> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corsair.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Credentials

> Step-by-step instructions for obtaining GitHub Personal Access Tokens, OAuth credentials, and webhook secrets.

This guide walks you through obtaining all required credentials for the GitHub plugin.

## Authentication Methods

The GitHub plugin supports both API key (Personal Access Token) and OAuth 2.0 authentication methods.

* **[`api_key`](/concepts/api-key)** - Personal Access Token authentication
* **[`oauth_2`](/concepts/oauth)** - OAuth App authentication

## API Key Authentication (Personal Access Token)

### Step 1: Create Personal Access Token

1. Go to [GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)](https://github.com/settings/tokens)
2. Click **Generate new token** → **Generate new token (classic)**
3. Give your token a descriptive name
4. Set an expiration (or select "No expiration" for long-lived tokens)
5. Select the required scopes:
   * `repo` - Full control of private repositories
   * `read:org` - Read org and team membership
   * `read:user` - Read user profile data
   * `workflow` - Update GitHub Action workflows
   * Add any other scopes your application needs
6. Click **Generate token**
7. **Important**: Copy the token immediately - you won't be able to see it again
8. Store the token securely

**Storing Credentials:**

Store the token with the Corsair CLI:

```bash theme={null}
pnpm corsair setup --plugin=github api_key=your-personal-access-token
```

Verify it was saved:

```bash theme={null}
pnpm corsair auth --plugin=github --credentials
```

## OAuth 2.0 Authentication

### Step 1: Register OAuth App

1. Go to [GitHub Settings → Developer settings → OAuth Apps](https://github.com/settings/developers)
2. Click **New OAuth App**
3. Fill in the application details:
   * **Application name**: Your app name
   * **Homepage URL**: Your application URL
   * **Authorization callback URL**: Your OAuth callback URL (e.g., `https://yourapp.com/auth/github/callback`)
4. Click **Register application**

### Step 2: Get Client Credentials

1. After registration, you'll see your **Client ID**
2. Click **Generate a new client secret**
3. Copy the **Client ID** and **Client Secret**
4. Store these securely

**Storing Credentials:**

Store your OAuth app credentials, then start the flow:

```bash theme={null}
pnpm corsair setup --plugin=github client_id=your-client-id client_secret=your-client-secret
pnpm corsair auth --plugin=github
```

The CLI prints an authorization URL — open it in a browser. Once you approve, tokens are saved automatically.

To verify credentials were stored:

```bash theme={null}
pnpm corsair auth --plugin=github --credentials
```

## Webhook Secret

### Step 1: Create Webhook

1. Go to your repository on GitHub
2. Navigate to **Settings** → **Webhooks**
3. Click **Add webhook**
4. Configure the webhook:
   * **Payload URL**: Your webhook endpoint (e.g., `https://yourapp.com/api/webhook`)
   * **Content type**: `application/json`
   * **Secret**: Generate a random secret string (save this)
   * **Events**: Select the events you want to receive:
     * Pull requests
     * Pushes
     * Issues
     * Stars
     * Releases
5. Click **Add webhook**

### Step 2: Store Webhook Secret

Copy the secret you generated and store it using the CLI:

```bash theme={null}
pnpm corsair setup --plugin=github webhook_signature=your-webhook-secret
```

## Required Credentials Summary

| Credential            | Required For | Where to Find                                          |
| --------------------- | ------------ | ------------------------------------------------------ |
| Personal Access Token | API Key auth | Settings → Developer settings → Personal access tokens |
| Client ID             | OAuth 2.0    | Settings → Developer settings → OAuth Apps             |
| Client Secret         | OAuth 2.0    | Settings → Developer settings → OAuth Apps             |
| Webhook Secret        | Webhooks     | Repository Settings → Webhooks → Secret                |

For general information about how Corsair handles authentication, see [Authentication](/concepts/auth).
