Turn Your Vehicle Into a Smart Earning Asset

While you’re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

🚗 You set the rental price
🔐 Secure bookings with verified renters
📍 Track your vehicle with GPS integration
💰 Start earning within 48 hours

Join as a Partner Today

It’s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

What is GitHub App Installation Token?

A GitHub App Installation Token is a short-lived access token that allows a GitHub App to interact with specific repositories or organizations where it has been installed — on behalf of itself, not a user.


🔐 Why is it Needed?

GitHub Apps do not use OAuth tokens like traditional apps. Instead, they:

  1. Authenticate as the App using a JWT (JSON Web Token).
  2. Exchange the JWT for an installation token for a specific installation of the app (per repo/org).
  3. Use the installation token to make authenticated API calls (REST or GraphQL).

✅ What Can You Do with an Installation Token?

Once issued, an installation token:

  • Acts on behalf of the GitHub App installation
  • Honors the app’s granted permissions and scopes
  • Is limited to specific repositories where the app is installed
  • Expires in 1 hour

Example: If your GitHub App is installed on octo-org/repo-a and repo-b, your installation token can only access those, not others.


🛠️ How to Generate an Installation Token (Step-by-Step)

Step 1: Generate a JWT (as the App)

Use your app’s private key:

const jwt = require('jsonwebtoken');
const fs = require('fs');

const appId = 'YOUR_APP_ID';
const privateKey = fs.readFileSync('private-key.pem');

const token = jwt.sign(
  {
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + (10 * 60),
    iss: appId,
  },
  privateKey,
  { algorithm: 'RS256' }
);
Code language: JavaScript (javascript)

Step 2: Get Installation ID

Make a request using JWT to get installation ID:

GET /app/installations
Authorization: Bearer <JWT>
Code language: HTML, XML (xml)

Step 3: Exchange JWT for Installation Token

Use the installation ID from Step 2:

POST /app/installations/:installation_id/access_tokens
Authorization: Bearer <JWT>
Code language: HTML, XML (xml)

Response:

{
  "token": "v1.abc123...",
  "expires_at": "2025-05-14T12:00:00Z"
}
Code language: JSON / JSON with Comments (json)

Step 4: Use Installation Token to Call GitHub API

GET /repos/octo-org/repo-a/issues
Authorization: token v1.abc123...

🔄 Installation Token vs OAuth Token

FeatureInstallation TokenOAuth Token
Acts asGitHub App installationAuthenticated user
ScopeRepo/org installationUser’s authorized scopes
Use caseAutomation, bots, CI/CDUser-based access and interaction
Expiry1 hourLong-lived unless revoked

🧠 Example Use Cases

  • CI/CD pipelines using GitHub Apps
  • Auto-responders on issues/pull requests
  • Infrastructure automation (e.g., with Terraform)
  • Custom bots interacting with GitHub

🧪 Final Notes

  • You must use a JWT to request an installation token.
  • Installation tokens cannot be refreshed — regenerate when expired.
  • Use Octokit or Probot for easier abstraction.

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x