API Generally Available
The GitHub Apps API for managing installations has now graduated from an API preview to a generally available API. The preview header is no longer required to access these endpoints.
IP Allow lists for Apps
Integrators can set an IP allow list for a GitHub App by adding individual IP addresses or address ranges for the hosted service. If an enterprise account or organization has enabled IP allow lists and chosen to allow installed GitHub Apps to configure allowed IPs, then the IP addresses provided for a GitHub App will be inherited by the customers allow lists.
Multiple Callback URLs
When configuring a GitHub App, the authorization callback URL is a required field. But now we allow the developer to specify multiple callback URLs. This can be used in services with multiple domains or subdomains. GitHub will always deny authorization if the callback URL from the request is not in the authorization callback URL list.
File Access without repository contents
Finally, GitHub Apps can request a permission that allows the app to access a single file in a repository. App developers are encouraged to use this permission rather than requesting access to all files in the repo. Based on feedback from developers, the permission has been updated to allow an app developer to specify up to 10 files for read-only or read-write access that their app can request access to.