POST /app/installations/{installation_id}/access_tokens

Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access.

Optionally, you can use the repositories or repository_ids body parameters to specify individual repositories that the installation access token can access. If you don't use repositories or repository_ids to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to. Up to 500 repositories can be listed in this manner.

Optionally, use the permissions body parameter to specify the permissions that the installation access token should have. If permissions is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.

You must use a JWT to access this endpoint.

Servers

https://api.github.com

Path parameters

Name	Type	Required	Description
`installation_id`	Integer	Yes	The unique identifier of the installation.

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Request body fields

Name	Type	Required	Description
`repositories[]`	Array	No	List of repository names that the token should have access to
`repository_ids[]`	Array	No	List of repository IDs that the token should have access to
`permissions`	Object	No	The permissions granted to the user access token.
`permissions.members`	String	No	The level of permission to grant the access token for organization teams and members. Valid values: `"read"` `"write"`
`permissions.organization_events`	String	No	The level of permission to grant the access token to view events triggered by an activity in an organization. Valid values: `"read"`
`permissions.organization_secrets`	String	No	The level of permission to grant the access token to manage organization secrets. Valid values: `"read"` `"write"`
`permissions.organization_custom_properties`	String	No	The level of permission to grant the access token for custom property management. Valid values: `"read"` `"write"` `"admin"`
`permissions.organization_announcement_banners`	String	No	The level of permission to grant the access token to view and manage announcement banners for an organization. Valid values: `"read"` `"write"`
`permissions.metadata`	String	No	The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Valid values: `"read"` `"write"`
`permissions.single_file`	String	No	The level of permission to grant the access token to manage just a single file. Valid values: `"read"` `"write"`
`permissions.administration`	String	No	The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Valid values: `"read"` `"write"`
`permissions.statuses`	String	No	The level of permission to grant the access token for commit statuses. Valid values: `"read"` `"write"`
`permissions.starring`	String	No	The level of permission to grant the access token to list and manage repositories a user is starring. Valid values: `"read"` `"write"`
`permissions.organization_copilot_seat_management`	String	No	The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change. Valid values: `"write"`
`permissions.organization_projects`	String	No	The level of permission to grant the access token to manage organization projects and projects public preview (where available). Valid values: `"read"` `"write"` `"admin"`
`permissions.profile`	String	No	The level of permission to grant the access token to manage the profile settings belonging to a user. Valid values: `"write"`
`permissions.repository_custom_properties`	String	No	The level of permission to grant the access token to view and edit custom properties for a repository, when allowed by the property. Valid values: `"read"` `"write"`
`permissions.organization_packages`	String	No	The level of permission to grant the access token for organization packages published to GitHub Packages. Valid values: `"read"` `"write"`
`permissions.secrets`	String	No	The level of permission to grant the access token to manage repository secrets. Valid values: `"read"` `"write"`
`permissions.workflows`	String	No	The level of permission to grant the access token to update GitHub Actions workflow files. Valid values: `"write"`
`permissions.organization_plan`	String	No	The level of permission to grant the access token for viewing an organization's plan. Valid values: `"read"`
`permissions.issues`	String	No	The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Valid values: `"read"` `"write"`
`permissions.pull_requests`	String	No	The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. Valid values: `"read"` `"write"`
`permissions.repository_projects`	String	No	The level of permission to grant the access token to manage repository projects, columns, and cards. Valid values: `"read"` `"write"` `"admin"`
`permissions.vulnerability_alerts`	String	No	The level of permission to grant the access token to manage Dependabot alerts. Valid values: `"read"` `"write"`
`permissions.organization_custom_roles`	String	No	The level of permission to grant the access token for custom repository roles management. Valid values: `"read"` `"write"`
`permissions.secret_scanning_alerts`	String	No	The level of permission to grant the access token to view and manage secret scanning alerts. Valid values: `"read"` `"write"`
`permissions.organization_hooks`	String	No	The level of permission to grant the access token to manage the post-receive hooks for an organization. Valid values: `"read"` `"write"`
`permissions.organization_user_blocking`	String	No	The level of permission to grant the access token to view and manage users blocked by the organization. Valid values: `"read"` `"write"`
`permissions.organization_personal_access_token_requests`	String	No	The level of permission to grant the access token for viewing and managing fine-grained personal access tokens that have been approved by an organization. Valid values: `"read"` `"write"`
`permissions.contents`	String	No	The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Valid values: `"read"` `"write"`
`permissions.security_events`	String	No	The level of permission to grant the access token to view and manage security events like code scanning alerts. Valid values: `"read"` `"write"`
`permissions.packages`	String	No	The level of permission to grant the access token for packages published to GitHub Packages. Valid values: `"read"` `"write"`
`permissions.git_ssh_keys`	String	No	The level of permission to grant the access token to manage git SSH keys. Valid values: `"read"` `"write"`
`permissions.interaction_limits`	String	No	The level of permission to grant the access token to view and manage interaction limits on a repository. Valid values: `"read"` `"write"`
`permissions.organization_administration`	String	No	The level of permission to grant the access token to manage access to an organization. Valid values: `"read"` `"write"`
`permissions.gpg_keys`	String	No	The level of permission to grant the access token to view and manage GPG keys belonging to a user. Valid values: `"read"` `"write"`
`permissions.email_addresses`	String	No	The level of permission to grant the access token to manage the email addresses belonging to a user. Valid values: `"read"` `"write"`
`permissions.organization_self_hosted_runners`	String	No	The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. Valid values: `"read"` `"write"`
`permissions.followers`	String	No	The level of permission to grant the access token to manage the followers belonging to a user. Valid values: `"read"` `"write"`
`permissions.pages`	String	No	The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. Valid values: `"read"` `"write"`
`permissions.environments`	String	No	The level of permission to grant the access token for managing repository environments. Valid values: `"read"` `"write"`
`permissions.actions`	String	No	The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Valid values: `"read"` `"write"`
`permissions.team_discussions`	String	No	The level of permission to grant the access token to manage team discussions and related comments. Valid values: `"read"` `"write"`
`permissions.checks`	String	No	The level of permission to grant the access token for checks on code. Valid values: `"read"` `"write"`
`permissions.dependabot_secrets`	String	No	The level of permission to grant the access token to manage Dependabot secrets. Valid values: `"read"` `"write"`
`permissions.organization_custom_org_roles`	String	No	The level of permission to grant the access token for custom organization roles management. Valid values: `"read"` `"write"`
`permissions.codespaces`	String	No	The level of permission to grant the access token to create, edit, delete, and list Codespaces. Valid values: `"read"` `"write"`
`permissions.repository_hooks`	String	No	The level of permission to grant the access token to manage the post-receive hooks for a repository. Valid values: `"read"` `"write"`
`permissions.deployments`	String	No	The level of permission to grant the access token for deployments and deployment statuses. Valid values: `"read"` `"write"`
`permissions.organization_personal_access_tokens`	String	No	The level of permission to grant the access token for viewing and managing fine-grained personal access token requests to an organization. Valid values: `"read"` `"write"`

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.