POST /organization/token/{profile}
The POST /organization/token/{profile} endpoint returns GitHub
installation tokens in JSON format, using token permissions granted by a
specified organization profile.
See also
Section titled “See also”- Buildkite integration guide for details on how this endpoint is used in practice.
- Profile system for details on how profiles are configured and managed.
Purpose
Section titled “Purpose”This endpoint provides explicit control over which organization profile is used when vending GitHub tokens. Profiles allow configuring different sets of repositories and permissions for different use cases.
Request format
Section titled “Request format”Headers
Section titled “Headers”| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token containing JWT |
Content-Type | Yes | application/json |
Parameters
Section titled “Parameters”Profile parameter
Section titled “Profile parameter”The {profile} path parameter specifies which organization profile to use, in the format:
org:{profile-name}Example: POST /organization/token/org:deploy
Request body
Section titled “Request body”The request body is expected to be empty.
Response format
Section titled “Response format”Success response (200 OK)
Section titled “Success response (200 OK)”{ "token": "ghs_...", "expiresAt": "2025-01-15T10:30:00Z"}Empty response (200 OK)
Section titled “Empty response (200 OK)”When the requested repository is not in the profile’s repository list, the endpoint returns a successful empty response. This allows credential helpers to fall through to other authentication methods.
Error responses
Section titled “Error responses”| Status code | Condition | Response |
|---|---|---|
| 400 Bad Request | Invalid profile format | JSON error |
| 401 Unauthorized | Missing or invalid JWT | JSON error |
| 403 Forbidden | Insufficient JWT claims | JSON error |
| 404 Not Found | Profile does not exist | JSON error |
| 500 Server Error | Token vending or GitHub error | JSON error |