jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-25 11:03:37 -05:00
Code Issues Projects Releases Wiki Activity
Files
c00a494565d8d54f6c49e4487f28c504cd9910bc
docs/content/actions/tutorials/authenticate-with-github_token.md
Hirsch Singhal 5d8710e8c9 Deeplinking for FG PAT creation details (#57039) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com>
2025-08-22 23:13:18 +00:00

85 lines
5.4 KiB
Markdown
Raw Blame History

---
title: Use GITHUB_TOKEN for authentication in workflows
intro: 'Learn how to use the `GITHUB_TOKEN` to authenticate on behalf of {% data variables.product.prodname_actions %}.'
redirect_from:
- /github/automating-your-workflow-with-github-actions/authenticating-with-the-github_token
- /actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token
- /actions/configuring-and-managing-workflows/authenticating-with-the-github_token
- /actions/reference/authentication-in-a-workflow
- /actions/security-guides/automatic-token-authentication
- /actions/security-for-github-actions/security-guides/automatic-token-authentication
- /actions/how-tos/security-for-github-actions/security-guides/automatic-token-authentication
- /actions/how-tos/security-for-github-actions/security-guides/use-github_token-in-workflows
- /actions/using-jobs/assigning-permissions-to-jobs
- /actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs
- /actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github-token
- /actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
- /actions/how-tos/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
- /actions/tutorials/use-github_token-in-workflows
versions:
fpt: '*'
ghes: '*'
ghec: '*'
shortTitle: Authenticate with GITHUB_TOKEN
---
This tutorial leads you through how to use the `GITHUB_TOKEN` for authentication in {% data variables.product.prodname_actions %} workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation.
For reference information, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#permissions).
## Using the `GITHUB_TOKEN` in a workflow
You can use the `GITHUB_TOKEN` by using the standard syntax for referencing secrets: {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% data variables.product.github %} API request.
> [!IMPORTANT]
> An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#permissions).
### Example 1: passing the `GITHUB_TOKEN` as an input
{% data reusables.actions.github_token-input-example %}
### Example 2: calling the REST API
You can use the `GITHUB_TOKEN` to make authenticated API calls. This example workflow creates an issue using the {% data variables.product.prodname_dotcom %} REST API:
```yaml
name: Create issue on commit
on: [ push ]
jobs:
create_issue:
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Create issue using REST API
run: |
curl --request POST \
--url {% data variables.product.rest_url %}/repos/${% raw %}{{ github.repository }}{% endraw %}/issues \
--header 'authorization: Bearer ${% raw %}{{ secrets.GITHUB_TOKEN }}{% endraw %}' \
--header 'content-type: application/json' \
--data '{
"title": "Automated issue for commit: ${% raw %}{{ github.sha }}{% endraw %}",
"body": "This issue was automatically created by the GitHub Action workflow **${% raw %}{{ github.workflow }}{% endraw %}**. \n\n The commit hash was: _${% raw %}{{ github.sha }}{% endraw %}_."
}' \
--fail
```
## Modifying the permissions for the `GITHUB_TOKEN`
Use the `permissions` key in your workflow file to modify permissions for the `GITHUB_TOKEN` for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the `GITHUB_TOKEN` the least required access.
To see the list of permissions available for use and their parameterized names, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#account-permissions).
The two workflow examples earlier in this article show the `permissions` key being used at the job level.
## Granting additional permissions
If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, create a {% data variables.product.prodname_github_app %} and generate an installation access token within your workflow. For more information, see [AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow). Alternatively, you can create a {% data variables.product.pat_generic %}, store it as a secret in your repository, and use the token in your workflow with the {% raw %}`${{ secrets.SECRET_NAME }}`{% endraw %} syntax. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) and [AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions).
## Next steps
* [AUTOTITLE](/actions/concepts/security/github_token)
* [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#permissions)
Reference in New Issue View Git Blame Copy Permalink