Authenticating with a GitHub App

Learn how to set up authentication options for GitHub Apps.

Authenticating with GitHub Apps
You can authenticate as a GitHub App or as an installation.
Authenticating as a GitHub App
You can authenticate as a GitHub App in order to generate an installation access token or manage your app.
Authenticating as a GitHub App installation
You can make your GitHub App authenticate as an installation in order to make API requests that affect resources owned by the account where the app is installed.
Managing private keys for GitHub Apps
You can manage private keys to authenticate with your GitHub App.
Generating a JSON Web Token (JWT) for a GitHub App
Learn how to create a JSON Web Token (JWT) to authenticate to certain REST API endpoints with your GitHub App.
Generating an installation access token for a GitHub App
Learn how to generate an installation access token for your GitHub App.
Identifying and authorizing users for GitHub Apps
Your GitHub App can perform actions on behalf of a user, like creating an issue, creating a deployment, and using other supported endpoints.
Refreshing user-to-server access tokens
To enforce regular token rotation and reduce the impact of a compromised token, you can configure your GitHub App to use expiring user access tokens.