Skip to main content

GitHub Copilot Token

Create GitHub Copilot access token

Before you start:

  • Tokens are tied to the user who generated them and stop working if that user loses access. Prefer creating the token from a dedicated bot/service account when possible. GitHub: Managing your personal access tokens
  • Org owners can enforce policies on fine-grained PATs, including maximum lifetime and admin approval. By default, orgs cap fine-grained PATs at ≤366 days; you can still set "no expiration" if your org policy allows it. GitHub: Setting a PAT policy for your organization

Step-by-step: Create the token

1. Open the fine-grained token page

GitHub → Your profile (top-right) → Settings → Developer settings (last option on the side menu) → Personal access tokens → Fine-grained tokens → Generate new token.

GitHub: Managing your personal access tokens

2. Name & description

  • Token name: Milestone's Copilot Token (read-only)
  • Description: Token to be used by Milestone integration to gather metadata and generate analytics.

3. Expiration

  • Choose 1 year.
  • If your org allows longer, you may choose No expiration; if your org enforces a shorter maximum, coordinate with an org owner to adjust the maximum lifetime policy. GitHub Docs

4. Resource owner

  • Select your organization as Resource owner (the token will only access resources owned by that org).
  • If your org doesn't appear, it may have blocked fine-grained PATs—ask an org owner to allow them. GitHub Docs

5. Repository access

6. Permissions

  • In Permissions, set the following to Read. These map to GitHub's fine-grained permission model for API and Git read access. GitHub Docs

7. Organization permissions (Read)

  • Members: Read (lets Milestone read the org's members list when needed). GitHub Docs
  • GitHub Copilot Business: Read (lets Milestone query Copilot business seats and metrics).

8. Generate

  • Click Generate token and store it on the machine where Milestone will be setting up their services. If your org requires approvals, the token will show as pending and will only access public resources until approved by an org owner. GitHub Docs