API Keys

GitHubPersonalAccessToken

Create a GitHub personal access token for authenticated API access. Required for workflows that poll repositories, check releases, or interact with GitHub beyond the 60 requests/hour anonymous limit.

GitHub's API has a hard rate limit: 60 requests per hour without authentication, 5,000 with a token. Any workflow that polls GitHub on a schedule will burn through the anonymous limit fast -- a 12-repo watcher checking every 30 minutes uses 576 requests/day.

This guide takes about 2 minutes.

Create a Fine-Grained Token

Fine-grained tokens are GitHub's newer, scoped token type. They replaced classic tokens for most use cases.

  1. Go to github.com/settings/tokens?type=beta
  2. Click Generate new token
  3. Fill in the fields:
    • Token name: Something descriptive -- "n8n Release Watcher" or "Homelab Automation"
    • Expiration: 90 days is the default. Set it longer if you don't want to rotate frequently. No expiration is available but not recommended.
    • Repository access: Select Public Repositories (read-only). If your workflow only monitors public repos (release watchers, star trackers), this is all you need. No access to your private repos.
  4. Under Permissions, expand Repository permissions and set:
    • Contents: Read-only (needed for release assets and tags)
    • Metadata: Read-only (automatically granted, can't be removed)
  5. Click Generate token
  6. Copy the token immediately -- it starts with github_pat_ and won't be shown again

Classic Token Alternative

If you prefer classic tokens (simpler, broader scope):

  1. Go to github.com/settings/tokens
  2. Click Generate new token (classic)
  3. Select the public_repo scope (read access to public repositories)
  4. Generate and copy the token -- it starts with ghp_

Classic tokens grant access to all public repos at once. Fine-grained tokens let you restrict to specific repos if needed.

Add to n8n

In n8n, create a GitHub API credential:

  1. Go to Credentials > Add Credential > search GitHub API
  2. Paste your token into the Access Token field
  3. Click Test to verify it connects
  4. Save the credential

Alternatively, for workflows using HTTP Request nodes directly against the GitHub API, pass the token as a header:

Authorization: Bearer github_pat_xxxxxxxxxxxx

Or set it as an environment variable and reference it in your workflow:

GITHUB_TOKEN=github_pat_xxxxxxxxxxxx

Rate Limit Check

Verify your token is working and check remaining quota:

curl -s -H "Authorization: Bearer YOUR_TOKEN" https://api.github.com/rate_limit | jq .rate

Expected output:

{
  "limit": 5000,
  "remaining": 4999,
  "reset": 1740000000
}

If limit shows 60, the token isn't being sent correctly.

Configuration Notes

  • Fine-grained tokens scoped to Public Repositories cannot access your private repos, even accidentally. Safest option for automation workflows.
  • Token expiration sends an email reminder 7 days before. Set a calendar reminder too -- an expired token silently drops your workflow to 60 req/hr and you won't notice until rate limit errors start.
  • GitHub counts each API call individually. A workflow checking 12 repos every 30 minutes uses ~576 calls/day -- well within the 5,000/hr authenticated limit but impossible on the 60/hr anonymous limit.
  • For organization-owned repos, a fine-grained token needs org admin approval if the org has restricted token access. Public repos don't require this.

Resources

Used In

← Back to Guides