"Unauthorized" and "GitHub API: Forbidden " for a public (open source) GitHub project


Non-logged in users cannot view codecov results for an open source project hosted on GitHub. E.g. this file report shows “GitHub API: Forbidden”. And this PR report shows “Unauthorized”.

Here are two screenshots made using the two example URLs. For the first one, it is extra confusing because there is no hint that logging in might help.

Commit SHAs

The issue is not specific to a SHA or PR, it affects basically everything other than the front page of our



CI/CD or Build URL

GitHub Actions


We use the bash uploader.

Codecov Output

Doesn’t seem relevant, let me know if you need it anyway.

Expected Results

The report should be shown. If that’s not possible, a clearer hint that one needs to login.

Actual Results

I get an error message about the data not existing / not being accessible. See screenshots.

Additional Information

None at this time.

@fingolfin I think this has been resolved for you, please let me know.

For future visitors, the issue should be resolved by adding the GitHub app integration

Thanks Tom, it indeed works now.

Regarding the GitHub app integration: we did (and still do) have that set up. I think I even removed and re-added it at some point (not recently) which helped fix some other issues. Maybe that’s what future visitors need to do?!?

I think you should be able to view reports without logging into Codecov (i.e. creating an account there).

Codecov still shows “Unauthorized” in an incognito window, the same as with Codecov etc.

@blueyed thanks, we’re aware of that issue with users who are not logged in. Unfortunately, the fix is a little more involved.