Thanks for responding so quickly. Yes you are correct: I am using the GitHub push feature. I can run the operation you suggested and I can also access the swagger file from my repository using.
curl -H "Authorization: token TOKEN" https://api.github.com/repos/ORG/REPO/contents/DIR/MYAPI.json?ref=master
Is there some other github operation that you try and perform that needs additional scope/permissions? I created a GitHub user that has read-only access to the repository and I've created a token for that user with "repo" scope. Could it be that you require "admin:repo_hook" scope and an admin user so you can set up a web hook to call you when the file is merged into the branch? Is there a more secure way of handling this? One way is to ask users to create their own repo hook using a curl command that you supply. You can read how werker solved this problem here.
Having admin access to your users' github repositories is a security liability that you probably want to avoid.
In any case, reporting the github operation and the error in the email message is probably a nice idea.
Hi, you do need write access to your repos because the integration has permission to save the swagger definition to it. You do not need write access--the following should suffice:
Give that a shot and let us know how it goes
