Merge pull request #38952 from github/repo-sync

docs-bot · web-flow · commit 0ce8f63b00a6 · 2025-06-18T08:36:48.000-07:00
Repo sync
diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
@@ -164,6 +164,8 @@ Username: YOUR-USERNAME
 Password: YOUR-PERSONAL-ACCESS-TOKEN
 ```
 
+Although you are required to enter your username along with your {% data variables.product.pat_generic %}, the username is not used to authenticate you. Instead, the {% data variables.product.pat_generic %} is used to authenticate you. If you do not enter a username, you will receive an error message that your credentials are invalid.
+
 {% data variables.product.pat_generic_caps %}s can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to [switch the remote from SSH to HTTPS](/get-started/git-basics/managing-remote-repositories#switching-remote-urls-from-ssh-to-https).
 
 If you are not prompted for your username and password, your credentials may be cached on your computer. You can [update your credentials in the Keychain](/get-started/git-basics/updating-credentials-from-the-macos-keychain) to replace your old password with the token.
diff --git a/content/rest/authentication/authenticating-to-the-rest-api.md b/content/rest/authentication/authenticating-to-the-rest-api.md
@@ -46,6 +46,8 @@ If you are using a {% data variables.product.pat_v2 %}, your {% data variables.p
 
 If you are using a {% data variables.product.pat_v1 %}, it requires specific scopes in order to access each REST API endpoint. For general guidance about what scopes to choose, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes).
 
+{% data variables.product.pat_generic_caps_plural %} act as your identity (limited by the scopes or permissions you selected) when you make requests to the REST API. As such, it is important to keep your {% data variables.product.pat_generic_plural %} secure. For more information about keeping your {% data variables.product.pat_generic_plural %} secure, see [AUTOTITLE](/rest/authentication/keeping-your-api-credentials-secure?apiVersion=2022-11-28).
+
 ### {% data variables.product.pat_generic_caps_plural %} and SAML SSO
 
 {% ifversion fpt or ghec %}If you use a {% data variables.product.pat_v1 %} to access an organization that enforces SAML single sign-on (SSO) for authentication, you will need to authorize your token after creation. {% data variables.product.pat_v2_caps %}s are authorized during token creation, before access to the organization is granted. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).
