Skip to content

Authentication token format updates

March 29, 2021: We’ve updated this Changelog entry to reflect current prefix format

In two weeks, we will change the format of newly minted GitHub authentication tokens as part of ongoing improvements to make your software more secure. The following token types are affected:

For each of these token types we are making the following changes:

  • The character set is changing from [a-f0-9] to [A-Za-z0-9_]
  • The format is changing to include a prefix:
    • ghp_ for Personal Access Tokens
    • gho_ for OAuth Access tokens
    • ghu_ for GitHub App user-to-server tokens
    • ghs_ for GitHub App server-to-server tokens
    • ghr_ for GitHub App refresh tokens

The overall length of our tokens will remain the same for now. However, GitHub tokens will likely increase in length in future updates, so integrators should plan to support tokens up to 255 characters after June 1, 2021.

You can now attach files, including images, to markdown files while you're editing them in the web. This works just like file attachments in issues and pull requests and supports the same file types. Just drag and drag, click and select, or paste.

Drop to upload a gif

Note: If you add an image to a markdown file, anyone can view the anonymized image URL without authentication, even if the markdown file is in a private repository. To keep images private, serve them from a private network or server that requires authentication. For more information on anonymized URLs see "About anonymized image URLs".

See more