GitHub App overview

Why to choose GitHub App instead of OAuth?

Security

GitHub Apps provide enhanced control and security compared to OAuth apps. They use precise permissions rather than the broad scopes associated with OAuth apps, allowing for better management of what the app is allowed to do. Additionally, GitHub Apps give users or organizational owners the ability to specify which repositories an app can access, unlike OAuth apps which can access all repositories available to the authorizing user. GitHub Apps also employ short-lived tokens, minimizing potential damage from token leaks, as these tokens expire quickly. In contrast, OAuth app tokens remain valid until explicitly revoked. These security measures make GitHub Apps more suitable for organizations with stringent security requirements, ensuring better protection against potential security breaches.

Increase of the rate limit

GitHub Apps that use installation access tokens are initially allowed 5,000 requests per hour, but this can increase under certain conditions. For installations associated with a GitHub Enterprise Cloud organization, the rate limit rises to 15,000 requests per hour. If the installation isn't part of such an organization, the rate limit scales with the number of users and repositories: those with over 20 repositories get an additional 50 requests per hour per repository, and those in organizations with over 20 users also get an extra 50 requests per hour per user, up to a maximum of 12,500 requests per hour.

See also:

Requirements to install a GitHub App

GitHub Apps can be installed by anyone on their personal accounts. They can also be installed by organization owners on their organizations. Additionally, repository admins within an organization can install GitHub Apps, provided the app is limited to repositories they administer and does not request permissions that affect the organization or involve repository administration. However, organization owners have the capability to restrict these installations by outside collaborators who are repository admins. If organization members who are neither owners nor admins choose an organization during the app installation process, instead of directly installing the app, GitHub will notify the organization owner to request installation approval.

About installation process of the GitHub App

After installing a GitHub App, you may need to authorize it as well. Installing the app allows you to specify which repositories it can access and grants it permission to access certain resources within your organization based on its requirements. The app will show which permissions you are approving during the installation.

Authorizing a GitHub App grants it access to your GitHub account according to the permissions it has requested. The app will display which of your account's resources it can access during the authorization process. This authorization also permits the app to operate on your behalf.

It's possible to install a GitHub App without authorizing it, and you can also authorize an app without installing it.

Throttling prevention

Our application can use up to five additional apps to increase our request limit. We proceed by editing the organization, and in the Throttling Prevention section, we click on Manage Credentials

then select Add New, and choose GitHub App (BETA).

We select an additional application to install

Now we will do it, in the same way as when adding an organization

Permissions required by the GitProtect application

Below you will find a list of all necessary permissions on which our application operates.

Repository rermissions:

Organization permissions:

During installation process of GitProtect application, you can choose whether you want to grant permissions to all repositories in the organization or only selected ones.