404s for any authed request on REST API

When trying to GET a private repo (curl https://api.github.com/repos/ORG/REPO):

{
  "message": "Not Found",
  "documentation_url": "https://docs.github.com/rest/reference/repos#get-a-repository"
}

Add a PAT (curl -i -u ORG:PAT https://api.github.com/repos/ORG/REPO or curl -i -H "Authorization: token PAT" https://api.github.com/repos/ORG/REPO):

HTTP/2 404
server: GitHub.com
date: Wed, 05 May 2021 19:09:40 GMT
content-type: application/json; charset=utf-8
content-length: 117
x-oauth-scopes: delete_repo, repo
x-accepted-oauth-scopes: repo
x-github-media-type: github.v3; format=json
x-ratelimit-limit: 5000
x-ratelimit-remaining: 4966
x-ratelimit-reset: 1620243563
x-ratelimit-used: 34
x-ratelimit-resource: core
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
x-github-request-id: XXXX

{
  "message": "Not Found",
  "documentation_url": "https://docs.github.com/rest/reference/repos#get-a-repository"
}

As shown above, x-oauth-scopes: delete_repo, repo and x-accepted-oauth-scopes: repo, so PAT does have the required scope.

I get the same on just about any request (create repo, etc.)

Anyone have a clue of what’s going on?

Hi @pheel,

Strange as it works for me.
One thing I have found is many REST APIs responses will return a “Not Found”, rather than “does not have permission” for reasons of security/disclosure. So a “Not Found” root cause can be permission related, and community members have been confused by this when diagnosing problems.

Are you trying to access your user owned private repository or organization owned private repository? You example text implies organization “ORG”. I only ask as the token scope (‘repo’) and user permissions are two different things.
If its user permissions related a user owned repository you PAT I would expect to implicitly have access to its own user owned repositories with a correctly scoped token.
With an organization owned repository the user will need permissions granted to that organization.

Can you access a public repository repository successfully using the same syntax?
Another simple test I guess would be logged in on the browser GUI (as the owner of the PAT you created and are using in the curl request) can you view the target repository contents you are trying to query in your curl command that is returning “Not Found”?.

1 Like

I think I might have had the wrong PAT, because now it’s working :sweat_smile: . Marking your reply as solution, @byrneh.