Programmatically updating repository access for an application

Greetings *,

i have been googling and reading the application documentation for quite some time but either i do not have the concepts clear and have been looking for the wrong information or it’s just something that cannot be done.

Let’s say i have an organization of which i am admin that has an application installed. I can see the application listed in the integrations page on my main repository page https://github.com/ORGANIZATION/REPOSITORY/settings/installations.

If i then go on the configuration page for that application, from the interface, for example by opening https://github.com/apps/APPLICATION_SLUG/installations/INSTALLATION_ID i get the option of updating the configuration of that application, in this case the list of repositories the application has access to.

What i am having trouble with is updating this list of applications programmatically via the api, i would like to be able to get/add/remove repositories from the list of those the application has access to. The only thing i have found is

https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation

that requires me to generate a private key for that application, an operation that i cannot perform as i am not the owner of that application.

What am i not getting?

HI @andreahf,

Thank you for being here! AFAIK the only option would be to suspend and unsuspend the GitHub App installations using the REST API. For more information, see the GitHub Apps REST API.

To suspend a GitHub App, you must be an account owner or have admin permissions in the repository or organization where the app is installed, for more information on how to execute this please see: https://developer.github.com/v3/apps/#suspend-an-installation.

Hello @andreagriffiths11 ,

thanks for coming back to this!

Am i wrong in understanding that, in order to suspend or unsuspend an insatllation i need to perform the https://developer.github.com/v3/apps/#suspend-an-installation call that, in turn, requires me to sign it via JWT that, in turn, needs me to https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#generating-a-private-key generate a private key for _that_ app? so, if i do not control the app, because for example it’s an integration a provider we use is providing us, i need to get a key from them? this would also mean that i would then be able to identify to github as that application, thus accessing all the data the application has on _other_ customers that are not me.

thanks again for your time and for clearing this up!