As previously announced, no longer accepts account passwords when authenticating with the REST API and now requires the use of token-based authentication (e.g., a personal access, OAuth, or GitHub App installation token) for all authenticated API operations on

For developers, if you were previously using a password to authenticate against the GitHub API, you must begin using a personal access token instead. If you receive a warning that you are using an outdated third-party integration, you should update your client to the latest version. This includes Visual Studio, Git for Windows and GitHub for Visual Studio.

For integrators, you must authenticate integrations using the web or device authorization flows. Existing personal access tokens generated with a username and password via the legacy authorizations API will continue to work. For more information, see “Authorizing OAuth Apps” and the announcement on the developer blog.