Creating a GitHub App to add/remove Organization members; getting 404 Not Found when adding

community-help

#1

I am getting a 404 Not Found when attempting to add a user to a GitHub Org via the GitHub App API flow.

API Flow / Steps to Reproduce:

  1. Create a GitHub App and give it Read & write access to Organization members
  2. Generate and download the App’s private key, and record it’s ID
  3. Install the App on a GitHub Org
  4. Generate a JSON Web Token (JWT) using the private key and App ID
  5. Using the JWT and custom Accept header, get a list of the app installations [works]; record the installation ID for the GitHub Org
  6. Using the JWT, custom Accept header and installation ID, create an Installation Token [works]
  7. Using the Installation Token, get a list of the organization’s members [works] (authentication works - can see private members)
  8. Using the Installation Token, attempt to add a user to the org [Fails: 404 Not Found]

According to the docs, the API call should be:

PUT /orgs/:org/memberships/:username?role=member

…but it fails.

I have verified:

  • The API documentation states that the API endpoint is “Enabled for GitHub Apps.”
  • The Installation Token is valid and functional (can use it to see private members of the org).
  • The organization name.
  • The username.

I have tried:

  • Setting the Accept header to:
    • application/vnd.github.v3+json
    • application/vnd.github.machine-man-preview+json
  • Changing the request method to POST instead of PUT.
  • Using the JWT as the token for the request.

#Stuck :sob:


#2

:wave: Hey @cmlccie!

Unfortunately when I follow your steps I don’t get a 404, I am able to add a member.

My “add a user to org” request looked like:

curl -X PUT -H 'Authorization: token v1.notarealtoken' 'https://api.github.com/orgs/test-org-name/memberships/a-test-user'

The only 404’s I got were when either the Organization or the User didn’t exist, but you’ve verified those so that’s not it.

Do you have any example code you can share of how you’re setting up that last request?