nerdexam
ExamsAZ-400Questions#578
MicrosoftMicrosoft

AZ-400 · Question #578

AZ-400 Question #578: Real Exam Question with Answer & Explanation

To perform authenticated API requests using a GitHub App, you must first register the app and store its app ID as a secret, then generate a private key (stored as a secret) which is used to sign JWTs. Next, you install the app in your organization to grant it permissions, and fin

Submitted by yousef_jo· Mar 6, 2026Manage GitHub Actions secrets, authentication mechanisms, and integrate GitHub Apps for automated authenticated API access within workflows

Question

Drag and Drop Question You have a GitHub organization. You are creating a GitHub Actions workflow. You need to perform authenticated API requests by using a GitHub app name App1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

Explanation

To perform authenticated API requests using a GitHub App, you must first register the app and store its app ID as a secret, then generate a private key (stored as a secret) which is used to sign JWTs. Next, you install the app in your organization to grant it permissions, and finally you use the private key to generate an installation access token (which requires a JWT internally but the actionable step is obtaining the scoped token) that is used for authenticated API calls. This sequence follows GitHub's official authentication flow: register → key → install → token.

Topics

#GitHub Apps Authentication#GitHub Actions#Installation Access Tokens#API Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-400 PracticeBrowse All AZ-400 Questions