I'm trying to get information about a private GitHub App (app-1), while authenticated as another GitHub App (app-2). They are both private apps within my organization.
This is the endpoint I'm using. It says "Works with GitHub Apps", so I'm assuming it should work?
I've generated an access token for app-2 using a private key and the app id, as described here.
Then I generated an App Installation Token using curl:
curl --request POST \
--url "https://api.github.com/app/installations/INSTALLATION_ID/access_tokens" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer JWT" \
--header "X-GitHub-Api-Version: 2022-11-28"
Then I'm using the resulting token from that call to make another call:
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/apps/app-1
I'm getting a 403 Forbidden response with the following body:
{
"message": "Resource not accessible by integration",
"documentation_url": "https://docs.github.com/rest/apps/apps#get-an-app"
}
Isn't this supposed to work? If I change the slug name to the authenticated app (app-2) then the request succeeds.