Github App access token unable to open PR

Question

We have created a GitHub App, one of its functions is to (on behalf of a GitHub user) fork an (upstream) respository on their behalf, create a branch, make some commits to the branch, and then send a PR from their fork back to the upstream repository.

For our App we have followed the "Authenticate as an app installation" method (see: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) as we want to "attribute app activity to the app".

Unfortunately when our App tries to open the PR against the upstream repository we are getting the following error response from the GitHub API: "resource not accessible by integration".

It seems that other apps such as Depenadabot (see: https://github.com/apps/dependabot) are capable of doing this, for example where it opened this PR: evolvedbinary/exist#27, you can see that the description of the PR has the following text: 'dependabot bot commented on behalf of github on Aug 31, 2023'.

Below is a code snippet where we are using JavaScript and the GitHub provided Octokit library (see: https://github.com/octokit) to try and achieve this.

What are we doing wrong?

    // get the access token for the installation
    const installationId = 0; // Your installation ID

    // Authenticate as the GitHub App using the JWT
    const jwttoken = ``

    const octokitApp = new Octokit({
      auth: jwttoken,
    });

    const response = await octokitApp.request('POST /app/installations/{installation_id}/access_tokens', {
      installation_id: installationId, // Your installation ID
    });

    const accessToken = response.data.token;

    const octokit = new Octokit({
      auth: accessToken
    });

    const response = await octokit.pulls.create({
      owner: 'evolvedbinary',
      repo: 'prosemirror-lwdita',
      title: 'Update README.md',
      body: `This pull request was created by **Petal-demo bot**`,
      head: 'marmoure:patch-1',
      base: 'main',
    });

Answer 1

Looks like your token is missing permissions.

Troubleshooting the REST API - Resource not accessible:

If you are using a GitHub App or fine-grained personal access token and you receive a "Resource not accessible by integration" or "Resource not accessible by personal access token" error, then your token has insufficient permissions. For more information about the required permissions, see the documentation for the endpoint.

You can use the X-Accepted-GitHub-Permissions header to identify the permissions that are required to access the REST API endpoint.

The value of the X-Accepted-GitHub-Permissions header is a comma separated list of the permissions that are required to use the endpoint. Occasionally, you can choose from multiple permission sets. In these cases, multiple comma-separated lists will be separated by a semicolon.

Here is a list of all endpoints with their requred permissions: Permissions required for GitHub Apps

There is an important note:

Some endpoints require more than one permission. Other endpoints work with any one permission from a set of permissions. In these cases, the "Additional permissions" column will include a checkmark. For full details about the permissions that are required to use the endpoint, see the documentation for that endpoint.