Tokens up close

Congratulations. In the previous exercise you created an access token for our API test user. If you looked at the output in the console, it looked something like the code on the right (formatted for clarity).

There are two important pieces of info here. First, the app object indicates which application is using the token on behalf of the user. Since we didn't provide one, it's created in the default 'GitHub API' app and the url property points to the GitHub API docs. We'll look at creating third party tokens in the next exercise.

Before we move on, take a look at the token property. Its 40 character string value is key we pass in header when making OAuth-enabled API calls. We're displaying these tokens for our dummy user for educational purposes but you should treat your real life tokens created with your own username and password like you would any password, securely and away from prying eyes.