How to inspect a GitHub token
Sometimes, you stumble upon a GitHub token that you don’t know where it’s coming from or to whom it belongs. Here’s how to discover the owner: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 export GITHUB_TOKEN="<your GitHub token goes here>" $ curl -H "Authorization: bearer ${GITHUB_TOKEN}" https://api.github.com/user { "login": "zmoog", "id": 25941, "avatar_url": "https://avatars.githubusercontent.com/u/25941?v=4", "gravatar_id": "", "url": "https://api.github.com/users/zmoog", "html_url": "https://github.com/zmoog", "followers_url": "https://api.github.com/users/zmoog/followers", "following_url": "https://api.github.com/users/zmoog/following{/other_user}", "gists_url": "https://api.github.com/users/zmoog/gists{/gist_id}", "starred_url": "https://api.github.com/users/zmoog/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/zmoog/subscriptions", "organizations_url": "https://api.github.com/users/zmoog/orgs", "repos_url": "https://api.github.com/users/zmoog/repos", "events_url": "https://api.github.com/users/zmoog/events{/privacy}", "received_events_url": "https://api.github.com/users/zmoog/received_events", "type": "User", "user_view_type": "public", "site_admin": false, "name": "Maurizio Branca", "company": "Elastic", "blog": "https://zmoog.dev", "location": "Verolengo, Turin, Italy", "hireable": null, "bio": "I'm a software engineer from Italy. Passionate about programming, video games, bots, and note-taking.", "twitter_username": null, "notification_email": "maurizio.branca@gmail.com", "public_repos": 102, "public_gists": 9, "followers": 36, "following": 35, "created_at": "2008-09-23T17:16:36Z", "updated_at": "2025-02-13T11:31:19Z" }