# GitHub Copilot Token

### Create GitHub Copilot access token

**Before you start:**

* Tokens are tied to the user who generated them and stop working if that user loses access. Prefer creating the token from a dedicated bot/service account when possible.\
  <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens>
* Org owners can enforce policies on fine-grained PATs, including maximum lifetime and admin approval. By default, orgs cap fine-grained PATs at ≤366 days; you can still set “no expiration” if your org policy allows it.\
  <https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization>

***

### Step-by-step: Create the token

1. **Open the fine-grained token page**\
   GitHub → Your profile (top-right) → Settings → Developer settings (last option on the side menu) →\
   Personal access tokens → Fine-grained tokens → Generate new token.\
   <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens>
2. **Name & description**

* Token name: <mark style="background-color:green;">Milestone’s Copilot Token (read-only)</mark>
* Description: <mark style="background-color:green;">Token to be used by Milestone integration to gather metadata and generate analytics.</mark>

3. **Expiration**

* Choose **1 year**.
* If your org allows longer, you may choose “**No expiration**”; if your org enforces a shorter maximum, coordinate with an org owner to adjust the **maximum lifetime** policy. ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens))

4. **Resource owner**

* Select your organization as Resource owner (the token will only access resources owned by that org).
* If your org doesn’t appear, it may have blocked fine-grained PATs — ask an org owner to allow them. ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens))

5. **Repository access**

* Choose public repositories for that org. ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens))

6. **Permissions**

* In **Permissions**, set the following to **Read**.\
  These map to GitHub’s fine-grained permission model for API and Git read access. ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28))

7. **Organization permissions (Read):**

* Members: Read (lets Milestone read the org’s members list when needed). ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28))
* GitHub Copilot Business: Read (lets Milestone query Copilot business seats and metrics).

8. **Generate**

* Click Generate token and store it on the machine where Milestone will be setting up their services.\
  If your org requires approvals, the token will show as pending and will only access public resources until approved by an org owner. ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28))<br>

***