HTTP/2 301
server: GitHub.com
content-type: text/html
location: https://docs.github.com/apps/building-oauth-apps/
x-github-request-id: 1B1F:36FAE8:14BF8C:185D61:6881D8CA
accept-ranges: bytes
age: 0
date: Thu, 24 Jul 2025 06:55:07 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210048-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753340107.185175,VS0,VE203
vary: Accept-Encoding
x-fastly-request-id: 59e268c23d3f024ad14236559eae33e50575786e
content-length: 162
HTTP/2 301
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /apps/building-oauth-apps
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 84FA:11821C:5890B5:704049:6881D8CB
accept-ranges: bytes
age: 0
date: Thu, 24 Jul 2025 06:55:08 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210047-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753340107.442108,VS0,VE1235
vary: Accept
strict-transport-security: max-age=31557600
content-length: 59
HTTP/2 302
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /en/apps/oauth-apps/building-oauth-apps
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 56D6:17A37:58942E:70455C:6881D8CD
accept-ranges: bytes
age: 0
date: Thu, 24 Jul 2025 06:55:09 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210047-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753340109.690144,VS0,VE1230
vary: accept-language, x-user-language, Accept
strict-transport-security: max-age=31557600
content-length: 61
HTTP/2 200
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
x-powered-by: Next.js
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 42EE:11821C:58977C:70489D:6881D8CE
content-encoding: gzip
accept-ranges: bytes
age: 1
date: Thu, 24 Jul 2025 06:55:12 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210047-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753340110.934141,VS0,VE2253
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 25776
Building OAuth apps - GitHub Docs Skip to main content Overview
About creating GitHub Apps Authenticate with a GitHub App Writing code for a GitHub App List an app on the Marketplace Sell apps on the Marketplace
Building OAuth apps You can build OAuth apps for yourself or others to use. Learn how to register and set up permissions and authorization options for OAuth apps.
In general, GitHub Apps are preferred to OAuth apps because they use fine-grained permissions, give more control over which repositories the app can access, and use short-lived tokens.
Rate limits restrict the rate of traffic to GitHub.com, to help ensure consistent access for all users.
You can create and register an OAuth app under your personal account or under any organization you have administrative access to. While creating your OAuth app, remember to protect your privacy by only using information you consider public.
Learn about the different ways to authenticate with some examples.
You can enable other users to authorize your OAuth app.
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
You can replace the default badge on your OAuth app by uploading your own logo image and customizing the background.
Follow these best practices to improve the security and performance of your OAuth app.
Help and support Ask Copilot your question. Ask Copilot