Skip to content
Latchkey

Netlify CLI deploy "Not authorized" (token missing) in CI

The Netlify CLI could not authenticate non-interactively: "Not authorized to access this resource" means NETLIFY_AUTH_TOKEN is missing or expired, or NETLIFY_SITE_ID refers to a site the token cannot reach. The CLI cannot prompt for a login in CI.

What this error means

netlify deploy fails with "Error: Not authorized to access this resource" (or a 401). Local deploys using a saved login work; CI without the token env var does not.

netlify-cli
Error: Not authorized to access this resource
    at ... (netlify-cli)
# NETLIFY_AUTH_TOKEN unset or expired, or NETLIFY_SITE_ID not accessible by this token

Common causes

NETLIFY_AUTH_TOKEN is missing or expired

The CLI reads a personal access token from NETLIFY_AUTH_TOKEN. If it is unset in the job or has been revoked, the deploy is unauthorized.

The token cannot access the target site

A valid token belonging to a user without access to the NETLIFY_SITE_ID site is rejected for that resource.

How to fix it

Provide the token and site id via env

  1. Create a Netlify personal access token.
  2. Store it and the site id as secrets.
  3. Expose them as NETLIFY_AUTH_TOKEN and NETLIFY_SITE_ID to the deploy step.
.github/workflows/ci.yml
- name: Deploy to Netlify
  run: npx netlify deploy --prod --dir=dist
  env:
    NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
    NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}

Confirm the token and site with status

Run netlify status to verify the token authenticates and can see the site before deploying.

Terminal
npx netlify status

How to prevent it

  • Set NETLIFY_AUTH_TOKEN from a secret in every deploy job.
  • Store NETLIFY_SITE_ID for the correct site.
  • Rotate the token in one place and update the secret.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →