March 29, 2021: We’ve updated this Changelog entry to reflect current prefix format
In two weeks, we will change the format of newly minted GitHub authentication tokens as part of ongoing improvements to make your software more secure. The following token types are affected:
- Personal Access Tokens
- OAuth Access Tokens
- GitHub App User-to-Server Tokens
- GitHub App Server-to-Server Tokens
- Refresh Tokens
For each of these token types we are making the following changes:
- The character set is changing from
[a-f0-9]
to[A-Za-z0-9_]
- The format is changing to include a prefix:
ghp_
for Personal Access Tokensgho_
for OAuth Access tokensghu_
for GitHub App user-to-server tokensghs_
for GitHub App server-to-server tokensghr_
for GitHub App refresh tokens
The overall length of our tokens will remain the same for now. However, GitHub tokens will likely increase in length in future updates, so integrators should plan to support tokens up to 255 characters after June 1, 2021.