability and security.
{% hint style="info" %}
Learn more about rate limits in [the official **GitHub** documentation](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-github-app-installations).
{% endhint %}
***
## Installation requirements
**GitHub Apps** can be installed in several different ways:
* **By personal accounts** — any user can install the app on their personal account.
* **By organization accounts** — organization owners can install the app for the entire organization.
* **Repository-level installations within organizations** — repository administrators can install the app for repositories they manage; provided the app does not request organization-wide permissions or require repository administration access.
* **Restricted installation** — organization owners can limit installations to outside collaborators who are repository admins.
* **Approval for non-admin members** — if a member who is neither an organization owner nor a repository admin selects an organization during the app installation process, **GitHub** will notify the organization owner to approve the installation rather than installing it directly.
***
## Installation process overview
After installing a **GitHub App**, you may also need to authorize it. Installation allows you to specify which repositories the app can access and grants it permission to use certain organizational resources, with the app showing the permissions being approved.
Authorization grants the app access to your **GitHub** account according to the requested permissions and allows it to act on your behalf.
You can install a **GitHub App** without authorizing it, or authorize it without installing, providing flexibility and control over app access and functionality.
***
## Throttling prevention
Throttling limits the number of **API** calls or operations within a given time window to prevent overuse of resources and ensure server stability. If throttling is exceeded, further requests from the client are temporarily restricted, which may extend backup times.
**GitProtect** can use up to 10 additional **GitHub Apps** to increase request limit and reduce throttling impact. You can learn more about throttling and throttling prevention methods in **RISK & COMPLIANCE MANAGEMENT** section.