| CARVIEW |
Select Language
HTTP/2 301
server: GitHub.com
content-type: text/html
location: https://docs.github.com/apps/building-oauth-apps/
x-github-request-id: 7824:10A8ED:80484:93E20:68836F0E
accept-ranges: bytes
date: Fri, 25 Jul 2025 11:48:31 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bom-vanm7210051-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753444111.902597,VS0,VE207
vary: Accept-Encoding
x-fastly-request-id: 338f3fec9a8879adb80636b98714fb3274f2cabb
content-length: 162
HTTP/2 301
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /apps/building-oauth-apps
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: CD02:189B0C:15AE5A8:1A9D001:68836F0F
accept-ranges: bytes
age: 0
date: Fri, 25 Jul 2025 11:48:32 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210068-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753444111.173043,VS0,VE1238
vary: Accept
strict-transport-security: max-age=31557600
content-length: 59
HTTP/2 302
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /en/apps/oauth-apps/building-oauth-apps
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: E498:1BF8AA:1500107:19EEBE6:68836F10
accept-ranges: bytes
age: 0
date: Fri, 25 Jul 2025 11:48:33 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210068-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753444112.425174,VS0,VE1237
vary: accept-language, x-user-language, Accept
strict-transport-security: max-age=31557600
content-length: 61
HTTP/2 200
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
x-powered-by: Next.js
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 1AC0:159DE3:156378F:1A52193:68836F12
content-encoding: gzip
accept-ranges: bytes
age: 1
date: Fri, 25 Jul 2025 11:48:36 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210068-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753444114.676167,VS0,VE2327
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 25778
Building OAuth apps - GitHub Docs
Skip to main content
GitHub Docs
Search or ask Copilot
Select language: current language is English
Search or ask Copilot
Open menu
Open Sidebar
Building OAuth apps
You can build OAuth apps for yourself or others to use. Learn how to register and set up permissions and authorization options for OAuth apps.
Differences between GitHub Apps and OAuth apps
In general, GitHub Apps are preferred to OAuth apps because they use fine-grained permissions, give more control over which repositories the app can access, and use short-lived tokens.
Rate limits for OAuth apps
Rate limits restrict the rate of traffic to GitHub.com, to help ensure consistent access for all users.
Creating an OAuth app
You can create and register an OAuth app under your personal account or under any organization you have administrative access to. While creating your OAuth app, remember to protect your privacy by only using information you consider public.
Authenticating to the REST API with an OAuth app
Learn about the different ways to authenticate with some examples.
Authorizing OAuth apps
You can enable other users to authorize your OAuth app.
Scopes for OAuth apps
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
Creating a custom badge for your OAuth app
You can replace the default badge on your OAuth app by uploading your own logo image and customizing the background.
Best practices for creating an OAuth app
Follow these best practices to improve the security and performance of your OAuth app.