Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 4

Bad Credentials when creating a check run

Solved! Go to Solution.

I've been trying to test out the new GitHub check runs API and ran into a wall. I am able to create a JWT token successfully and use it on the Authenticated App API ( to get a successful response. When I try to call the create a check run API (, I am getting a 401 response with the message "Bad Credentials". I am changing the accept header to the value listed on the create a check run page (have also tried with the accept header from authenticated app api). Looking for some help to figure out where I am going wrong. Should the JWT be modified to access check run endpoints or should the same JWT work?

Followed these directions on authenticating with apps:

Below is the Raw Request and Response from one of my attempts. As far as I can tell this should work according to the documentation. I've also made sure my app has the checks:write permission and is subscribed to the check_suite and check_run webhooks. I am getting data on my server from the check_suite webhook and know that is working.

RAW Request (Omitted some private data)

Authorization: Bearer OMITTED
Content-Type: application/json
Content-Length: 355
User-Agent: mdtapp001
Accept: application/vnd.github.antiope-preview+json

{"name":"MyFirstCheck","head_sha":"0054662f1565831624186f590d4dbad87e07bcd6","status":"queued","started_at":"2018-11-01T16:30:00Z","output":{"title":"MyFirstCheckTitle","summary":"Checking your codes","text":"This is text data.","images":[{"alt":"A link","image_url":"OMITTED","caption":"A captioned link"}]}}

Raw Response

HTTP/1.1 401 Unauthorized
Date: Fri, 02 Nov 2018 16:16:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 83
Status: 401 Unauthorized
X-GitHub-Media-Type: github.antiope-preview; format=json
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1541178552
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src 'none'
X-GitHub-Request-Id: E682:4A9A:5C35:732B:5BDC7838

{"message":"Bad credentials","documentation_url":""}

3 Replies
Copilot Lvl 3
Message 2 of 4

Re: Bad Credentials when creating a check run

You need to create an [installation token]( using the JWT. That is the token you use to do other API calls. Note that it has an expiration and needs refreshed occasionally.

Copilot Lvl 2
Message 3 of 4

Re: Bad Credentials when creating a check run

Thanks! Sorry about wasting your time. I realize that I should have made that connection, but I kept reading the API as authenticating as a GitHub App and just got that stuck in my head that it should work. 


I went back to read the check run API and it doesn't mention using installation tokens for auth. It makes a lot of sense that it should be using an installation token especially since I went through installing the app.


Check Run API:


Ground Controller Lvl 1
Message 4 of 4

Re: Bad Credentials when creating a check run

Meaning after create a installation token via{installation_id}/access_tokens using your previously generated JWT..... you're going to pass that generated token to the /check-runs create endpoint? as Bearer token?