A cheat sheet for GitHub Apps
A cheat sheet for GitHub Apps...
GitHub Apps
Other key terms:
Installation
: Connects a GitHub App to one or more repositories owned by an organization or userPermissions
: Dictate what an App can see, or do in the context of an installationWebhooks
: Dictate what events an App will be notified about, over a single HTTP endpoint, registered with the GitHub AppServer-to-server token
: (Also commonly referred to as the installation token
, or installation access token
) Permits access to resources within the scope of an installation, expires after one hour, created via the REST API
User-to-server token
: Permits access to resources that are visible to both an end-user and the GitHub App, acquired through an OAuth-like flowJWT
: (JSON Web Tokens) an open web standard, allowing for information to be securely transmitted between two parties as a JSON object, in this context, JWTs are used to securely transmit a signature to GitHub.com to confirm to GitHub that we are the App we are claiming to beJWT
)JWT
)JWT
)JWT
)installation access token
)installation access token
)user-to-server OAuth access token
)user-to-server OAuth access token
)apptokit
a CLI for working with GitHub Apps, built by one of the GitHub Apps Engineersgithub-apps-helper
plugin for Insomnia
smee.io
a webhook payload delivery servicesmee-client
a client for receiving webhook payloads locally via smee.io
jsonwebtokenydoo
a command line utility to assist with GitHub App authenticationjwt-cli
a command line utility to assist with JWT creationDo:
X-GitHub-Request-Id
response header value, especially for error (4xx, 5xx) responsesDon't: