If you created the token you're using through the Applications page, then this token will have these scopes: user, public_repo, repo, gist. You can verify this by making an API request with that token and looking at the response HTTP headers:
curl -v -H 'Authorization: token xxx' https://api.github.com
Look for the X-OAuth-Scopes response header which will have the list of scopes:
X-OAuth-Scopes: user, public_repo, repo, gist
However, to delete a repository, the token needs to have the delete_repo scope.
So, you need a token that has different scopes than the one you have. You can create such a token using the Authorizations API:
curl -v -u username -X POST https://api.github.com/authorizations -d '{"scopes":["delete_repo"], "note":"token with delete repo scope"}'
This will return a JSON document with the new token which you should be able to use to delete a repository:
{
"id": XXXXX,
"url": "https://api.github.com/authorizations/XXXXX",
"app": {
"name": "GitHub API",
"url": "http://developer.github.com/v3/oauth/#oauth-authorizations-api",
"client_id": "00000000000000000000"
},
"token": "XXXXXX",
"note": "token with delete repo scope",
"note_url": null,
"created_at": "2013-10-11T20:34:49Z",
"updated_at": "2013-10-11T20:34:49Z",
"scopes": [
"delete_repo"
]
}
Of course, when creating a token this way, you can ask for multiple scopes, not just the delete_repo scope.
Also, as a side-note, the reason why the API is returning a 404 error when you don't have the right authorization is to prevent information leakage.
