GitHub Actions "Resource not accessible by integration"
The GITHUB_TOKEN tried an API call it is not scoped for. This is a permissions problem, not a transient one, so retrying the job will not fix it.
What this error means
A step using the GITHUB_TOKEN fails with HTTP 403 "Resource not accessible by integration", typically when commenting, labeling, or creating a release.
github-actions
RequestError [HttpError]: Resource not accessible by integration
status: 403Common causes
Missing scope in permissions
The default token is read-only or lacks the specific scope (issues, pull-requests, contents) the call needs.
Org default token restricted
The organization sets the default GITHUB_TOKEN to read-only, so writes fail until granted explicitly.
How to fix it
Grant the exact scope needed
- Add a permissions block granting the required write scope.
- Scope it to the job that needs it for least privilege.
.github/workflows/ci.yml
permissions:
issues: write
pull-requests: writeHow to prevent it
- Declare explicit least-privilege permissions on every workflow.
- Map each API call to its required GITHUB_TOKEN scope.
Related guides
GitHub Actions default GITHUB_TOKEN permissions cause a 403Fix the GitHub Actions 403 caused by the repository or org default GITHUB_TOKEN being read-only, so write API…
GitHub Actions workflow does not contain permissions (default token)Fix the GitHub Actions warning that a workflow does not specify permissions and falls back to the repository…
GitHub Actions "permission denied" for packages: write (GHCR)Fix the GitHub Actions denied error pushing to GitHub Container Registry caused by the GITHUB_TOKEN missing t…