How to call API v3 endpoints as a Github application


#1

Hello,

I’ve followed the documentation to create a Github Application down to authenticating-as-an-installation and as far as the curl examples go, I got everything working.

However, I’m hitting a wall understanding how to call a Github API V3 endpoint as a Github Application (or just to make it work).

Lets consider I would like to list Pull Requests on a repository.

I’m able to do this operation using the installation’s access token I created, but I’m not able to it with the application’s JWT token.

The following:

curl -i -H "Authorization: Bearer MY_JWT_TOKEN" -H "Accept: application/vnd.github.machine-man-preview+json" https://api.github.com/repos/THE_ORG/THE_REPO/pulls

returns

{
  "message": "Bad credentials",
  "documentation_url": "https://developer.github.com/v3"
}

I’ve made sure:

  • MY_JWT_TOKEN is valid (by using it with the curl command to create an installation access token)
  • the installation of my application grants read & write access to pull requests
  • the installation grants access to the repository (actually, all repositories)

At this point, I’m considering:

  • I understood right but I’m not doing it correctly and there is something wrong in the CURL command above
  • I misunderstood the whole “authenticate as a Github application” thing

In both cases, if anyone could shade some light on this, I would really appreciate it.

Thanks


#2

@sns-seb, the JWT will only give your application the ability to request an access token to perform API functions. You cannot authenticate against any of the endpoints with the JWT alone.

In order to do what you’re trying to do you need generate your JWT and then request an access token:

curl -i -X POST \
-H "Authorization: Bearer YOUR_JWT" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
https://api.github.com/installations/:installation_id/access_tokens

Your response should look like:

{
  "token": "YOUR_INSTALLATION_ACCESS_TOKEN",
  "expires_at": "EXPIRATION_DATE"
}

Once you have an access token you can hit any of the v3 endpoints your app is permitted to access. In your case:

curl -i \
-H "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
https://api.github.com/repos/THE_ORG/THE_REPO/pulls

Hope this helps!


#3

Hello @Hollywood,

Thanks for your reply.

What you describes is what I was referring to as “authenticating as an installation” and I managed to make it work.

However, when I read the documentation, this is not what I understand and according to my understanding, it shouldn’t even work:

(1) this paragraphe directly following the one called “Authentication as a Github App” leads me to think that I should be able to do what it describes using the JWT token created above
(2) this list of “available endpoints” is way longer that the list at point (4) and does include pull request review endpoints
(3) this paragraphe following the one to create an installation access token leads me to think I should be able to do what it describes using this token
(4) this list of endpoints is considerably smaller than the list at point (2) and does not include pull request review endpoints

If the documentation is just unclear (or I misunderstand it) and the JWT token can in fact be used only to consume Github Apps endpints, I’m fine with it. I would welcome someone confirming it, though.

Could also be that authenticating as an app should be done differently (using client id and secret?). If so, could anyone describe how to do it?

Thanks in advance