API requests made by a GitHub App on behalf of a user that has authorized the app are known as user-to-server requests.
The resources that can be accessed by these requests are constrained to the set of private resources that both the App and the authorizing user can access.
GitHub is now extending this access model, allowing user-to-server requests to also read public resources over the REST API. This includes, for example, the ability to list a public repository's issues and pull requests, and to access a public repository's comments and content.
Read more about authorizing GitHub Apps.