Using personal access token to access code for a private repository in an organization


I am in charge of trying to retrieve the json data from a file in a private repository in my company’s organization. I am an owner of the organization, but keep getting either a 404 or 401 error when using my personal access token generated from my GitHub account.

  • Why I can’t use OAuth

    This node app is going to be used as a part of GH Actions in a repository, and a user won’t be able to login to verify access at every push to the repository. Hence why I am looking for a solution using an access token of some sort.

Things I tried:

  • I tried enabling all privileges for the access token. (the rest were done with all privileges enabled)
  • Switching between and, adding and removing the .raw part of the Accept header each time.
  • Using each URL with and without the Accept header.
  • Using Authorization: "token TOKEN" and Authorization: "Bearer TOKEN" with each URL.
  • Using a repository from my own account and that WORKS great with the access token I generated.

Code that I’m currently using

    // "", // results in 404 error
    "", // results in 403 error
      headers: {
        // request the v3 version of the api
        Accept: "application/vnd.github.v3.raw+json",
        "Content-Type": "application/json;charset=UTF-8",
        Authorization: `token ${process.env.GH_TOKEN}`,
    res => {
    const statusCode = res.statusCode;
    const contentType = res.headers["content-type"] || "";

    let error;
    if (statusCode !== 200) {
       error = new Error(
         "Request Failed.\n" +
           `Status Code: ${statusCode}: ${res.statusMessage}`
    } else if (!/^application\/json/.test(contentType)) {
      error = new Error(
        "Invalid content-type.\n" +
          `Expected application/json but received ${contentType}`
    if (error) {
      // consume response data to free up memory

    let rawData = "";
    res.on("data", chunk => (rawData += chunk));
    res.on("end", () => {
      try {
        const parsedData = JSON.parse(rawData);
      } catch (e) {
        if (e instanceof Error) console.log(e.message);
.on("error", e => {
  console.log(`Got error: ${e.message}`);

Sort-of “working” but not ideal solution

What does work is using this URL:, with the generated token being added after clicking the Raw button from the repo page. I don’t want to use this token obviously for a production Action.

How can I get this to work? Is it even possible at this time?