NewGitZoid now watches security and reports your week
All posts
GuidesMay 10, 2026·4 min read

How to get a GitHub token for GitZoid (fine-grained or classic)

DJ
Darshika Joshi
Cofounder, Growth
Guides/gitzoid

GitZoid connects to GitHub through the app in two clicks, and that is the path we recommend. If you would rather wire it up by hand, or you are running the open-source template on your own infrastructure, you can give GitZoid a GitHub token instead. This guide covers both kinds: the modern fine-grained token and the classic one.

A token is what lets GitZoid read your pull requests and post reviews back. It needs read access to your code and permission to comment. Nothing more.

Fine-grained tokenClassic token
ScopePer repository, per permissionEvery repo the account can reach
Best forThe recommended defaultSetups that do not support fine-grained tokens
Access GitZoid needsPull requests read and write, Contents readThe repo scope
SafetyLeast privilegeBroader, so keep the expiry short

Fine-grained token (recommended)

Fine-grained tokens scope access to the exact repositories and permissions you choose, so they are the safer default.

  1. Go to github.com/settings/personal-access-tokens and choose Generate new token.
  2. Name it something you will recognize later, like gitzoid-review, and set an expiry.
  3. Under Repository access, pick Only select repositories and choose the repos you want GitZoid to review.
  4. Under Repository permissions, set Pull requests to Read and write, and Contents to Read-only. Metadata read is set for you.
  5. Generate the token and copy it. GitHub shows it once.

That is the least-privilege setup. GitZoid can read the code and comment on pull requests, and it cannot push, merge, or change settings.

Classic token

If you need broader access, or your setup does not support fine-grained tokens, a classic token works too.

  1. Go to github.com/settings/tokens and choose Generate new token (classic).
  2. Name it, set an expiry, and select the repo scope.
  3. Generate and copy the token.

Classic tokens grant wider access than fine-grained ones, so prefer fine-grained where you can, and keep the expiry short.

Add it to GitZoid

Paste the token into GitZoid when you connect, pick the repositories to watch, and you are done. The first review posts on your next pull request, and the first 10 outputs are free with no card.

GitZoid is read and comment only. It reviews your code and emails you what matters, and it never silently changes anything in your repo.

Put a patrol on your repo.

The first review posts on your next pull request.

Try GitZoid