What is a GitHub App installation token and how does its lifecycle differ from a user PAT?

Question

Github — Hard

What is a GitHub App installation token and how does its lifecycle differ from a user PAT?

Accepted Answer

A GitHub App installation token's lifecycle differs significantly from a user PAT. It is short-lived, valid for 1 hour, and generated using a private key. This token is exchanged for an installation token with specific repository and permission scopes. Unlike user PATs, installation tokens are not long-lived.