Skip to main content
DeepWiki-Open can access private repositories across multiple platforms using personal access tokens. This comprehensive guide covers token creation, management, security best practices, and troubleshooting for GitHub, GitLab, and BitBucket.

Overview

Private repository access requires authentication tokens that prove your authorization to access the repository content. DeepWiki supports multiple platforms and token types with different permission models.

GitHub

Classic and fine-grained personal access tokens with repository scope

GitLab

Personal access tokens with read_repository scope

BitBucket

App passwords with repository read permissions

Enterprise

Organization and enterprise-specific considerations

GitHub Access Tokens

GitHub offers two types of personal access tokens with different scopes and capabilities.

Classic Personal Access Tokens

1

Navigate to Token Settings

  1. Go to GitHub.com and sign in
  2. Click your profile picture → Settings
  3. In the left sidebar, click Developer settings
  4. Click Personal access tokensTokens (classic)
Classic tokens provide broad access but are easier to set up for multiple repositories.
2

Generate New Token

  1. Click Generate new tokenGenerate new token (classic)
  2. Enter a descriptive note (e.g., “DeepWiki Documentation Access”)
  3. Set expiration (recommended: 90 days for security)
  4. Select scopes based on your needs:
Required scope: repo
  • Full control of private repositories
  • Includes read/write access to code, issues, pull requests
  • Use when: Accessing private repositories you own or have been granted access to
Required scope: public_repo
  • Access to public repositories only
  • More limited permissions
  • Use when: Only accessing public repositories (DeepWiki works without tokens for public repos)
Additional scope: read:org
  • Read organization membership
  • Required for some organization private repositories
  • Use when: Accessing private repositories owned by organizations
3

Copy and Store Token

  1. Click Generate token
  2. Important: Copy the token immediately - you won’t see it again
  3. Store securely (see security best practices below)
GitHub classic tokens start with ghp_ and are 40 characters long. Never share or commit tokens to code repositories.

Fine-Grained Personal Access Tokens (Beta)

For more granular control over repository access:
1

Create Fine-Grained Token

  1. In Developer settingsPersonal access tokens
  2. Click Fine-grained tokensGenerate new token
  3. Configure token details:
    • Token name: Descriptive name
    • Expiration: 90 days recommended
    • Resource owner: Select your account or organization
2

Select Repository Access

Choose repository access level:
Best for: Specific repositories
  • Click “Selected repositories”
  • Choose specific repositories from dropdown
  • More secure, limited scope
Permissions needed:
  • Repository permissions: Contents (Read)
  • Metadata: Read
3

Configure Permissions

Set minimum required permissions:
{
  "Contents": "Read",
  "Metadata": "Read", 
  "Pull requests": "Read",
  "Issues": "Read"
}
Fine-grained tokens provide better security through specific repository and permission selection.

GitHub Enterprise

For GitHub Enterprise Server instances:
Token creation process:
  1. Navigate to your GitHub Enterprise instance
  2. Follow same steps as GitHub.com
  3. Ensure your DeepWiki instance can reach enterprise server
Additional considerations:
  • Network connectivity requirements
  • Certificate trust for self-signed certificates
  • Custom API endpoints configuration
{
  "repo_url": "https://github.enterprise.com/company/private-repo",
  "access_token": "ghp_xxxxxxxxxxxxxxxxxxxx",
  "enterprise_base_url": "https://github.enterprise.com"
}
With SAML SSO enabled:
  1. Create personal access token normally
  2. Authorize token for SSO:
    • Go to token settings
    • Click “Configure SSO” next to your organization
    • Click “Authorize”
Enterprise considerations:
  • Organization policies may restrict token creation
  • Admin approval may be required
  • Token expiration policies may be enforced

GitLab Access Tokens

GitLab uses personal access tokens with specific scope-based permissions.

Personal Access Token Creation

1

Access Token Settings

  1. Sign in to GitLab.com or your GitLab instance
  2. Click your avatar → Edit profile
  3. In the left sidebar, click Access Tokens
GitLab tokens are more granular than GitHub classic tokens, allowing precise permission control.
2

Create New Token

  1. Click Add new token
  2. Configure token settings:
    • Token name: Descriptive name (e.g., “DeepWiki Access”)
    • Expiration date: Set appropriate expiration
    • Select scopes: Choose required permissions
For private repository access:
  • read_repository - Clone and pull from repositories
  • ⚠️ read_user - Read user information (optional)
  • ⚠️ read_api - Read API access (if using API features)
Avoid unnecessary scopes:
  • write_repository - Not needed for documentation
  • api - Full API access (too broad)
For group projects:
  • Add read_repository scope
  • Ensure you’re a group member
  • Check group access policies
For specific projects:
  • Token automatically inherits project access
  • No additional configuration needed
  • Respects project visibility settings
3

Generate and Store

  1. Click Create personal access token
  2. Copy the generated token immediately
  3. Store securely with appropriate labels
GitLab tokens start with glpat- followed by 20 characters. They cannot be viewed again after creation.

GitLab Self-Managed

For self-hosted GitLab instances:
Configuration requirements:
  • Same token creation process
  • Verify network connectivity to your GitLab instance
  • Check SSL certificate configuration
{
  "repo_url": "https://gitlab.company.com/team/private-project",
  "access_token": "glpat-xxxxxxxxxxxxxxxxxxxx",
  "gitlab_base_url": "https://gitlab.company.com"
}

BitBucket Access

BitBucket uses app passwords instead of traditional tokens, with different permission models.

App Password Creation

1

Access App Password Settings

  1. Sign in to BitBucket.org
  2. Click your avatar → Personal BitBucket settings
  3. In the left menu, click App passwords
BitBucket app passwords are repository-specific credentials with granular permissions.
2

Create App Password

  1. Click Create app password
  2. Configure password settings:
    • Label: Descriptive name (e.g., “DeepWiki Documentation”)
    • Permissions: Select required access levels
Required permissions:
  • Repositories: Read - Access repository content
  • Pull requests: Read - Access PR information (optional)
  • ⚠️ Issues: Read - Access issues (optional)
Avoid unnecessary permissions:
  • Repositories: Write - Not needed for documentation
  • Repositories: Admin - Administrative access
  • Account - Account-level access
Team repositories:
  • Ensure you have repository access
  • App password inherits team permissions
  • Verify with team administrators
Personal repositories:
  • Full access to your own repositories
  • No additional configuration needed
3

Generate Password

  1. Click Create
  2. Copy the generated app password
  3. Store with username for authentication
BitBucket app passwords are unique strings (not prefixed). You’ll need both your username and app password for authentication.

BitBucket Server/Data Center

For on-premises BitBucket instances:
BitBucket Server uses personal access tokens:
  1. Go to your BitBucket Server instance
  2. Click your avatar → Manage account
  3. Click Personal access tokens
  4. Create token with Repository read permission
{
  "repo_url": "https://bitbucket.company.com/projects/TEAM/repos/private-repo",
  "access_token": "your-personal-access-token",
  "bitbucket_base_url": "https://bitbucket.company.com"
}

Token Security Best Practices

Secure Token Storage

Local development:
# Use environment files with restricted permissions
echo "GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx" > .env.local
chmod 600 .env.local

# Add to gitignore
echo ".env*" >> .gitignore
echo "*.token" >> .gitignore
Configuration management:
// Use environment variables
const config = {
  github_token: process.env.GITHUB_TOKEN,
  gitlab_token: process.env.GITLAB_TOKEN,
  bitbucket_token: process.env.BITBUCKET_TOKEN
};

// Never hardcode tokens
// ❌ Bad
const token = "ghp_actual_token_here";

// ✅ Good  
const token = process.env.GITHUB_TOKEN;
Container secrets:
# Docker secrets
docker secret create github_token /path/to/token/file

# Docker Compose
version: '3.8'
services:
  deepwiki:
    image: deepwiki-open
    secrets:
      - github_token
    environment:
      - GITHUB_TOKEN_FILE=/run/secrets/github_token
Kubernetes secrets:
apiVersion: v1
kind: Secret
metadata:
  name: repository-tokens
type: Opaque
data:
  github-token: <base64-encoded-token>
  gitlab-token: <base64-encoded-token>
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deepwiki
spec:
  template:
    spec:
      containers:
      - name: deepwiki
        env:
        - name: GITHUB_TOKEN
          valueFrom:
            secretKeyRef:
              name: repository-tokens
              key: github-token
Automated rotation strategy:
  1. Generate new tokens before current ones expire
  2. Test new tokens in staging environment
  3. Update production with new tokens
  4. Revoke old tokens after successful deployment
  5. Monitor for failures and rollback if needed
Rotation schedule:
  • High-security environments: 30-60 days
  • Standard environments: 90 days
  • Development environments: 180 days
#!/bin/bash
# Token rotation script example
NEW_TOKEN="ghp_new_token_here"
OLD_TOKEN="ghp_old_token_here"

# Test new token
if curl -H "Authorization: token $NEW_TOKEN" https://api.github.com/user; then
    # Update production
    kubectl patch secret repository-tokens -p='{"data":{"github-token":"'$(echo -n $NEW_TOKEN | base64)'"}}'
    
    # Revoke old token (manual step)
    echo "Update successful. Revoke old token: $OLD_TOKEN"
else
    echo "New token validation failed. Aborting rotation."
    exit 1
fi

Access Control

1

Principle of Least Privilege

Minimize token permissions:
  • Use read-only scopes when possible
  • Avoid admin or write permissions
  • Prefer fine-grained tokens over classic tokens
  • Regular audit of token permissions
Review token permissions quarterly to ensure they match current needs.
2

Network Security

Restrict token usage:
# Nginx configuration for IP restrictions
location /api/wiki/generate {
    allow 192.168.1.0/24;  # Internal network
    allow 10.0.0.0/8;      # Private network
    deny all;              # Block external access
    
    proxy_pass http://deepwiki-backend;
}
API endpoint protection:
# Rate limiting by token
from functools import lru_cache

@lru_cache(maxsize=1000)
def get_rate_limit(token: str):
    return RateLimiter(requests_per_minute=10)

def validate_token_request(token: str):
    rate_limiter = get_rate_limit(token)
    if not rate_limiter.allow_request():
        raise RateLimitExceeded("Token rate limit exceeded")
3

Monitoring and Alerting

Token usage monitoring:
{
  "token_monitoring": {
    "track_usage": true,
    "alert_on_failures": true,
    "log_access_patterns": true,
    "detect_anomalies": true
  },
  "alerts": {
    "token_expiry_warning": "7d",
    "unusual_usage_pattern": true,
    "failed_authentication": {
      "threshold": 5,
      "window": "1h"
    }
  }
}
Security event logging:
import logging

security_logger = logging.getLogger('security')

def log_token_usage(token_hash: str, repo_url: str, success: bool):
    security_logger.info({
        'event': 'token_usage',
        'token_hash': token_hash,
        'repository': repo_url,
        'success': success,
        'timestamp': datetime.now().isoformat(),
        'ip_address': get_client_ip()
    })

Using Tokens with DeepWiki

API Integration

Direct API calls:
# GitHub private repository
curl -X POST "http://localhost:8001/wiki/generate" \
  -H "Content-Type: application/json" \
  -d '{
    "repo_url": "https://github.com/company/private-repo",
    "access_token": "ghp_xxxxxxxxxxxxxxxxxxxx",
    "model_provider": "google"
  }'

# GitLab private repository  
curl -X POST "http://localhost:8001/wiki/generate" \
  -H "Content-Type: application/json" \
  -d '{
    "repo_url": "https://gitlab.com/company/private-project",
    "access_token": "glpat-xxxxxxxxxxxxxxxxxxxx", 
    "model_provider": "google"
  }'

# BitBucket private repository
curl -X POST "http://localhost:8001/wiki/generate" \
  -H "Content-Type: application/json" \
  -d '{
    "repo_url": "https://bitbucket.org/company/private-repo",
    "access_token": "your-app-password",
    "username": "your-username",
    "model_provider": "google"
  }'

Web Interface Integration

1

Token Input Component

Secure token input:
import { useState } from 'react';

function TokenInput({ onTokenChange, platform }) {
  const [token, setToken] = useState('');
  const [showToken, setShowToken] = useState(false);
  
  const handleTokenChange = (value) => {
    setToken(value);
    onTokenChange(value);
  };
  
  const tokenPatterns = {
    github: /^(ghp_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]+)$/,
    gitlab: /^glpat-[a-zA-Z0-9]{20}$/,
    bitbucket: /^[a-zA-Z0-9]+$/
  };
  
  const isValidToken = tokenPatterns[platform]?.test(token);
  
  return (
    <div className="token-input">
      <label htmlFor="access-token">
        {platform.charAt(0).toUpperCase() + platform.slice(1)} Access Token
      </label>
      <div className="input-group">
        <input
          id="access-token"
          type={showToken ? 'text' : 'password'}
          value={token}
          onChange={(e) => handleTokenChange(e.target.value)}
          placeholder={`Enter ${platform} access token`}
          className={isValidToken ? 'valid' : 'invalid'}
        />
        <button
          type="button"
          onClick={() => setShowToken(!showToken)}
          aria-label={showToken ? 'Hide token' : 'Show token'}
        >
          {showToken ? '👁️' : '👁️‍🗨️'}
        </button>
      </div>
      {!isValidToken && token.length > 0 && (
        <div className="error">
          Invalid {platform} token format
        </div>
      )}
    </div>
  );
}
2

Token Validation

Client-side validation:
async function validateRepositoryAccess(repoUrl, accessToken, platform) {
  try {
    const response = await fetch('/api/validate-token', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        repo_url: repoUrl,
        access_token: accessToken,
        platform: platform
      })
    });
    
    const result = await response.json();
    return {
      valid: result.valid,
      permissions: result.permissions,
      error: result.error
    };
  } catch (error) {
    return {
      valid: false,
      error: 'Network error during validation'
    };
  }
}

// Usage in form submission
const handleSubmit = async (formData) => {
  const validation = await validateRepositoryAccess(
    formData.repoUrl,
    formData.accessToken,
    formData.platform
  );
  
  if (!validation.valid) {
    setError(`Token validation failed: ${validation.error}`);
    return;
  }
  
  // Proceed with wiki generation
  generateWiki(formData);
};

Organization and Enterprise Considerations

GitHub Organizations

Common organizational restrictions:
  • Personal access token policies
  • Required two-factor authentication
  • IP allowlists for API access
  • Audit logging requirements
Working with restrictions:
  1. Check organization settings before creating tokens
  2. Request necessary permissions from administrators
  3. Use fine-grained tokens when possible for better compliance
  4. Document token usage for audit purposes
{
  "organization_requirements": {
    "two_factor_required": true,
    "saml_sso_required": true,
    "ip_allowlist_enabled": true,
    "allowed_ips": ["203.0.113.0/24", "198.51.100.0/24"],
    "audit_logging": true
  }
}
Enterprise GitHub features:
  • Advanced security features
  • Custom SAML/OIDC integration
  • Advanced audit logging
  • Custom policies and restrictions
Token considerations:
  • Shorter token lifetimes
  • Required approval workflows
  • Enhanced monitoring requirements
  • Integration with enterprise identity systems
Best practices:
  1. Coordinate with security teams on token policies
  2. Use service accounts for automated access
  3. Implement token rotation procedures
  4. Monitor token usage closely

GitLab Groups and Projects

GitLab group considerations:
  • Group membership requirements
  • Project-level permissions inheritance
  • Shared runner restrictions
  • Group-level tokens (GitLab Premium+)
{
  "group_access": {
    "group_name": "company-dev-team",
    "member_role": "developer",
    "project_access_level": "read",
    "shared_runners_enabled": false
  }
}

Token Management at Scale

Multi-Repository Management

1

Centralized Token Store

Token management system:
from dataclasses import dataclass
from datetime import datetime, timedelta
from typing import Dict, List
import keyring

@dataclass
class RepositoryToken:
    platform: str
    token: str
    repositories: List[str]
    expires_at: datetime
    permissions: List[str]
    
class TokenManager:
    def __init__(self):
        self.tokens: Dict[str, RepositoryToken] = {}
    
    def add_token(self, name: str, token: RepositoryToken):
        # Store in secure keyring
        keyring.set_password("deepwiki", name, token.token)
        self.tokens[name] = token
        
    def get_token_for_repo(self, repo_url: str) -> str:
        for token_data in self.tokens.values():
            if any(repo in repo_url for repo in token_data.repositories):
                return keyring.get_password("deepwiki", token_data.token)
        return None
        
    def check_expiring_tokens(self, days: int = 7) -> List[str]:
        expiring = []
        threshold = datetime.now() + timedelta(days=days)
        
        for name, token in self.tokens.items():
            if token.expires_at < threshold:
                expiring.append(name)
                
        return expiring
2

Automated Token Rotation

Rotation workflow:
class TokenRotationService:
    def __init__(self, token_manager: TokenManager):
        self.token_manager = token_manager
        
    async def rotate_github_token(self, old_token_name: str):
        # This would integrate with GitHub API to create new tokens
        # Note: GitHub doesn't provide token creation API
        # This is a conceptual example
        
        old_token = self.token_manager.tokens[old_token_name]
        
        # Generate new token (manual process for GitHub)
        new_token_value = await self._prompt_for_new_token()
        
        # Test new token
        if await self._test_token_access(new_token_value, old_token.repositories):
            # Update stored token
            new_token = RepositoryToken(
                platform=old_token.platform,
                token=new_token_value,
                repositories=old_token.repositories,
                expires_at=datetime.now() + timedelta(days=90),
                permissions=old_token.permissions
            )
            
            self.token_manager.add_token(old_token_name, new_token)
            
            # Schedule old token revocation
            await self._schedule_token_revocation(old_token.token)
            
            return True
        return False

Monitoring and Analytics

Track token performance:
import logging
from collections import defaultdict
from datetime import datetime

class TokenAnalytics:
    def __init__(self):
        self.usage_stats = defaultdict(list)
        self.error_stats = defaultdict(int)
        
    def log_token_usage(self, token_hash: str, repo_url: str, 
                       success: bool, response_time: float):
        event = {
            'timestamp': datetime.now(),
            'repository': repo_url,
            'success': success,
            'response_time': response_time
        }
        
        self.usage_stats[token_hash].append(event)
        
        if not success:
            self.error_stats[token_hash] += 1
            
    def generate_usage_report(self, token_hash: str) -> dict:
        events = self.usage_stats[token_hash]
        
        if not events:
            return {'error': 'No usage data found'}
            
        successful_requests = sum(1 for e in events if e['success'])
        total_requests = len(events)
        avg_response_time = sum(e['response_time'] for e in events) / total_requests
        
        return {
            'total_requests': total_requests,
            'successful_requests': successful_requests,
            'success_rate': successful_requests / total_requests * 100,
            'average_response_time': avg_response_time,
            'error_count': self.error_stats[token_hash],
            'last_used': max(e['timestamp'] for e in events)
        }
Token health checks:
#!/bin/bash
# Token health check script

check_github_token() {
    local token=$1
    local response=$(curl -s -w "%{http_code}" -o /dev/null \
        -H "Authorization: token $token" \
        https://api.github.com/user)
    
    if [ "$response" = "200" ]; then
        echo "GitHub token: HEALTHY"
        return 0
    else
        echo "GitHub token: FAILED (HTTP $response)"
        return 1
    fi
}

check_gitlab_token() {
    local token=$1
    local response=$(curl -s -w "%{http_code}" -o /dev/null \
        -H "Private-Token: $token" \
        https://gitlab.com/api/v4/user)
    
    if [ "$response" = "200" ]; then
        echo "GitLab token: HEALTHY"
        return 0
    else
        echo "GitLab token: FAILED (HTTP $response)"
        return 1
    fi
}

# Run health checks
check_github_token "$GITHUB_TOKEN"
check_gitlab_token "$GITLAB_TOKEN"

# Alert on failures
if [ $? -ne 0 ]; then
    # Send alert (email, Slack, etc.)
    echo "Token health check failed - alerting administrators"
fi

Troubleshooting

Common Issues

Symptom: “Bad credentials” or “Invalid token” errorsDiagnosis checklist:
  1. Token format validation: 
    # GitHub Classic: ghp_xxxxxxxxxxxxxxxxxxxx (40 chars)
# GitHub Fine-grained: github_pat_xxxx (variable length)
# GitLab: glpat-xxxxxxxxxxxxxxxxxxxx (25 chars)
# BitBucket: Variable format
  2. Token expiration check: 
    # Check GitHub token
curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user

# Check GitLab token
curl -H "Private-Token: $GITLAB_TOKEN" https://gitlab.com/api/v4/user
  3. Permission verification: 
    # Test repository access
curl -H "Authorization: token $GITHUB_TOKEN" \
     https://api.github.com/repos/owner/private-repo
Solutions:
  • Generate new token with correct permissions
  • Verify token hasn’t expired
  • Check organization SSO requirements
  • Confirm repository access permissions
Symptom: “Not Found” errors for existing repositoriesCommon causes:
  • Token lacks repository scope
  • Repository is private but token has public-only permissions
  • Organization requires SSO authorization for tokens
  • User doesn’t have repository access
Resolution steps:
  1. Verify repository permissions: 
    import requests

def check_repo_access(token, repo_url):
    # Extract owner/repo from URL
    parts = repo_url.split('/')
    owner, repo = parts[-2], parts[-1]
    
    response = requests.get(
        f"https://api.github.com/repos/{owner}/{repo}",
        headers={"Authorization": f"token {token}"}
    )
    
    return {
        'status_code': response.status_code,
        'accessible': response.status_code == 200,
        'error': response.json() if response.status_code != 200 else None
    }
  2. Update token permissions:
    • For GitHub: Add repo scope for private repositories
    • For GitLab: Add read_repository scope
    • For BitBucket: Ensure “Repositories: Read” permission
  3. Handle organization restrictions:
    • Authorize token for SSO if required
    • Request repository access from administrators
    • Use organization-approved tokens
Symptom: “API rate limit exceeded” errorsUnderstanding rate limits:
  • GitHub: 5,000 requests/hour for authenticated requests
  • GitLab: 2,000 requests/minute for personal tokens
  • BitBucket: 1,000 requests/hour for authenticated requests
Mitigation strategies:
import time
import requests
from functools import wraps

def rate_limited_request(max_retries=3, delay=60):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            for attempt in range(max_retries):
                try:
                    return func(*args, **kwargs)
                except RateLimitError as e:
                    if attempt < max_retries - 1:
                        time.sleep(delay * (attempt + 1))
                        continue
                    raise
            return wrapper
    return decorator

@rate_limited_request()
def make_api_request(url, headers):
    response = requests.get(url, headers=headers)
    
    if response.status_code == 429:  # Too Many Requests
        raise RateLimitError("Rate limit exceeded")
        
    return response
Best practices:
  • Implement exponential backoff
  • Cache API responses when possible
  • Use webhooks instead of polling
  • Monitor rate limit headers

Advanced Debugging

1

Enable Debug Logging

API server debugging:
import logging

# Configure detailed logging
logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
    handlers=[
        logging.FileHandler('deepwiki-debug.log'),
        logging.StreamHandler()
    ]
)

# Log repository access attempts
repo_logger = logging.getLogger('repository_access')

def log_repository_access(repo_url, token_hash, success, error=None):
    repo_logger.debug({
        'repository': repo_url,
        'token_hash': token_hash,  # Never log actual token
        'success': success,
        'error': str(error) if error else None,
        'timestamp': datetime.now().isoformat()
    })
2

Network Diagnostics

Connection testing:
#!/bin/bash
# Network connectivity test

test_github_connectivity() {
    echo "Testing GitHub API connectivity..."
    
    # Test DNS resolution
    nslookup api.github.com
    
    # Test HTTPS connectivity
    curl -I https://api.github.com/
    
    # Test authentication
    curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user
}

test_enterprise_connectivity() {
    local enterprise_url=$1
    echo "Testing enterprise connectivity: $enterprise_url"
    
    # Test SSL certificate
    openssl s_client -connect ${enterprise_url}:443 -servername $enterprise_url
    
    # Test API endpoint
    curl -I ${enterprise_url}/api/v3/
}

# Run tests
test_github_connectivity
test_enterprise_connectivity "github.enterprise.com"
3

Token Analysis Tools

Token inspection utility:
import base64
import json
from datetime import datetime

class TokenAnalyzer:
    def __init__(self):
        self.platform_patterns = {
            'github_classic': r'^ghp_[a-zA-Z0-9]{36}$',
            'github_fine_grained': r'^github_pat_[a-zA-Z0-9_]+$',
            'gitlab': r'^glpat-[a-zA-Z0-9]{20}$',
            'bitbucket': r'^[a-zA-Z0-9]+$'
        }
    
    def identify_platform(self, token: str) -> str:
        for platform, pattern in self.platform_patterns.items():
            if re.match(pattern, token):
                return platform
        return 'unknown'
    
    def analyze_github_token(self, token: str) -> dict:
        headers = {'Authorization': f'token {token}'}
        
        # Get token info (doesn't exist in GitHub API)
        # This is conceptual - GitHub doesn't provide token introspection
        user_response = requests.get('https://api.github.com/user', headers=headers)
        
        if user_response.status_code != 200:
            return {'error': 'Invalid token or insufficient permissions'}
            
        user_data = user_response.json()
        
        # Test repository access
        repos_response = requests.get('https://api.github.com/user/repos', headers=headers)
        
        return {
            'platform': 'github',
            'user': user_data.get('login'),
            'scopes': user_response.headers.get('X-OAuth-Scopes', '').split(', '),
            'rate_limit': {
                'limit': user_response.headers.get('X-RateLimit-Limit'),
                'remaining': user_response.headers.get('X-RateLimit-Remaining'),
                'reset': user_response.headers.get('X-RateLimit-Reset')
            },
            'repository_access': repos_response.status_code == 200
        }

# Usage
analyzer = TokenAnalyzer()
result = analyzer.analyze_github_token("ghp_xxxxxxxxxxxxxxxxxxxx")
print(json.dumps(result, indent=2))

Next Steps

API Authentication

Learn about API-level authentication and security

Security Guide

Implement comprehensive security measures

Production Setup

Deploy with proper token management in production

Troubleshooting

Resolve common issues and get support