GitHub Enterprise Cloud (data residency) – Connection Guide

Service ID: github-enterprise-cloud

GitHub Enterprise Cloud with data residency runs an organization's GitHub in the cloud on a dedicated *.ghe.com subdomain, where every host — including OAuth and the REST API — is served from the tenant's subdomain instead of github.com.

How to Connect to GitHub Enterprise Cloud (Data Residency)

This guide will help you connect your GitHub Enterprise Cloud data-residency tenant (*.ghe.com) to Apideck's Unified API. Through this integration, you can programmatically access your repositories, issues, comments, labels, and assignees.

Prerequisites

Before you begin, make sure you have:

  • Access to your GitHub Enterprise Cloud data-residency tenant (e.g. https://octocorp.ghe.com)
  • Owner permissions on the organization you want to connect
  • The ability to register an OAuth app on your tenant

Configuration Settings

To connect your GitHub Enterprise Cloud tenant to Apideck, you'll need to provide four pieces of information:

  1. Tenant Subdomain — the subdomain of your GitHub Enterprise Cloud tenant (e.g. octocorp for octocorp.ghe.com)
  2. Client ID — the OAuth app's Client ID
  3. Client Secret — the OAuth app's Client Secret
  4. Organization — selected from a dropdown after authorizing

Step 1: Register an OAuth App on Your Tenant

Unlike GitHub.com, GitHub Enterprise Cloud data-residency tenants require you to register your own OAuth app directly on your tenant.

  1. Log in to your GitHub Enterprise Cloud tenant at https://SUBDOMAIN.ghe.com (e.g. https://octocorp.ghe.com)
  2. Click your profile picture in the top-right corner and select Settings
  3. In the left sidebar, scroll to Developer settings
  4. Click OAuth Apps, then click New OAuth App
  5. Fill in the application details:
    • Application name — a meaningful name (e.g. "Apideck Integration")
    • Homepage URL — your company's website or product URL
    • Authorization callback URL — set this to https://unify.apideck.com/vault/callback
  6. Click Register application

Step 2: Copy the Client ID and Client Secret

  1. Once the OAuth app is created, GitHub displays the Client ID on the app's settings page. Copy it.
  2. Click Generate a new client secret
  3. Copy the Client Secret immediately — GitHub only displays it once. Store it securely.

Step 3: Find Your Tenant Subdomain

The Tenant Subdomain is the SUBDOMAIN portion of your tenant's *.ghe.com address.

  • If you access your tenant at https://octocorp.ghe.com, your Tenant Subdomain is octocorp.
  • Apideck uses this subdomain to build both the authorization URL and the API host: the REST API for this tenant is served from api.octocorp.ghe.com.

Enter only the subdomain (e.g. octocorp) — not the full URL.

Step 4: Configure in Apideck Vault

  1. Navigate to the Apideck Vault and find the GitHub Enterprise Cloud connector
  2. Enter the following settings:
    • Tenant Subdomain — the subdomain you found in Step 3 (e.g. octocorp)
    • Client ID — the Client ID you copied in Step 2
    • Client Secret — the Client Secret you copied in Step 2
  3. Click Save settings, then authorize the connection — you'll be redirected to your tenant to sign in and grant access

Step 5: Select Your Organization

  1. After authorizing, return to Apideck Vault
  2. Select your Organization from the dropdown — this list is populated from the organizations you belong to on the tenant

Important notes:

  • You must be an owner of the organization you select
  • Only one organization is supported per connection

Troubleshooting

Error: Authentication Failed

  • Verify that the Client ID and Client Secret are correct and belong to an OAuth app registered on the correct tenant
  • Ensure the Authorization callback URL on the OAuth app is set to https://unify.apideck.com/vault/callback
  • Check that the OAuth app hasn't been deleted or suspended

Error: Organization Not Found

  • Verify you are an owner of the organization you selected
  • Ensure your account is a member of at least one organization on the tenant
  • If your organization enforces OAuth App access restrictions, an owner must approve this app before it can access the organization — even after you authorize it, the org will otherwise not appear. As an org owner, go to your organization's Settings → Third-party Access → OAuth App Policy and grant access to the Apideck app.

Error: Connection Timeout

  • Verify that the Tenant Subdomain is correct and the tenant is reachable
  • Check that api.SUBDOMAIN.ghe.com resolves and is accessible from the network where Apideck is running