S
S
Sergey Mukhin2020-03-05 13:20:08
GitHub
Sergey Mukhin, 2020-03-05 13:20:08

What is included in a GitHub token if you do not specify more than one scope of rights?

Hello! I want to practice and use the GitHub API v4 to get my own version of the Contribution Calendar by publishing it on a public site.

I was able to get the necessary data for the activity calendar from the API in API v4, but it requires a token. As I understand it, in v4, without a token, you can’t get anything at all.

When creating a Github token, you specify which rights areas to include there. I found out that to get the contributionCalendar from the API, you can not specify anything at all.

But still I wonder what information is included there? The Github API is too big to manually check everything.

Or to rephrase the question. Can such a token be used on the frontend? How safe is it to shine, given that it only gives access to public information?

Also, I have a hunch that using a token on the front is not the best practice at all, even if only open public information is possible with this token? And it’s better to make requests to the Github API from the backend, and give only the necessary data to the front.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question