The token needs to be prefixed with `x-access-token` and be a [GitHub App Installation token](https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation).
**Note** The installation tokens expire after 1 hour and need to be regenerated regularly.
<!-- prettier-ignore -->
!!! note
The installation tokens expire after 1 hour and need to be regenerated regularly.
Alternatively as environment variable `RENOVATE_TOKEN`, or via CLI `--token=`.
@@ -247,7 +252,10 @@ This account can actually be _any_ account on GitHub, and needs only read-only a
It's used when fetching release notes for repositories in order to increase the hourly API limit.
It's also OK to configure the same as a host rule instead, if you prefer that.
**Note:** If you're using Renovate in a project where dependencies are loaded from github.com (such as Go modules hosted on GitHub) it is highly recommended to add a token as you will exceed the rate limit from the github.com API, which will lead to Renovate closing and reopening PRs because it could not get reliable info on updated dependencies.
<!-- prettier-ignore -->
!!! note
If you're using Renovate in a project where dependencies are loaded from github.com (such as Go modules hosted on GitHub) it is highly recommended to add a token.
Otherwise you will exceed the rate limit from the github.com API, which will lead to Renovate closing and reopening PRs because it could not get reliable info on updated dependencies.