Question: app requests fail if installation ID not provided

[boonware]

When authenticating as an app and not an installation, API requests are failing because the app installation ID is not being set. Surely, when authenticating as an app I do not need the installation ID.

I create my github instance as follows:

auth = AppAuthStrategy(app_id=props['appId'], private_key=props['privateKey'], client_secret=props['clientSecret'], client_id=props['clientId'])
github = GitHub(auth, base_url='https://github.acme.com')

Then, I list org membership. Note that my app has been installed into the requested org "foo":

github.rest.orgs.list_members(org='foo', per_page=100)):

This throws the following error:

File "/Users/redacted/.local/share/virtualenvs/app/lib/python3.10/site-packages/githubkit/versions/v2022_11_28/rest/orgs.py", line 2022, in list_members
    return self._github.request(
File "/Users/redacted/.local/share/virtualenvs/app/lib/python3.10/site-packages/githubkit/core.py", line 476, in request
    raw_resp = self._request(
File "/Users/redacted/.local/share/virtualenvs/app/lib/python3.10/site-packages/githubkit/core.py", line 293, in _request
    raise RequestError(e) from e
githubkit.exception.RequestError: GitHub APP installation_id must be provided for accessing apis as an installation

[yanyongyu]

You are using a github app to operate on an installation api. So, you need to auth as the orgnization itself first. You can switch to the installation like this example.

PS: auth as the github app can only access the apis related to app itself (such as list installations). To operate on the other objects (third party which installed your app), you need to switch to specific installation (one-to-one binded to a user/org).

[boonware]

How do I know if an API is an "installation API"? I thought that using an app, and assuming it was installed into the org, I could use the app (not installation) to fetch information about the organization. Otherwise, every time my app is installed to an org, the installer needs to send me their installation ID but this is too cumbersome.

[yanyongyu]

You can find the official documentation here: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app

How do I know if an API is an "installation API"?

In the github rest api docs, every api will tell you which token yo use.

If the docs says: You must use a JWT to access this endpoint. (Example), you should use the app auth.

If the docs says:

You must use installation token in this case.

send me their installation ID

No, they do not need to do this. You can simply get the installation id from the api (which needs app auth). Here is the api to get an orgnization installation: https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app

The whole app installation workflow example can be found at the githubkit's example: https://yanyongyu.github.io/githubkit/quickstart/github-app/#authenticating-as-an-installation-by-username

change the api called in the above example to get organization installation api.

[yanyongyu]

If you have any other questions, feel free to open an issue 🤗