My initial experience with GitHub Integrations was from the perspective of someone looking to migrate an internal corporate service off the personal OAuth token flow. The service in question does not serve HTTP and does not need to respond to events. Integrations are appealing because they allow us to decouple the availability of our GitHub-integrated services from the availability of privileged staff identities and credentials. (Service accounts were never particularly appealing, partly because managing shared access to MFA tokens can be a bit of a faff.)
I expect our Integrations will always be private to our Organization. Installation events are therefore of little use.
When setting up my first Integration, I was surprised that the form required a webhook URL. It is not possible to register a new Integration without one. I ended up mashing in a load of rubbish to appease the form validator. The resulting Installation worked just fine. Though, it is a bit confusing to see a populated webhook URL in the Integration’s configuration.
Would it make sense to permit an empty webhook URL for private Integrations that are not scoped for events?