Pricing Templates
Log in Sign up
Integrations / GitHub / ...

POST /app/installations/{installation_id}/access_tokens

Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access.

Optionally, you can use the repositories or repository_ids body parameters to specify individual repositories that the installation access token can access. If you don't use repositories or repository_ids to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to. Up to 500 repositories can be listed in this manner.

Optionally, use the permissions body parameter to specify the permissions that the installation access token should have. If permissions is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.

You must use a JWT to access this endpoint.

Servers

Path parameters

Name Type Required Description
installation_id Integer Yes

The unique identifier of the installation.

Request headers

Name Type Required Description
Content-Type String Yes The media type of the request body.

Default value: "application/json"

Request body fields

Name Type Required Description
repositories[] Array No

List of repository names that the token should have access to
repository_ids[] Array No

List of repository IDs that the token should have access to
permissions Object No

The permissions granted to the user access token.
permissions.members String No

The level of permission to grant the access token for organization teams and members.

Possible values:

  • "read"
  • "write"
permissions.organization_events String No

The level of permission to grant the access token to view events triggered by an activity in an organization.

Possible values:

  • "read"
permissions.organization_secrets String No

The level of permission to grant the access token to manage organization secrets.

Possible values:

  • "read"
  • "write"
permissions.organization_custom_properties String No

The level of permission to grant the access token for custom property management.

Possible values:

  • "read"
  • "write"
  • "admin"
permissions.organization_announcement_banners String No

The level of permission to grant the access token to view and manage announcement banners for an organization.

Possible values:

  • "read"
  • "write"
permissions.metadata String No

The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.

Possible values:

  • "read"
  • "write"
permissions.single_file String No

The level of permission to grant the access token to manage just a single file.

Possible values:

  • "read"
  • "write"
permissions.administration String No

The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation.

Possible values:

  • "read"
  • "write"
permissions.statuses String No

The level of permission to grant the access token for commit statuses.

Possible values:

  • "read"
  • "write"
permissions.starring String No

The level of permission to grant the access token to list and manage repositories a user is starring.

Possible values:

  • "read"
  • "write"
permissions.organization_copilot_seat_management String No

The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change.

Possible values:

  • "write"
permissions.organization_projects String No

The level of permission to grant the access token to manage organization projects and projects public preview (where available).

Possible values:

  • "read"
  • "write"
  • "admin"
permissions.profile String No

The level of permission to grant the access token to manage the profile settings belonging to a user.

Possible values:

  • "write"
permissions.repository_custom_properties String No

The level of permission to grant the access token to view and edit custom properties for a repository, when allowed by the property.

Possible values:

  • "read"
  • "write"
permissions.organization_packages String No

The level of permission to grant the access token for organization packages published to GitHub Packages.

Possible values:

  • "read"
  • "write"
permissions.secrets String No

The level of permission to grant the access token to manage repository secrets.

Possible values:

  • "read"
  • "write"
permissions.workflows String No

The level of permission to grant the access token to update GitHub Actions workflow files.

Possible values:

  • "write"
permissions.organization_plan String No

The level of permission to grant the access token for viewing an organization's plan.

Possible values:

  • "read"
permissions.issues String No

The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones.

Possible values:

  • "read"
  • "write"
permissions.pull_requests String No

The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges.

Possible values:

  • "read"
  • "write"
permissions.repository_projects String No

The level of permission to grant the access token to manage repository projects, columns, and cards.

Possible values:

  • "read"
  • "write"
  • "admin"
permissions.vulnerability_alerts String No

The level of permission to grant the access token to manage Dependabot alerts.

Possible values:

  • "read"
  • "write"
permissions.organization_custom_roles String No

The level of permission to grant the access token for custom repository roles management.

Possible values:

  • "read"
  • "write"
permissions.secret_scanning_alerts String No

The level of permission to grant the access token to view and manage secret scanning alerts.

Possible values:

  • "read"
  • "write"
permissions.organization_hooks String No

The level of permission to grant the access token to manage the post-receive hooks for an organization.

Possible values:

  • "read"
  • "write"
permissions.organization_user_blocking String No

The level of permission to grant the access token to view and manage users blocked by the organization.

Possible values:

  • "read"
  • "write"
permissions.organization_personal_access_token_requests String No

The level of permission to grant the access token for viewing and managing fine-grained personal access tokens that have been approved by an organization.

Possible values:

  • "read"
  • "write"
permissions.contents String No

The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges.

Possible values:

  • "read"
  • "write"
permissions.security_events String No

The level of permission to grant the access token to view and manage security events like code scanning alerts.

Possible values:

  • "read"
  • "write"
permissions.packages String No

The level of permission to grant the access token for packages published to GitHub Packages.

Possible values:

  • "read"
  • "write"
permissions.git_ssh_keys String No

The level of permission to grant the access token to manage git SSH keys.

Possible values:

  • "read"
  • "write"
permissions.interaction_limits String No

The level of permission to grant the access token to view and manage interaction limits on a repository.

Possible values:

  • "read"
  • "write"
permissions.organization_administration String No

The level of permission to grant the access token to manage access to an organization.

Possible values:

  • "read"
  • "write"
permissions.gpg_keys String No

The level of permission to grant the access token to view and manage GPG keys belonging to a user.

Possible values:

  • "read"
  • "write"
permissions.email_addresses String No

The level of permission to grant the access token to manage the email addresses belonging to a user.

Possible values:

  • "read"
  • "write"
permissions.organization_self_hosted_runners String No

The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization.

Possible values:

  • "read"
  • "write"
permissions.followers String No

The level of permission to grant the access token to manage the followers belonging to a user.

Possible values:

  • "read"
  • "write"
permissions.pages String No

The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds.

Possible values:

  • "read"
  • "write"
permissions.environments String No

The level of permission to grant the access token for managing repository environments.

Possible values:

  • "read"
  • "write"
permissions.actions String No

The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts.

Possible values:

  • "read"
  • "write"
permissions.team_discussions String No

The level of permission to grant the access token to manage team discussions and related comments.

Possible values:

  • "read"
  • "write"
permissions.checks String No

The level of permission to grant the access token for checks on code.

Possible values:

  • "read"
  • "write"
permissions.dependabot_secrets String No

The level of permission to grant the access token to manage Dependabot secrets.

Possible values:

  • "read"
  • "write"
permissions.organization_custom_org_roles String No

The level of permission to grant the access token for custom organization roles management.

Possible values:

  • "read"
  • "write"
permissions.codespaces String No

The level of permission to grant the access token to create, edit, delete, and list Codespaces.

Possible values:

  • "read"
  • "write"
permissions.repository_hooks String No

The level of permission to grant the access token to manage the post-receive hooks for a repository.

Possible values:

  • "read"
  • "write"
permissions.deployments String No

The level of permission to grant the access token for deployments and deployment statuses.

Possible values:

  • "read"
  • "write"
permissions.organization_personal_access_tokens String No

The level of permission to grant the access token for viewing and managing fine-grained personal access token requests to an organization.

Possible values:

  • "read"
  • "write"

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2025 SimWorkflow
Terms of Service Privacy Policy