Reference
Provider token scopes
Required scopes for GitHub and GitLab API tokens.
GitHub
| Task | Scope |
|---|---|
| Read issues/PRs | repo (private) or public_repo (public) |
| Publish release | repo |
| Read packages (Pro) | read:packages |
Tokens live at: Settings → Developer settings → Personal access tokens → Tokens (classic) or Fine-grained tokens.
GitLab
| Task | Scope |
|---|---|
| Read issues | api |
| Publish release | api |
Tokens live at: User Settings → Access Tokens (personal) or Project → Settings → Access Tokens (project-scoped).
Troubleshooting
- 401 — wrong scope. Regenerate with the scopes above.
- 403 — valid token, wrong permissions on the repo. Verify repo/project membership.
- 404 on a private repo — usually a missing scope; GitHub returns 404 instead of 403 for auth failures on private repos.