Using Personal Access Tokens
A personal access token authenticates a client when doing an API request.
The two important features of access tokens are:
- Revokable access
- Controlling scope of access
Thus, with an access token, it's possible, for example, to inquire about private repositores (if the token is granted accessing private repositories.)
When authenticated with an access token, the request limit raises to 5000/hour.
With curl the request is made like so:
$accessToken=01234567890abcdef01234567890abcdef012345
curl -u x:$accessToken https://api.github.com/repos/ReneNyffenegger/about-PowerShell
With
PowerShell, its possible to use an access token like so
$secString=convertTo-secureString $accessToken -asPlainText -force
invoke-webrequest https://api.github.com/repos/ReneNyffenegger/private-repo -authentication bearer -token $secString
2020-03-10: Apparently, the -authentication
option of invoke-webRequest
is only avaible with PowerShell 6 and later. In earlier versions, the -header
option can be used;
$accessToken=01234567890abcdef01234567890abcdef012345
invoke-webrequest https://api.github.com/repos/ReneNyffenegger/private-repo -headers @{Authorization = "Bearer $accessToken"}
While access tokens can be configured to allow or deny certain actions, these actions are allowed on all repository, it's not possible to limit them to specific repositories.