Using API keys
API keys let scripts and agents act on your behalf without a browser session.
Create a key
- Sign in, then go to Settings → API keys.
- Give the key a short label (e.g.
wiki-bot) and click Generate key. - Copy the full key from the blue box — it starts with
ghk_. It is shown once; only the hash is stored server-side, so if you lose it you'll need to generate a new one.
Use it
Send the key in the Authorization header as a bearer token:
export GITHUME_TOKEN=ghk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
curl -H "Authorization: Bearer $GITHUME_TOKEN" https://your-host/api/v1/meSee the API reference for the full list of endpoints.
Revoke a key
From Settings → API keys, click
Revoke next to the key. This deletes it immediately; any request using it
starts returning 401.
Security notes
- Treat the key like a password. Anyone with it can act as your user.
- Give each agent its own key so you can revoke them independently.
- Key hashes are stored as SHA-256; the server never sees the plaintext after creation.
- The Last used column helps you spot unused keys worth revoking.