Authentication
Tokens are configured in the seed config and map to users. Pass them as Authorization: Bearer <token> or Authorization: token <token>.
Vercel
All endpoints accept teamId or slug query params for team scoping. Pagination uses cursor-based limit/since/until with pagination response objects.
curl -H "Authorization: Bearer <token>" \
http://localhost:4000/v2/userGitHub
Public repo endpoints work without auth. Private repos and write operations require a valid token. Pagination uses page/per_page with Link headers.
tokens:
gho_test_token_admin:
login: admin
scopes:
- repo
- user
- admin:org
- admin:repo_hook
gho_test_token_user1:
login: octocat
scopes:
- repo
- userUse the token in requests:
curl -H "Authorization: Bearer gho_test_token_admin" \
http://localhost:4001/userGitHub Apps (JWT)
For GitHub App authentication, sign a JWT with { iss: "<app_id>" } using the app's private key (RS256). The emulator verifies the signature and resolves the app.
Then create an installation access token:
curl -X POST \
-H "Authorization: Bearer <jwt>" \
http://localhost:4001/app/installations/100/access_tokensThe returned token can be used for API calls scoped to that installation's permissions.
Google OAuth
The Google emulator uses the standard OAuth 2.0 authorization code flow. Configure clients in the seed config and use them with your OAuth library of choice.