Bad Credentials when creating a check run

I’ve been trying to test out the new GitHub check runs API and ran into a wall. I am able to create a JWT token successfully and use it on the Authenticated App API ( to get a successful response. When I try to call the create a check run API (, I am getting a 401 response with the message “Bad Credentials”. I am changing the accept header to the value listed on the create a check run page (have also tried with the accept header from authenticated app api). Looking for some help to figure out where I am going wrong. Should the JWT be modified to access check run endpoints or should the same JWT work?

Followed these directions on authenticating with apps:

Below is the Raw Request and Response from one of my attempts. As far as I can tell this should work according to the documentation. I’ve also made sure my app has the checks:write permission and is subscribed to the check_suite and check_run webhooks. I am getting data on my server from the check_suite webhook and know that is working.

RAW Request (Omitted some private data)

Authorization: Bearer OMITTED
Content-Type: application/json
Content-Length: 355
User-Agent: mdtapp001
Accept: application/vnd.github.antiope-preview+json

{“name”:“MyFirstCheck”,“head_sha”:“0054662f1565831624186f590d4dbad87e07bcd6”,“status”:“queued”,“started_at”:“2018-11-01T16:30:00Z”,“output”:{“title”:“MyFirstCheckTitle”,“summary”:“Checking your codes”,“text”:“This is text data.”,“images”:[{“alt”:“A link”,“image_url”:“OMITTED”,“caption”:“A captioned link”}]}}

Raw Response

HTTP/1.1 401 Unauthorized
Date: Fri, 02 Nov 2018 16:16:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 83
Status: 401 Unauthorized
X-GitHub-Media-Type: github.antiope-preview; format=json
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1541178552
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src ‘none’
X-GitHub-Request-Id: E682:4A9A:5C35:732B:5BDC7838

{“message”:“Bad credentials”,“documentation_url”:“”}

You need to create an installation token using the JWT. That is the token you use to do other API calls. Note that it has an expiration and needs refreshed occasionally.


Thanks! Sorry about wasting your time. I realize that I should have made that connection, but I kept reading the API as authenticating as a GitHub App and just got that stuck in my head that it should work. 

I went back to read the check run API and it doesn’t mention using installation tokens for auth. It makes a lot of sense that it should be using an installation token especially since I went through installing the app.

Check Run API:

Meaning after create a installation token via{installation_id}/access_tokens using your previously generated JWT… you’re going to pass that generated token to the /check-runs create endpoint? as Bearer token?