Using Summon for GitHub API access

GitHub recently deprecated password-based authentication for its APIs. Instead, they recommend creating a personal access token and using it as an authentication token for API requests.

I have a new project where I’m querying GitHub for repo data, so I need to use the API. I created a personal access token and stored it in my OSX keychain using the command:

security add-generic-password \
  -s "summon" \
  -a "github/api_token" \
  -w "[ACCESS TOKEN]"

Now, whenever I need to send a request, I can use Summon to inject the token into the request header as follows:

 summon -p keyring.py \
  --yaml 'TOKEN: !var github/api_token' \
  bash -c '
    curl -H "Authorization: token $TOKEN" https://api.github.com
  '

This is great, because I have a safe place to keep my token and I don’t have to copy/paste it to inject it into my GitHub API request.

For now I’m just copy/pasting this snippet and changing the request URL as needed, but if I need to do this often enough I may define a github_api method in my .bashrc that takes in an API route and runs the command above. That might look something like:

function github_api() {
  local route=$1
  summon -p keyring.py \
    --yaml 'TOKEN: !var github/api_token' \
    bash -c '
      curl -H "Authorization: token $TOKEN" https://api.github.com/'$route
}

I hope you find this useful too!

3 Likes

I’ve been using:

curl -u $GITHUB_USER:$GITHUB_AUTH_TOKEN "https://api.github.com"

with my username and personal access token as environment variables. Does TOKEN: !var GitHub/api_token basically do the same thing, or is it more secure?

That’s a good question - I’m not sure exactly how they implement their basic auth to identify the password is actually an OAUTH token, but on their authentication page they do say

Note: GitHub recommends sending OAuth tokens using the Authorization header.

They do not, however, explain why :slight_smile:

1 Like

I’m assuming they know what they’re doing lol. I’ll give this way a shot!

1 Like