---
id: 1052e91d-58ed-4308-87e8-e01d1143a146
type: problem
title: "Gitea API 403 Forbidden - insufficient token scopes"
tags: [gitea, api, authentication, "403", token, scopes, troubleshooting, homelab]
importance: 0.7
confidence: 0.8
created: "2026-02-04T05:10:33.498045+00:00"
updated: "2026-02-04T05:10:33.498045+00:00"
relations:
  - target: 13c13f73-fe1d-4227-a3d1-45498f8d3d3b
    type: REQUIRES
    direction: incoming
    strength: 0.5
---

PROBLEM: Gitea API returned 403 Forbidden with message 'token does not have at least one of required scope(s): [read:user]'

ROOT CAUSE: API token was created without proper scopes/permissions selected in Gitea web UI.

SOLUTION: When creating Gitea API tokens:
1. Go to Settings > Applications > Generate New Token
2. MUST select appropriate scopes:
   - 'read:user' - required for user info endpoints
   - 'write:repository' or 'repo' - required for branch protection
   - Or select 'repo' (full repository access) which includes both

TESTING: Verify token scopes with:
curl -H 'Authorization: token YOUR_TOKEN' https://git.manticorum.com/api/v1/user

ERROR PATTERN: Look for 'does not have at least one of required scope(s)' in 403 responses.

RELATED: For authenticated user's repos, use /api/v1/user/repos instead of /api/v1/users/{username}/repos