Authenticating as an App



Hi GitHub Staff and fellow code-monkeys. :wave: :monkey:

I am trying to better understand what are my options in creating a GitHub App which acts as a bot.
Starting small, I’ve decided that my bot should write status messages on commits.

Example Screenshot

I've managed to do so with an OAuth App, but not with a normal, webhook based GitHub App; I only managed to authenticate as the App Installer account
Example Screenshot

Q1: Is it possible to Auth as an App with a normal (webhook based) GitHub App?

When prototyping my bot, and messing around with authentication, i used a service to simulate the authentication process as I don’t have a Back-end yet.
Q2: What’s the lifetime of that token?

Q3 Is there a API Endpoint for creating GitHub Apps with a user personal access token?

Thanks a lot for your time and help! :slight_smile:


@Nihilight it certainly is possible to create statuses as a GitHub App.

I’m not sure I understand the question. By default your GitHub App is already auth’d as an app.

There is no token. Once your App is installed on the repository, then it can post to the Statuses API.

No, there’s no API endpoint for creating GitHub Apps, though that feature has been requested before and is under discussion.


@kytrinyx I’ll try to better explain myself; As shown in the 2nd example screenshot - there’s a CircleCI status, which was posted by a “bot account” (@ CircleCi), there’s a ambulance status, which was posted by my OAuth App, and then there’s the rest of the statuses which were posted by my Webhook App. The latter we’re posted on my behalf (with a private generated access token) but not as the Webhook App (@ whatevernameIchoose).

I am including pseudo-code for my Webhook Callback

Is this the correct way to do so?



It sounds like there’s a fundamental disconnect here. Let’s start at the beginning.

Would you please confirm for me that you created your Webhook App by going to and clicking “New GitHub App”?


Correct. I’ve created the Webhook App by going through that link.


Thanks. Did you generate and download a private key and follow the steps described in the “authenticating as an installation” part of the documentation?