About permissions required for fine-grained personal access token
When you create a fine-grained personal access token, you grant it a set of permissions. Permissions define what resources the GitHub App can access via the API. For more information, see "Managing your personal access tokens."
To help you choose the correct permissions, you will receive the X-Accepted-GitHub-Permissions header in the REST API response. The header will tell you what permissions are required in order to access the endpoint. For more information, see "Troubleshooting the REST API."
These permissions are required to access private resources with the following endpoints. Some endpoints can also be used to access public resources without these permissions.
Some endpoints require additional permissions. When this is the case, the "Additional permissions" column will indicate the other permissions that are required to use the endpoint.
Business permissions for "Enterprise administration"
Organization permissions for "Administration"
Organization permissions for "Blocking users"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /orgs/{org}/blocks/{username} | write | ✖️ |
| DELETE /orgs/{org}/blocks/{username} | write | ✖️ |
| GET /orgs/{org}/blocks | read | ✖️ |
| GET /orgs/{org}/blocks/{username} | read | ✖️ |
Organization permissions for "Custom organization roles"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /orgs/{org}/organization-roles | write | ✖️ |
| PATCH /orgs/{org}/organization-roles/{role_id} | write | ✖️ |
| DELETE /orgs/{org}/organization-roles/{role_id} | write | ✖️ |
| GET /orgs/{org}/organization-fine-grained-permissions | read | ✖️ |
| GET /orgs/{org}/organization-roles | read | ✖️ |
| GET /orgs/{org}/organization-roles/{role_id} | read | ✖️ |
Organization permissions for "Custom properties"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PATCH /orgs/{org}/properties/schema | admin | ✖️ |
| PUT /orgs/{org}/properties/schema/{custom_property_name} | admin | ✖️ |
| DELETE /orgs/{org}/properties/schema/{custom_property_name} | admin | ✖️ |
| PATCH /orgs/{org}/properties/values | write | ✖️ |
| GET /orgs/{org}/properties/schema | read | ✖️ |
| GET /orgs/{org}/properties/schema/{custom_property_name} | read | ✖️ |
| GET /orgs/{org}/properties/values | read | ✖️ |
Organization permissions for "Custom repository roles"
Organization permissions for "Events"
| Endpoint | Access | Additional permissions |
|---|---|---|
| GET /users/{username}/events/orgs/{org} | read | ✖️ |
Organization permissions for "GitHub Copilot Business"
| Endpoint | Access | Additional permissions |
|---|---|---|
| GET /orgs/{org}/copilot/billing | write | ✖️ |
| GET /orgs/{org}/copilot/billing/seats | write | ✖️ |
| POST /orgs/{org}/copilot/billing/selected_teams | write | ✖️ |
Organization permissions for "Members"
Organization permissions for "Organization announcement banners"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PATCH /orgs/{org}/announcement | write | ✖️ |
| DELETE /orgs/{org}/announcement | write | ✖️ |
| GET /orgs/{org}/announcement | read | ✖️ |
Organization permissions for "Organization codespaces secrets"
Organization permissions for "Organization codespaces settings"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /orgs/{org}/codespaces/access | write | ✖️ |
| POST /orgs/{org}/codespaces/access/selected_users | write | ✖️ |
| DELETE /orgs/{org}/codespaces/access/selected_users | write | ✖️ |
Organization permissions for "Organization codespaces"
| Endpoint | Access | Additional permissions |
|---|---|---|
| DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name} | write | |
| POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop | write | |
| GET /orgs/{org}/codespaces | read | |
| GET /orgs/{org}/members/{username}/codespaces | read |
Organization permissions for "Organization dependabot secrets"
Organization permissions for "Projects"
Organization permissions for "Secrets"
Organization permissions for "Self-hosted runners"
Organization permissions for "Team discussions"
Organization permissions for "Variables"
Organization permissions for "Webhooks"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /orgs/{org}/hooks | write | ✖️ |
| PATCH /orgs/{org}/hooks/{hook_id} | write | ✖️ |
| DELETE /orgs/{org}/hooks/{hook_id} | write | ✖️ |
| PATCH /orgs/{org}/hooks/{hook_id}/config | write | ✖️ |
| POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts | write | ✖️ |
| POST /orgs/{org}/hooks/{hook_id}/pings | write | ✖️ |
| GET /orgs/{org}/hooks | read | ✖️ |
| GET /orgs/{org}/hooks/{hook_id} | read | ✖️ |
| GET /orgs/{org}/hooks/{hook_id}/config | read | ✖️ |
| GET /orgs/{org}/hooks/{hook_id}/deliveries | read | ✖️ |
| GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id} | read | ✖️ |
Repository permissions for "Actions"
Repository permissions for "Administration"
Repository permissions for "Checks"
Repository permissions for "Code scanning alerts"
Repository permissions for "Codespaces lifecycle admin"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop | write | |
| POST /user/codespaces/{codespace_name}/exports | write | ✖️ |
| POST /user/codespaces/{codespace_name}/start | write | ✖️ |
| POST /user/codespaces/{codespace_name}/stop | write | ✖️ |
| GET /user/codespaces/{codespace_name}/exports/{export_id} | read | ✖️ |
Repository permissions for "Codespaces metadata"
| Endpoint | Access | Additional permissions |
|---|---|---|
| GET /repos/{owner}/{repo}/codespaces/devcontainers | read | ✖️ |
| GET /repos/{owner}/{repo}/codespaces/machines | read | ✖️ |
| GET /user/codespaces/{codespace_name}/machines | read | ✖️ |
Repository permissions for "Codespaces secrets"
Repository permissions for "Codespaces"
Repository permissions for "Commit statuses"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /repos/{owner}/{repo}/statuses/{sha} | write | ✖️ |
| GET /repos/{owner}/{repo}/commits/{ref}/status | read | ✖️ |
| GET /repos/{owner}/{repo}/commits/{ref}/statuses | read | ✖️ |
Repository permissions for "Contents"
Repository permissions for "Dependabot alerts"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number} | write | ✖️ |
| GET /orgs/{org}/dependabot/alerts | read | ✖️ |
| GET /repos/{owner}/{repo}/dependabot/alerts | read | ✖️ |
| GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number} | read | ✖️ |
Repository permissions for "Dependabot secrets"
Repository permissions for "Deployments"
Repository permissions for "Environments"
Repository permissions for "Issues"
Repository permissions for "Metadata"
Repository permissions for "Pages"
Repository permissions for "Projects"
Repository permissions for "Pull requests"
Repository permissions for "Repository security advisories"
Repository permissions for "Secret scanning alerts"
Repository permissions for "Secrets"
Repository permissions for "Variables"
Repository permissions for "Webhooks"
Repository permissions for "Workflows"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /repos/{owner}/{repo}/git/refs | write | |
| PATCH /repos/{owner}/{repo}/git/refs/{ref} | write | |
| POST /repos/{owner}/{repo}/releases | write |
User permissions for "Block another user"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /user/blocks/{username} | write | ✖️ |
| DELETE /user/blocks/{username} | write | ✖️ |
| GET /user/blocks | read | ✖️ |
| GET /user/blocks/{username} | read | ✖️ |
User permissions for "Codespaces user secrets"
User permissions for "Email addresses"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PATCH /user/email/visibility | write | ✖️ |
| POST /user/emails | write | ✖️ |
| DELETE /user/emails | write | ✖️ |
| GET /user/emails | read | ✖️ |
| GET /user/public_emails | read | ✖️ |
User permissions for "Followers"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /user/following/{username} | write | ✖️ |
| DELETE /user/following/{username} | write | ✖️ |
| GET /user/followers | read | ✖️ |
| GET /user/following | read | ✖️ |
| GET /user/following/{username} | read | ✖️ |
User permissions for "GPG keys"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /user/gpg_keys | write | ✖️ |
| DELETE /user/gpg_keys/{gpg_key_id} | write | ✖️ |
| GET /user/gpg_keys | read | ✖️ |
| GET /user/gpg_keys/{gpg_key_id} | read | ✖️ |
User permissions for "Gists"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /gists | write | |
| PATCH /gists/{gist_id} | write | |
| DELETE /gists/{gist_id} | write | |
| POST /gists/{gist_id}/comments | write | |
| PATCH /gists/{gist_id}/comments/{comment_id} | write | |
| DELETE /gists/{gist_id}/comments/{comment_id} | write | |
| POST /gists/{gist_id}/forks | write | |
| PUT /gists/{gist_id}/star | write | |
| DELETE /gists/{gist_id}/star | write |
User permissions for "Git SSH keys"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /user/keys | write | ✖️ |
| DELETE /user/keys/{key_id} | write | ✖️ |
| GET /user/keys | read | ✖️ |
| GET /user/keys/{key_id} | read | ✖️ |
| GET /users/{username}/keys | read | ✖️ |
User permissions for "Interaction limits"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /user/interaction-limits | write | ✖️ |
| DELETE /user/interaction-limits | write | ✖️ |
| GET /user/interaction-limits | read | ✖️ |
User permissions for "Plan"
| Endpoint | Access | Additional permissions |
|---|---|---|
| GET /users/{username}/settings/billing/actions | read | ✖️ |
| GET /users/{username}/settings/billing/packages | read | ✖️ |
| GET /users/{username}/settings/billing/shared-storage | read | ✖️ |
User permissions for "Profile"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PATCH /user | write | ✖️ |
| POST /user/social_accounts | write | ✖️ |
| DELETE /user/social_accounts | write | ✖️ |
User permissions for "SSH signing keys"
| Endpoint | Access | Additional permissions |
|---|---|---|
| POST /user/ssh_signing_keys | write | ✖️ |
| DELETE /user/ssh_signing_keys/{ssh_signing_key_id} | write | ✖️ |
| GET /user/ssh_signing_keys | read | ✖️ |
| GET /user/ssh_signing_keys/{ssh_signing_key_id} | read | ✖️ |
User permissions for "Starring"
| Endpoint | Access | Additional permissions |
|---|---|---|
| PUT /user/starred/{owner}/{repo} | write | ✖️ |
| DELETE /user/starred/{owner}/{repo} | write | ✖️ |
| GET /user/starred | read | ✖️ |
| GET /user/starred/{owner}/{repo} | read | ✖️ |
| GET /users/{username}/starred | read | ✖️ |
User permissions for "Watching"
| Endpoint | Access | Additional permissions |
|---|---|---|
| GET /user/subscriptions | read | ✖️ |
| GET /users/{username}/subscriptions | read | ✖️ |