Skip to content
Latchkey

Netlify "Not authorized" (NETLIFY_AUTH_TOKEN) in CI

The Netlify CLI needs a personal access token to deploy non-interactively. Without NETLIFY_AUTH_TOKEN (or a wrong token), the API rejects the request as unauthorized.

What this error means

A netlify deploy step fails with "Error: Not authorized" or "Error: Failed to deploy" preceded by an auth message about NETLIFY_AUTH_TOKEN.

Netlify CLI
Error: Not authorized. To deploy, set the NETLIFY_AUTH_TOKEN environment variable.

Common causes

No token in the environment

CI cannot run an interactive netlify login, so without NETLIFY_AUTH_TOKEN the CLI has no credential.

An expired or revoked token

The token was rotated or revoked in Netlify user settings, so the API rejects it as unauthorized.

How to fix it

Set NETLIFY_AUTH_TOKEN from a secret

  1. Create a personal access token in Netlify under User settings, Applications.
  2. Store it as a CI secret named NETLIFY_AUTH_TOKEN.
  3. Expose it to the deploy step env.
.github/workflows/ci.yml
env:
  NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}

Pass the token to the deploy command

You can also pass it directly with --auth if you prefer not to set it in the env.

Terminal
netlify deploy --prod --auth $NETLIFY_AUTH_TOKEN

How to prevent it

  • Keep the Netlify token in CI secrets only.
  • Rotate the token on a schedule and update the secret in one place.
  • Set NETLIFY_AUTH_TOKEN at the job level for all CLI calls.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →