Resource not accessible by personal access token for dispatch of workflow in project repository

[3ng7n33r]

Select Topic Area

Question

Body

I want to trigger a workflow from a repository dispatch within the repository of an organization.
I am sending a POST request to:
https://api.github.com/repos/_project_/_repo_/dispatches
with a personal access token in the authorization header like explained here

It is a fine grained access token with the organization as owner and the following rights:

• Read access to code and metadata
• Read and Write access to actions

When I send the request I get the following 403 response:

{
"message": "Resource not accessible by personal access token",
"documentation_url": "https://docs.github.com/rest/reference/repos#create-a-repository-dispatch-event"
}

I am not sure what I am supposed to use. How else can I authenticate for repository dispatch events of an organization?
The "Allow access via fine-grained personal access tokens" setting of that organization is activated so that's not it.

[swati-tc]

Did you find any solution for this? I'm running into a similar issue.

[zoul]

We had a similar problem and what helped us was regenerating the token.

[kevholmes]

I tried re-generating with no luck. I was trying to make a PUT request to create a new environment (the fine-grained token had read+write access to the Environments scope which is described as Manage repository environments) and kept getting a 403. I eventually had to give the fine-grained token read+write to Administration which is described as Repository creation, deletion, settings, teams, and collaborators. and the request successfully goes through after that modification only 🤷🏽

[gberenice]

We have a similar issue with a fine-grained PAT created by a Member of Organization (requested and approved).
It's a request GET /repos/{owner}/{repo}/vulnerability-alerts, which according to the docs require read for Repository administration, and these permissions are granted.
If a PAT is created by an Owner with the same list of permissions, all good.

[Qix-]

This is silly. This is giving a backdoor to any repository given a leak instead of scoping it directly to a specific action.

It's been 10 years, Github. Get your ACLs figured out already.

[rwojsznis]

If you are coming here from the internet search - do yourself a favor and check repository access as well when using scoped tokens - kinda already covered by @gberenice, but lemme elaborate:

I had a token with read & write access to the actions and read to metadata; triggering workflow should just work, right? Wrong. (Bot account) User had a triage access to the repository and it seems what's needed is a write repo access to trigger the workflow.

The 403 I was getting was really confusing and I'm falling into same trap every freaking time I had to create a new scoped token 😅

[alejoar]

The fine-grained permission you need to trigger an action workflow is "Contents".

[hoa-pham82]

Thank you so much, that saved my life!!

[PaiJi]

Thanks!

[david-alvez]

Thanks!

[kountaydwivedi]

The fine-grained permission you need to trigger an action workflow is "Contents".

This helped me. thanks.

[Foticing]

Thank you for your help. Your assistance successfully resolved a problem that had been unsolved for four hours.

[juristr]

What I needed to set is read/write on the Contents permissions: https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28#repository-permissions-for-contents

[arashmad]

That's a cool documentation that shows right access for each action.
I tried to sync labels from a .yml configuration file and I got 403 using a custom action.
Then by checking this link you mentioned, I find only read and write in issues are enough.

[oerol]

I was able to dispatch a workflow by setting the Actions permission to Read and write in my fine-grained personal access token. Setting the Contents permission did not help me here.

[Tyr-Wang]

Plz watch out workflow type that you want to trigger: if you want to call /repo/:owner/:repo/dispatch which means repo dispatch, then u must set Contents:write. see manual here. It works without actions permission.

but if you want to trigger /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches which means workflow dispatch (equals manual trigger), then u need actions:write. see manual here

[actforjason]

This solved my problem

[petabook]

As of April 2025, I had success with:
Read access to metadata
Read and Write access to actions
Read and Write access to workflows