diff --git a/.changeset/cuddly-glasses-battle.md b/.changeset/cuddly-glasses-battle.md
new file mode 100644
index 0000000000..b9cfbbcb99
--- /dev/null
+++ b/.changeset/cuddly-glasses-battle.md
@@ -0,0 +1,7 @@
+---
+'@backstage/integration-react': patch
+---
+
+Remove unnecessary broad permissions from Gitlab SCMAuth
+
+Newer versions of Gitlab (after 2019) do not require the broad api permissions to write to repos.
diff --git a/packages/integration-react/src/api/ScmAuth.test.ts b/packages/integration-react/src/api/ScmAuth.test.ts
index d252b95b85..e63ce2844c 100644
--- a/packages/integration-react/src/api/ScmAuth.test.ts
+++ b/packages/integration-react/src/api/ScmAuth.test.ts
@@ -105,7 +105,7 @@ describe('ScmAuth', () => {
         additionalScope: { repoWrite: true },
       }),
     ).resolves.toMatchObject({
-      token: 'read_user read_api read_repository write_repository api',
+      token: 'read_user read_api read_repository write_repository',
     });
 
     const azureAuth = ScmAuth.forAzure(mockAuthApi);
diff --git a/packages/integration-react/src/api/ScmAuth.ts b/packages/integration-react/src/api/ScmAuth.ts
index a22b15e400..6257915c8c 100644
--- a/packages/integration-react/src/api/ScmAuth.ts
+++ b/packages/integration-react/src/api/ScmAuth.ts
@@ -162,7 +162,7 @@ export class ScmAuth implements ScmAuthApi {
    *
    * If the additional `repoWrite` permission is requested, these scopes are added:
    *
-   * `write_repository api`
+   * `write_repository`
    */
   static forGitlab(
     gitlabAuthApi: OAuthApi,
@@ -173,7 +173,7 @@ export class ScmAuth implements ScmAuthApi {
     const host = options?.host ?? 'gitlab.com';
     return new ScmAuth('gitlab', gitlabAuthApi, host, {
       default: ['read_user', 'read_api', 'read_repository'],
-      repoWrite: ['write_repository', 'api'],
+      repoWrite: ['write_repository'],
     });
   }