Connecting Apiary to a GitHub Enterprise Organization
- Sign into your GitHub Enterprise account at http[s]://[hostname]/login.
- In the upper right corner of any page, click the account settings (gear) icon.
- In the left sidebar, click the name of your organization.
- In the left sidebar, click Applications.
- In the upper right corner of the Organization applications box, click Register new application.
- Fill in the application settings:
- In the Application name field, type “Apiary”.
- In the Homepage URL field, type the full URL “https://apiary.io”.
- In the Authorization callback URL field, type the full URL “https://login.apiary.io/github”.
- Click Register application.
- At the top of the page, note the Client ID and Client Secret. You will need these for configuring your Apiary Team Settings.
- Go to Apiary.
- In the upper right corner click at portrait and switch to your organization.
- In top toolbar, click at Settings.
- Fill in settings:
- In the URL name field, type your GHE “[URL]”
- In the API URL name field, type your GHE “[API_URL]” (
URL/api/v3for standard GHE installation). If not set
URLabove will be used as
- In the Client Id, type your Client ID
- In the Client Secret, type your Client Secret
Signing in by GitHub SSO is disabled when GitHub Enterprise Integration is enabled.
GitHub Enterprise behind a firewall
Running GHE behind firewall makes it impossible for Apiary to communicate with it. You can either create a firewall exception for Apiary application - we can give you a list of IPs to whitelist, contact Apiary support for the list. Or Apiary does support whitelisting and tunneling communication to your GHE instance by using @snyk/broker.
It allows Apiary to communicate with your GHE instance and at the same time it adds more options for filtering and controlling Apiary’s access to your GHE instance.
What is Broker doing?
@snyk/broker is a proxy with 2 parts - Broker Server and Client. The Server is run by Apiary on broker-server.apiary-services.com. The Client is operated by you, on your infrastructure with access to the GHE. Secure connection is created between the Server and the Client and all requests are proxied through the Client.
The Client, run by you, is the only actor with GHE credentials and you also control the access rules with a JSON file.
- accept.json for filtering rules
BROKER_TOKENas a unique identifier of your Client)
To enable this features, please contact Apiary support.