The GitHub Enterprise Integration is part of Apiary Pro for GitHub Enterprise users.

Connecting Apiary to a GitHub Enterprise Organization

  1. Sign into your GitHub Enterprise account at http[s]://[hostname]/login.
  2. In the upper right corner of any page, click the account settings (gear) icon.
  3. In the left sidebar, click the name of your organization.
  4. In the left sidebar, click Applications.
  5. In the upper right corner of the Organization applications box, click Register new application.
  6. Fill in the application settings:
    • In the Application name field, type “Apiary”.
    • In the Homepage URL field, type the full URL “”.
    • In the Authorization callback URL field, type the full URL “”.
  7. Click Register application.
  8. At the top of the page, note the Client ID and Client Secret. You will need these for configuring your Apiary Team Settings.
  9. Go to Apiary.
  10. In the upper right corner click at portrait and switch to your organization.
  11. In top toolbar, click at Settings.
  12. Fill in settings:
    • In the URL name field, type your GHE “[URL]”
    • In the API URL name field, type your GHE “[API_URL]” (URL/api/v3 for standard GHE installation). If not set URL above will be used as API URL
    • In the Client Id, type your Client ID
    • In the Client Secret, type your Client Secret

GitHub Enterprise Settings in Apiary

GitHub SSO

Signing in by GitHub SSO is disabled when GitHub Enterprise Integration is enabled.

GitHub Enterprise behind a firewall

Running GHE behind firewall makes it impossible for Apiary to communicate with it. You can either create a firewall exception for Apiary application - we can give you a list of IPs to whitelist, contact Apiary support for the list. Or Apiary does support whitelisting and tunneling communication to your GHE instance by using @snyk/broker.

It allows Apiary to communicate with your GHE instance and at the same time it adds more options for filtering and controlling Apiary’s access to your GHE instance.

What is Broker doing?

@snyk/broker is a proxy with 2 parts - Broker Server and Client. The Server is run by Apiary on The Client is operated by you, on your infrastructure with access to the GHE. Secure connection is created between the Server and the Client and all requests are proxied through the Client.

The Client, run by you, is the only actor with GHE credentials and you also control the access rules with a JSON file.

Getting started

To use @snyk/broker you need to have the Client running behind the firewall in client mode with

  • accept.json for filtering rules
  • API_URL set to (BROKER_TOKEN as a unique identifier of your Client)

To enable this features, please contact Apiary support.

Was this page useful?
Thank you for the feedback!
What went wrong?