Next: Limitations, Previous: Use the JavaScript OctoKit, Up: GitHub API Authentication---Personal Access Tokens [Index]
If the token is invalid, the server will respond with a 401 status and a "bad credentials" message.
curl --header "Authorization: token invalid" https://api.github.com/notifications
{
"message": "Bad credentials",
"documentation_url": "https://developer.github.com/v3"
}
If the token does not have the required scopes, the server will respond with a 403 status and an explanatory message.
curl --header "Authorization: token d64761df071c2bf517ceb063b279432ed2f89c62" \
https://api.github.com/notifications
{
"message": "Missing the 'notifications' scope.",
"documentation_url": "https://developer.github.com/v3/activity/notifications/#list-your-notifications"
}
New scopes cannot be added to existing tokens, you will have to create a new token with the required scopes selected to address 403 errors.