Sometimes, you need a quick token to access the GitHub API. HTTPS Basic Auth is a quick and easy solution, but it's not always the most secure. For those cases, you can use Personal Access Tokens instead. These work the same as OAuth tokens generated through the API, and can be created through the web UI.
GitHub makes it very easy to generate a new OAuth token for quick API usage. You'd use this token in scenarios where a full-fledged app with a client/secret pair is too large for your needs, such as a command-line utility or script.
Every token generated from the UI can have any kind of scope that you grant.
For more technical information on the process of using authorization tokens, see "Create a new authorization" in the GitHub API.
We recommend that you regularly review your authorized applications list and remove any applications that haven't been used in a while.
- Go to your Applications
- Click Generate new token
- Give your token a descriptive name
- Select which scopes you wish to grant to this token.
- Click Generate token
- Copy the token and use it like a password for the API or for git over HTTPS.
Remember to keep your tokens secret; treat them just like passwords! Don't hardcode them into your programs, instead opting for environment variables.
When you're done using your token, feel free to click Delete to get rid of it permanently.