GitHub Enterprise Cloud (data residency) – Connection Guide
GitHub Enterprise Cloud with data residency runs an organization's GitHub in the cloud on a dedicated *.ghe.com subdomain, where every host — including OAuth and the REST API — is served from the tenant's subdomain instead of github.com.
How to Connect to GitHub Enterprise Cloud (Data Residency)
This guide will help you connect your GitHub Enterprise Cloud data-residency tenant (*.ghe.com) to Apideck's Unified API. Through this integration, you can programmatically access your repositories, issues, comments, labels, and assignees.
Prerequisites
Before you begin, make sure you have:
- Access to your GitHub Enterprise Cloud data-residency tenant (e.g.
https://octocorp.ghe.com) - Owner permissions on the organization you want to connect
- The ability to register an OAuth app on your tenant
Configuration Settings
To connect your GitHub Enterprise Cloud tenant to Apideck, you'll need to provide four pieces of information:
- Tenant Subdomain — the subdomain of your GitHub Enterprise Cloud tenant (e.g.
octocorpforoctocorp.ghe.com) - Client ID — the OAuth app's Client ID
- Client Secret — the OAuth app's Client Secret
- Organization — selected from a dropdown after authorizing
Step 1: Register an OAuth App on Your Tenant
Unlike GitHub.com, GitHub Enterprise Cloud data-residency tenants require you to register your own OAuth app directly on your tenant.
- Log in to your GitHub Enterprise Cloud tenant at
https://SUBDOMAIN.ghe.com(e.g.https://octocorp.ghe.com) - Click your profile picture in the top-right corner and select Settings
- In the left sidebar, scroll to Developer settings
- Click OAuth Apps, then click New OAuth App
- Fill in the application details:
- Application name — a meaningful name (e.g. "Apideck Integration")
- Homepage URL — your company's website or product URL
- Authorization callback URL — set this to
https://unify.apideck.com/vault/callback
- Click Register application
Step 2: Copy the Client ID and Client Secret
- Once the OAuth app is created, GitHub displays the Client ID on the app's settings page. Copy it.
- Click Generate a new client secret
- Copy the Client Secret immediately — GitHub only displays it once. Store it securely.
Step 3: Find Your Tenant Subdomain
The Tenant Subdomain is the SUBDOMAIN portion of your tenant's *.ghe.com address.
- If you access your tenant at
https://octocorp.ghe.com, your Tenant Subdomain isoctocorp. - Apideck uses this subdomain to build both the authorization URL and the API host: the REST API for this tenant is served from
api.octocorp.ghe.com.
Enter only the subdomain (e.g.
octocorp) — not the full URL.
Step 4: Configure in Apideck Vault
- Navigate to the Apideck Vault and find the GitHub Enterprise Cloud connector
- Enter the following settings:
- Tenant Subdomain — the subdomain you found in Step 3 (e.g.
octocorp) - Client ID — the Client ID you copied in Step 2
- Client Secret — the Client Secret you copied in Step 2
- Tenant Subdomain — the subdomain you found in Step 3 (e.g.
- Click Save settings, then authorize the connection — you'll be redirected to your tenant to sign in and grant access
Step 5: Select Your Organization
- After authorizing, return to Apideck Vault
- Select your Organization from the dropdown — this list is populated from the organizations you belong to on the tenant
Important notes:
- You must be an owner of the organization you select
- Only one organization is supported per connection
Troubleshooting
Error: Authentication Failed
- Verify that the Client ID and Client Secret are correct and belong to an OAuth app registered on the correct tenant
- Ensure the Authorization callback URL on the OAuth app is set to
https://unify.apideck.com/vault/callback - Check that the OAuth app hasn't been deleted or suspended
Error: Organization Not Found
- Verify you are an owner of the organization you selected
- Ensure your account is a member of at least one organization on the tenant
- If your organization enforces OAuth App access restrictions, an owner must approve this app before it can access the organization — even after you authorize it, the org will otherwise not appear. As an org owner, go to your organization's Settings → Third-party Access → OAuth App Policy and grant access to the Apideck app.
Error: Connection Timeout
- Verify that the Tenant Subdomain is correct and the tenant is reachable
- Check that
api.SUBDOMAIN.ghe.comresolves and is accessible from the network where Apideck is running