Token, Token, Token

By Travis CI

Jan 28, 2013

Jan 28, 2013

At Travis CI, when we say “token”, we can mean different things. So I thought I’ll just explain real quick what we could refer to and why there’s even a difference.

GitHub Token

This is pretty straight forward and should usually not bother you unless you want to leave Travis CI. When you sign in on Travis, we redirect you to GitHub, where you’re asked to grant us limited access to your account. This will give us a token, which we store internally.

You can also use any other GitHub token to prove that you are you. In that case, Travis will not store the token. Our command line client for instance uses this with a temporary token for authentication.

You can revoke this token any time via your GitHub account settings. You should take into account that Travis might no longer work properly in that case, though.

Access Token

Access tokens are used to interact with the Travis API. This mechanism is used by both our web and our command line client. These tokens are quite powerful, as you can imagine. Giving someone an access token is like giving them full access to your Travis account. Which is why you wouldn’t give away such a token.

With an access token you can, amongst other things:

  • See log output for private repositories.
  • Restart a build.
  • Enable/disable a repository.
  • Anything else our web interface can do (except for billing on Pro).

You can add an access token to an API call by appending ?access_token=... to the URL or via an Authorization: token ... header.

Travis Token

Last but not least, the “Travis Token”. There are times where you need a token that some people should be able to see. For instance, the token in the service hook might be visible to your collaborators. Or if you want to display the status image for a private repository. Which is why we have these tokens that you shouldn’t necessarily post publicly, but aren’t super secret either.

With a travis token you can:

  • Manually set up a service hook on GitHub, if you have admin access to the repository (although this is something we discourage).
  • Display the status image for a private repository.
  • Access the cc.xml of a private repository (for CCMenu/CCTray).

You can append a travis token via ?token=... to a normal request. If your repository is at you can for instance access the cc.xml under

Where do I get my token?

  • GitHub token: You don’t.
  • Travis token: Go to the Profile tab on your Accounts page
  • Access token: gem install travis && travis login && travis token or manually via the API.