# GitHub App
**GitHub can be integrated with Xopero ONE using several authorization methods, including a GitHub App, which provides a secure and scalable way to connect GitHub organizations for backup and recovery operations. With granular permissions, repository-level access, and short-lived authentication tokens, GitHub Apps help protect repositories and related metadata while supporting automated backup workflows, repository synchronization, and streamlined management across the Xopero ONE environment.**
***
## General information
A **GitHub App** is a type of integration you can build to interact with and extend **GitHub’s** functionality. **GitHub Apps** can provide flexibility and reduce friction in your processes without requiring users to sign in or create a service account.
Like OAuth apps, **GitHub Apps** use OAuth 2.0 and can act on a user’s behalf. Unlike OAuth apps, **GitHub Apps** can also act independently of a user.
***
## Advantages
The key advantages of using the **GitHub App** for integration with **Xopero ONE** include enhanced security, better rate limit handling, and more reliable repository management.
### Security
**GitHub Apps** provide enhanced control and security compared to OAuth apps. Instead of broad scopes, **GitHub Apps** use fine-grained permissions, giving administrators better control over what the app can access and perform:
* **Granular permissions** — **GitHub Apps** request only the permissions they need, unlike OAuth apps, which rely on broader permission scopes.
* **Repository-specific access** — users or organization owners can choose which repositories an app can access, whereas OAuth apps can access all repositories available to the authorizing user.
* **Short-lived tokens** — **GitHub Apps** use tokens that expire quickly, reducing the risk of misuse. In contrast, OAuth app tokens remain valid until explicitly revoked.
These features make **GitHub Apps** more suitable for organizations with strict security requirements, offering stronger protection against potential security risks.
### Rate limit
**GitHub Apps** that use installation access tokens are initially allowed **5,000 requests per hour**. This limit can increase under specific conditions:
* **GitHub Enterprise Cloud organizations** — installations associated with a **GitHub Enterprise Cloud** organization have a rate limit of 15,000 requests per hour.
* **Scaling by repositories and users** — for installations that are not part of a **GitHub Enterprise Cloud** organization:
* Organizations with more than 20 repositories receive an additional **50 requests per hour per repository**.
* Organizations with more than 20 users receive an additional **50 requests per hour for each user beyond 20**.
* The total rate limit is capped at 12,500 requests per hour.
The above rules are designed to ensure fair usage while maintaining system stability and security.
{% hint style="info" %}
Learn more about rate limits in [the official GitHub documentation](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-github-app-installations).
{% endhint %}
***
## Access control and approval flow
**GitHub Apps** can be installed by users on their personal accounts and by organization owners within organizations they own. Additionally, repository admins within an organization can install **GitHub Apps**, provided the app is limited to repositories they administer and does not request permissions that affect the organization or involve repository administration.
However, organization owners have the capability to restrict these installations by outside collaborators who are repository admins. If organization members who are neither owners nor admins choose an organization during the app installation process, instead of directly installing the app, **GitHub** will notify the organization owner to request installation approval.
***
## App authorization
After installing a **GitHub App**, you may also need to authorize it. Installation lets you specify which repositories the app can access and grants it permission to use certain organizational resources.
During installation, the app displays the requested permissions for review and approval. Once authorized, the app can also operate on your behalf.
{% hint style="info" %}
You can install a **GitHub App** without authorizing it, and you can also authorize an app without installing it.
{% endhint %}
***
## Throttling prevention
Throttling limits the number of API calls or operations within a given time window to prevent resource overuse and ensure server stability. If throttling limits are exceeded, further client requests may be temporarily restricted, which can extend backup times.
**Xopero ONE** can use up to 10 additional apps to increase request limit and reduce throttling impact.
{% hint style="info" %}
You can find more information about throttling and throttling mitigation methods in [Useful links and items](#useful-links-and-items) section.
{% endhint %}
***
## Updating GitHub App permissions
With the upcoming release of **Xopero ONE** (scheduled for May 2026), we are introducing support for **GitHub** issue types.
To enable this new feature, **GitHub** requires a manual update to your **GitHub App** permissions. While your existing backup plans will continue to run without interruption, this manual approval is required to unlock the new capabilities and ensure future compatibility.
{% hint style="warning" %}
You will receive an email notification from **GitHub** for each of your installations and will need to manually review and approve the new issue types permission request within your **GitHub** account.
{% endhint %}
Below is a step-by-step walkthrough of the approval process.
{% stepper %}
{% step %}
You will get an email from **GitHub** containing information about the application and the organization or account requesting elevated access. To grant **Xopero ONE** the required permissions, click the **Review permission request to accept or reject this change** link.
{% endstep %}
{% step %}
After clicking the link, you will be redirected to **GitHub**, where you can review the requested permissions and approve them.
{% endstep %}
{% step %}
Once the requested permissions are accepted, your environment will be ready for full backup coverage of issue type data when the next **Xopero ONE** release goes live.
{% endstep %}
{% endstepper %}
***
## Useful links and items
{% content-ref url="/pages/ch2cGR1agZ7mvw2L8z3N" %}
[Throttling prevention](/xopero-one-en/compliance-and-risk-management/throttling-prevention.md)
{% endcontent-ref %}
{% content-ref url="/pages/DX1vxw9hLnsB1LVVmVqe" %}
[Avoiding API rate limits impact](/xopero-one-en/compliance-and-risk-management/avoiding-api-rate-limits-impact.md)
{% endcontent-ref %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://helpcenter.xopero.com/xopero-one-en/backup-and-recovery/devops/github/integration/github-app.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.