Menu
I want to passively check the permissions (scopes) of a GitHub security token passively (without pushing something into a repository). I tried the following command. I replaced your_username: your access token and the URL of my repo. But it shows an error.
curl: (3) URL using bad/illegal format or missing URL
curl -u your_username:your_access_token \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/collaborators/USERNAME/permission
741
asked Apr 24 '26 05:04
If the goal is to determine which scopes a token has access to, check the response header with prefix x-oauth-scopes (using curl with -I):
$ GITHUB_TOKEN=ghp_DefineYourOwnToken
$ curl -sS -f -I -H "Authorization: token ${GITHUB_TOKEN}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2- | tr -d "[:space:]" | tr ',' '\n'
Note that tr -d "[:space:]" above is essential for removing some unusual whitespace, failing which a matching command such as grep -x doesn't subsequently work correctly.
Sample output 1:
gist
repo
workflow
Sample output 2:
delete:packages
public_repo
read:packages
repo:invite
repo:status
Credit: answer by VK
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
