Best practice for authentication when automating organization account workflow

I am tasked to help automate the workflow related to automating a few tasks related to management of our organization account on GitHub. For example, add and remove users from the org, create new repos, add external collaborators etc. The requests for this actions will come from a system where a user fill in a form and this system will curl to the GitHub API after the request is reviewed and approved.

By reading the GitHub API documentation I can set up the curls for this, but I am unsure about authentication best practices. My first idea would be to create a user account specific for this use case, make it admin for the org, and create an OAuth token with scopes needed to be allowed to make this requests. However, it feels a bit too hacky to create an individual account for something that is not an individual, and then make it admin of the whole organization.

Is there a better way to approach this?

Hey @kbjarkefur :wave:

Just picking this back up in case you were still needing assistance. Assuming this is still something you were wondering about, let’s specify:

first idea would be to create a user account specific for this use case, make it admin for the org, and create an OAuth token with scopes needed to be allowed to make this requests
{…}
Is there a better way to approach this?

Yes!

If you are creating a GitHub Application (which is how I read your post) then you will want to generate a private key, for your application:

The steps are outlined there, but if you had any questions or concerns, please elevate them so we can elaborate. :bow: