--- id: 1052e91d-58ed-4308-87e8-e01d1143a146 type: problem title: "Gitea API 403 Forbidden - insufficient token scopes" tags: [gitea, api, authentication, "403", token, scopes, troubleshooting, homelab] importance: 0.7 confidence: 0.8 created: "2026-02-04T05:10:33.498045+00:00" updated: "2026-03-02T20:19:31.681317+00:00" relations: - target: 13c13f73-fe1d-4227-a3d1-45498f8d3d3b type: REQUIRES direction: incoming strength: 0.5 - target: b27fb831-811e-4103-b5f1-3c36d5b1ad20 type: RELATED_TO direction: incoming strength: 0.8 edge_id: d473792e-db72-4c96-a394-e9bd747d841d - target: deb7a7c2-fcc4-4c14-8140-9c80348c2de2 type: RELATED_TO direction: incoming strength: 0.75 edge_id: 587784c2-6850-45fd-9f9f-d858c446a843 - target: 4321bee8-105e-4fc8-b645-964d1234c966 type: RELATED_TO direction: incoming strength: 0.81 edge_id: 1310e0c2-bd3f-4c63-88d7-f8f12b256f1f - target: 4321bee8 type: RELATED_TO direction: incoming strength: 0.7 edge_id: 6f36e590-5589-4eed-9c7b-8e7efd43f9c2 - target: 45c21973-7fae-4cf7-b247-b40a757d54b0 type: RELATED_TO direction: incoming strength: 0.77 edge_id: 21f44795-4134-4ebf-b242-0d233ab82a17 --- PROBLEM: Gitea API returned 403 Forbidden with message 'token does not have at least one of required scope(s): [read:user]' ROOT CAUSE: API token was created without proper scopes/permissions selected in Gitea web UI. SOLUTION: When creating Gitea API tokens: 1. Go to Settings > Applications > Generate New Token 2. MUST select appropriate scopes: - 'read:user' - required for user info endpoints - 'write:repository' or 'repo' - required for branch protection - Or select 'repo' (full repository access) which includes both TESTING: Verify token scopes with: curl -H 'Authorization: token YOUR_TOKEN' https://git.manticorum.com/api/v1/user ERROR PATTERN: Look for 'does not have at least one of required scope(s)' in 403 responses. RELATED: For authenticated user's repos, use /api/v1/user/repos instead of /api/v1/users/{username}/repos