hey guys so I wrote a github app for one of my orgs. and I finally got it working. But I now want to install it in my other organizations and am not able to because it is set to private.
There seems to only be two options “public” or “private”. Private only lets you install it in that particular org. Public means anyone can install it in any org or repo.
It seems the only way for me to be able to install it on my other orgs is to make it public. But my concern is the potential for abuse.
Couldnt someone install it on their repo / org and then just hammer my server with events? I understand the rate limits are per installation so at least those won’t be abused. But it still means my server can easily be overloaded by a malicious party.
Is there a way to make it “public” (to be able to install on my other orgs) but control who can actually install it (to prevent abuse)?
Is there a better solution to this?