Authenticating with a App

Your App can authenticate as itself, as an app installation, or on behalf of a user.

You can authenticate as a App in order to generate an installation access token or manage your app.

You can make your App authenticate as an installation in order to make API requests that affect resources owned by the account where the app is installed.

Your App can perform actions on behalf of a user, like creating an issue, posting a comment, or creating a deployment.

You can manage private keys to authenticate with your App.

Learn how to create a JSON Web Token (JWT) to authenticate to certain REST API endpoints with your App.

Learn how to generate an installation access token for your App.

You can generate a user access token for your App in order to attribute app activity to a user.

To enforce regular token rotation and reduce the impact of a compromised token, you can configure your App to use user access tokens that expire.

You can use an installation access token from a App to make authenticated API requests in a Actions workflow. You can also pass the token to a custom action to enable the action to make authenticated API requests.