Skip to main content
GitHub’s remote MCP server requires a Personal Access Token rather than OAuth — it doesn’t support Dynamic Client Registration, so the one-click OAuth flow isn’t available for third-party gateways. You generate a token with the right scopes for the toolsets you need, choose a toolset URL, and add the server with an Authorization header.
GitHub’s remote MCP server does not support OAuth Dynamic Client Registration — the standard flow that lets MCP Manager register itself automatically. The only supported path for third-party gateways is a Personal Access Token passed as a Bearer token. This guide covers that path.

What you need

Bring the following before you open MCP Manager:
  • A GitHub account with access to the repositories and resources your team’s AI tools will need to reach.
  • The ability to create a Personal Access Token (PAT) on that account — either a fine-grained PAT scoped to specific repositories, or a classic PAT with the right scopes. Fine-grained PATs are recommended; they give you tighter control over which repositories the token can reach. Note that some organizations require admin approval before a fine-grained PAT can be used — see Gotchas if you’re working inside a GitHub organization.
  • The right scopes for the toolsets you plan to use. See Scopes by toolset below.
  • Optionally, a GitHub organization with a Copilot Business or Enterprise plan if you want access to security toolsets. Some tools require it.
The connection uses a shared token, not per-user OAuth. Every user on the gateway acts as the GitHub identity that owns the PAT. Read Identity and attribution before connecting if per-user accountability matters to your deployment.

Scopes by toolset

GitHub’s MCP server is organized into toolsets. The scopes your PAT needs depend on which ones you enable. Each toolset also has its own URL path — more on that in Connect the server.
ToolsetWhat it exposesPAT scopes required
repos (default)Repository contents, file reading, commits, branches, searchrepo (private repos) or public_repo (public only)
issues (default)Read and manage issues, labels, milestonesrepo
pull_requests (default)Read and manage PRs, reviews, draft togglesrepo
context (default)Authenticated user identity, team membershipread:user, read:org
actionsWorkflow runs, logs, re-runs, releasesrepo, workflow
code_securityCode scanning alerts, GHAS findingsrepo, security_events
dependabotDependabot alertsrepo, security_events
secret_protectionSecret scanning alerts and push protectionrepo, security_events
notificationsGitHub notification managementnotifications
discussionsRepository discussionsrepo
orgsOrganization searchread:org
projectsGitHub Projects boardsrepo, project
gistsGitHub Gistsgist
experimentsExperimental/unstable toolsRequired scopes vary by experiment; check the github/github-mcp-server repository for the current tool list
Start with the default toolsets (repos, issues, pull_requests, context) and the repo scope. Add further scopes only when you add a toolset that needs them — over-provisioned PATs are the leading cause of unintended access.
Use a fine-grained PAT and restrict it to the specific repositories your team’s AI tools need. A fine-grained PAT scoped to three repositories gives the AI access to exactly those three — nothing else — even if your account has hundreds.

Connect the server

1

Generate a Personal Access Token

In GitHub, go to Settings → Developer settings → Personal access tokens.Choose Fine-grained tokens (recommended) or Tokens (classic):
  • Fine-grained: Set the resource owner (your account or an org), choose the repositories to allow, and under Repository permissions grant the permissions that match your chosen toolsets from the table above. Fine-grained tokens cannot grant workflow scope — if you need the Actions toolset, use a classic PAT.
  • Classic: Check the scopes for your toolsets from the table above. At minimum, check repo for the default toolsets.
Set an expiration. Fine-grained PATs allow a “No expiration” option, though your organization or enterprise administrator may have set a maximum lifetime policy that blocks it. If expiry is required, note the date — when the token expires, tool calls return 401 errors and you’ll need to rotate it.
Copy the token value before leaving this page — GitHub shows it only once. If you navigate away without copying it, you will need to regenerate the token and update the header value in MCP Manager.
2

Choose your toolset URL

GitHub’s MCP server exposes each toolset at its own URL path. You paste this URL into MCP Manager — it determines which tools are available without any additional configuration.
ToolsetURL
All default toolsetshttps://api.githubcopilot.com/mcp/
Repos onlyhttps://api.githubcopilot.com/mcp/x/repos
Issues onlyhttps://api.githubcopilot.com/mcp/x/issues
Pull requests onlyhttps://api.githubcopilot.com/mcp/x/pull_requests
Actionshttps://api.githubcopilot.com/mcp/x/actions
Code securityhttps://api.githubcopilot.com/mcp/x/code_security
Dependabothttps://api.githubcopilot.com/mcp/x/dependabot
Secret protectionhttps://api.githubcopilot.com/mcp/x/secret_protection
Notificationshttps://api.githubcopilot.com/mcp/x/notifications
Discussionshttps://api.githubcopilot.com/mcp/x/discussions
Organizationshttps://api.githubcopilot.com/mcp/x/orgs
Projectshttps://api.githubcopilot.com/mcp/x/projects
Gistshttps://api.githubcopilot.com/mcp/x/gists
Experimentshttps://api.githubcopilot.com/mcp/x/experiments
The context toolset — which exposes authenticated user identity and team membership — has no standalone URL path. It is always included when you connect using the base URL (https://api.githubcopilot.com/mcp/). If you connect to a single-toolset URL like /mcp/x/repos and need context tools as well, use the base URL with an X-MCP-Toolsets: repos,context header instead.
Append /readonly to any URL to restrict it to read-only tools — for example https://api.githubcopilot.com/mcp/x/issues/readonly. This is useful when you want to expose a toolset to a broader team without allowing writes.If you want multiple toolsets but not all of them, add the server once per toolset URL, or connect to the base URL (https://api.githubcopilot.com/mcp/) and add an X-MCP-Toolsets header listing the toolsets you want as a comma-separated value — for example, repos,issues,pull_requests. The X-MCP-Toolsets header only takes effect on the base URL; it is ignored when connecting to a single-toolset path like /mcp/x/repos.
3

Add the server in MCP Manager

On the MCP Servers page, add a server, paste your chosen toolset URL, and click Continue.MCP Manager will detect that the server requires token authentication and prompt you to provide a custom header. Enter:
FieldValue
Header nameAuthorization
Header valueBearer <your-PAT>
Replace <your-PAT> with the token you copied in Step 1 — include the word Bearer followed by a space before the token.MCP Manager stores the value encrypted with AES-256-GCM and attaches it to every request it makes to GitHub. The server’s tools are now available to add to a gateway.

Identity and attribution

GitHub’s remote MCP server does not support per-user OAuth for third-party clients, so this connection uses a shared token — every user on the gateway acts as the GitHub account that owns the PAT. All tool calls appear in GitHub’s own logs as that account, not as the individual team member who triggered them. MCP Manager’s own logs do attribute calls to the real user, so you retain per-person visibility within MCP Manager. But any GitHub-side audit trail — API usage logs, repository event logs — will reflect the PAT owner. Two patterns that follow from this:
  • Read/write split. Add the server twice: once with a read-only toolset URL (append /readonly) using a scoped service-account PAT for broad access, and again with the write-capable URL requiring each user to supply their own PAT. That way reads are frictionless and shared, while writes carry the individual’s token — and therefore their identity in GitHub’s logs. See Adding the same server more than once.
  • Use a dedicated account token. Rather than a personal token that expires when someone leaves, create a dedicated GitHub machine account or use a GitHub App installation token for the credential. The connection then survives team turnover.
If you need each person to act as themselves in GitHub — with their own token and their own permissions — configure the server assignment as per-user identity in the gateway. Each teammate will be prompted to paste their own PAT the first time they connect to any gateway containing the GitHub server. MCP Manager stores each token individually and uses it for that person’s tool calls. See Identity Controls for how to configure this on a server assignment.
See per-user versus shared identity for how this maps to gateway identity schemes.

Gotchas & things to keep in mind

OAuth will not work. GitHub’s remote MCP server does not support Dynamic Client Registration (DCR), which is what MCP Manager uses to self-register for the standard OAuth flow. If you paste the base URL and expect an OAuth prompt, you won’t get one — you must supply the Authorization: Bearer <PAT> header manually. This is a GitHub-side constraint. That said, per-user identity is still achievable: configure the server assignment as per-user in the gateway, and each teammate will be prompted to enter their own PAT on first connection. See Identity Controls. Fine-grained PATs cannot grant workflow scope. If you need the Actions toolset (https://api.githubcopilot.com/mcp/x/actions), you must use a classic PAT and check the workflow scope. Fine-grained PATs do not include it. PAT expiry breaks the connection. When a token expires, tool calls start returning 401 errors. Fine-grained PATs allow a “No expiration” option unless your organization enforces a maximum lifetime policy; classic PATs can also be set to never expire. If you do set an expiration, put a reminder in place to rotate the token and update the header value in MCP Manager before it hits. Organization PAT policies may block fine-grained tokens. Some GitHub organizations restrict which PAT types can be used, or require admin approval for fine-grained PATs. If your token is rejected, check your organization’s Personal access token policies under GitHub Organization Settings. Enterprise Server is not supported. GitHub’s remote MCP server at api.githubcopilot.com is not available for GitHub Enterprise Server (self-hosted). GHES customers must run the local Docker-based server (ghcr.io/github/github-mcp-server) instead — that is a different setup not covered here. GitHub Enterprise Cloud with data residency uses a different base URL. Replace api.githubcopilot.com with copilot-api.<your-subdomain>.ghe.com — for example, if your instance is octocorp.ghe.com, the MCP server URL is https://copilot-api.octocorp.ghe.com/mcp. Security toolsets require paid licenses. The code_security, dependabot, and secret_protection toolsets require GitHub Advanced Security or GitHub Secret Protection to be enabled on the repositories in question. The tools will appear in the gateway but return errors on repositories where the feature isn’t licensed. Experiments toolset is unstable. The experiments toolset (https://api.githubcopilot.com/mcp/x/experiments) exposes features GitHub has not declared stable. Tool names, behavior, and availability may change without notice.

Further reading

Find & Connect MCP Servers

How MCP Manager detects authentication type, and how to find other servers’ URLs.

Token in custom headers

How MCP Manager stores the Authorization header you just supplied.

Per-user versus shared identity

What shared token auth means for attribution, and patterns for handling it.

Connect your AI client

Point Claude, Cursor, or another client at the gateway once GitHub is connected.

External sources

GitHub MCP server — remote server documentation

GitHub’s authoritative reference for the remote server — toolset URLs, headers, and configuration options.

Managing personal access tokens

GitHub’s own guide to creating and scoping PATs, including fine-grained token permissions.