Unclear permissions for accessing organization sponsorship data via GraphQL API

[darjeeling]

Select Topic Area

Question

Body

Hello,

I’m trying to use the GitHub GraphQL API to query organization sponsorship data via the lifetimeReceivedSponsorshipValues field. However, it is not clear what exact permissions are required to successfully retrieve this information.

Here is my current situation:

• I am an Owner of the organization.
• I have also been granted Billing Manager permissions in the organization settings.
• Despite this, when I run GraphQL queries (via gh api graphql or using a Personal Access Token), the result is always null or I get the error Resource not accessible by personal access token.

---

My questions

1. Which role/permission is strictly required in order to query organization { lifetimeReceivedSponsorshipValues }?

   • Is Owner enough?
   • Is Billing Manager strictly required?
   • Or is there another “billing” or “sponsors” permission that I’m missing?

2. Where exactly in the Organization Settings can I confirm or manage these permissions?

   • For example, how do I check whether a member is properly designated as a Billing Manager?
   • How do I delegate this role to others?

3. What is the recommended authentication method?

   • Is a Personal Access Token (PAT) sufficient (and if so, which scopes)?
   • Or is a GitHub App with specific permissions the recommended approach?
   • If a GitHub App is better, what permissions/scopes must be granted to make this query succeed?

---

Background

My goal is fairly simple:
I just want to fetch a list of sponsors for my organization, sorted by their lifetime contribution value, and pull basic profile info (login, name, URL).

My GraphQL query looks like this:

query($org: String!) {
  organization(login: $org) {
    lifetimeReceivedSponsorshipValues(
      first: 10
      orderBy: { field: LIFETIME_VALUE, direction: DESC }
    ) {
      nodes {
        sponsor {
          __typename
          ... on User { login name url }
          ... on Organization { login name url }
        }
        amountInCents
        formattedAmount
      }
    }
  }
}

[awais4212]

The likely issue: Your PAT probably only has repo scope, not read:org. Even as Owner, the API token itself needs the right scopes

[RaymondB05]

Hello ,

You are correct that the GitHub Sponsors API documentation for the organization.lifetimeReceivedSponsorshipValues field is not very clear regarding the exact permissions required. Below is a detailed summary of what is needed and why your query may return null or the error Resource not accessible by personal access token.

1. Required Role in the Organization

Being the organization owner is not always sufficient. To query sponsorship-related data, you must either:

Be the organization owner and have the Sponsors manager role, or

Use a GitHub App configured with the sponsors:read permission.

In practice:

If you see the “Sponsors” tab in your organization settings, your account can access this data.

If not, your account does not yet have the Sponsors admin role.

2. Managing Permissions

To verify or delegate sponsorship roles:

Go to Organization → Settings → Sponsorships

Click on Manage sponsorship settings

From there, you can:

See who manages Sponsors

Add or remove Sponsors managers

Enable GitHub Sponsors if it is not yet activated

Note: The Billing Manager role does not automatically include Sponsors permissions; these are two distinct roles.

3. Authentication Requirements
   Option 1 — Personal Access Token (PAT)

You can use a personal access token, but only if:

It belongs to a user who has access to GitHub Sponsors for the organization, and

It includes the following scopes:

read:org
read:sponsors

The read:sponsors scope has been required since 2023 for any GraphQL access to GitHub Sponsors endpoints.
If your PAT does not include this scope, you will receive the following error:

Resource not accessible by personal access token

You can check and configure your token here:
Settings → Developer settings → Personal Access Tokens → Fine-grained tokens

Ensure that:

The token is authorized for your organization, and

The Sponsors: Read-only permission is enabled.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬