how i do this

[sonu-48390]

Select Topic Area

Question

Body

What is the reason behind the fact that you need to give permission to write to your repository even if the app only read the data and don't write anything.

I just wanted to use an app, but it requires write access, because pro version require read access to private repositories. But still have write access for no reason

[sonu-48390]

GitHub's API allows read access to both public and private repositories, but the requirements differ. Public repositories can be accessed without authentication, though using a token can help avoid rate limits. Private repositories, on the other hand, require authentication with a personal access token (PAT) or a GitHub App token that includes the proper scope—typically repo. If you try to access a private repository without the correct token or scope, you'll receive a 403 or 404 error. Common issues include missing scopes, using tokens with limited permissions, or hitting rate limits on unauthenticated requests.

[queenofcorgis]

@sonu-48390 I recommend updating the title of your post to be more in line what you're asking for help on as you're more likely to generate interest and get a response!

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[ShekhFaisal26]

The main reason an application requests “write” permission to your GitHub repositories — even if it only claims to read data — is due to how GitHub’s OAuth and API permission scopes are designed.

GitHub permissions are granular but grouped. Some scopes that allow reading certain private resources also implicitly include write capabilities, because GitHub does not provide separate “read-only” scopes for every possible API action.

🧠 Detailed Explanation

1.GitHub OAuth Scopes Are Broad
When an app requests permissions like repo, workflow, or project, it receives both read and write access to that area.
For example, there’s no separate repo:read scope; the repo scope gives full control (read/write/delete) over private repositories.

2.Private Repository Access
Apps that need to read private repositories must request the repo scope.
Unfortunately, the repo scope automatically includes write access, even if the app never uses it.
This is a limitation of GitHub’s current API design — not necessarily the app developer’s fault.

3.Pro Features & API Requirements
Many “Pro” or advanced features in third-party apps (like analytics, dashboards, or visualizers) require data from private repositories.
To access that data, they must request repo permission — which comes bundled with write rights.

4.Security Considerations
Responsible apps clarify that they will never modify your data, even though they technically have permission to.
Always review the app’s source code or privacy policy before authorizing.
GitHub’s fine-grained personal access tokens (introduced recently) help reduce this issue by allowing true “read-only” access for specific scopes.