Forbidden error deleting package versions via GraphQL API

I am following the doc here:

My user has permission to read write and delete packages from what I can see in the permissions (in Developer Settings > Personal Access Tokens), as well as full repo permissions.

There are no other settings I can see that relate to managing package versions.

The user can successfully read all of the package versions but as soon as I send the request (as per the doc) I receive a FORBIDDEN error of " does not have the correct permissions to execute DeletePackageVersion"
I have checked that I have used the correct Accept header (I get a different error if I don’t).

This feels broken or I have missed something

Any suggestions please?

1 Like

Hi Mike / @twistypigeon

I have a similar problem and it seems that OAuth permissions aren’t enough. The user must also have the Owner role for these packages. I’ve verified this by toggling the user’s role from Member to Owner and back.

Hope this helps

1 Like