You must install Elasticsearch before installing Magento Commerce or Magento Open Source 2.4.0. See Elasticsearch for details.

Clone the Magento repository

You can clone the latest code from the Magento GitHub repository, and use code from a release branch or a development branch.

  • A release branch is a stable, full-featured code branch officially released with a version number, such as 2.4. You must use a release branch with the Data Migration Tool.

  • A development branch, or feature branch, is a less-stable code branch with the latest code intended as the next version or to introduce a specific feature.

You can checkout a specific branch after you clone the repository to your local development environment. See Cloning a repository in the GitHub Docs.

Authentication and access

The Magento Commerce repository requires authentication, so you must prepare the following:

  • Magento authentication key—You must have an authentication key to access the Magento Commerce Composer package on and to enable install and update commands for your project.

  • GitHub personal access token—Composer requires a personal access token in the github-oauth property to authorize GitHub repository access. When you create this token, select all options in the repo scope.

Authentication file

You must create an auth.json file that contains your Magento Commerce authorization credentials in the Magento root directory.

To create an authentication file:

  1. If you do not have an auth.json file in your Magento root directory, create one.

    • Using a text editor, create an auth.json file in the Magento root directory.
    • Copy the contents of the sample auth.json file into the new auth.json file.
  2. Replace <public-key> and <private-key> with your Magento Commerce authentication credentials. Add the github-oauth section and replace the <personal-access-token> with the one you created for your GitHub account.

        "http-basic": {
            "": {
                "username": "<public-key>",
                "password": "<private-key>"
        "github-oauth": {
            "": "<personal-access-token>"
  3. Save your changes and exit the text editor.

Pushing an auth.json file to a public repository can expose your credentials.

After completing the tasks discussed on this page, see Update installation dependencies.