diff --git a/changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml b/changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
index af44c1cd2639358173fd94f188c59f5c7e362b2b..ef8e93fca4350fadfb0bb593d2249da375139984 100644
--- a/changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
+++ b/changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
@@ -1,5 +1,5 @@
 ---
 title: Use read_repository scope on read-only files API
-merge_request:
+merge_request: 23534
 author:
 type: fixed
diff --git a/doc/api/repository_files.md b/doc/api/repository_files.md
index 658114eaa07b3cbe6d38d414854e755e14c82e84..57ab7408d7c9e8b4a10c04c1552c7931838d3386 100644
--- a/doc/api/repository_files.md
+++ b/doc/api/repository_files.md
@@ -4,18 +4,16 @@
 
 **Create, read, update and delete repository files using this API**
 
-The different scopes available using [personal access tokens][personal-access-tokens] are depicted
+The different scopes available using [personal access tokens](../user/profile/personal_access_tokens.md) are depicted
 in the following table.
 
 | Scope | Description |
 | ----- | ----------- |
-| `read_repository` | Allows read-access to the repository files |
-| `api` | Allows read-write access to the repository files |
+| `read_repository` | Allows read-access to the repository files. |
+| `api` | Allows read-write access to the repository files. |
 
 > `read_repository` scope was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23534) in GitLab 11.5.3.
 
-[personal-access-tokens]: ../user/profile/personal_access_tokens.md
-
 ## Get file from repository
 
 Allows you to receive information about file in repository like name, size,
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb
index 280950b0577513ed563119fd1168447c0a8933c2..620f9f5e1d6b8461fc6933f1a43b5d06d1a4082e 100644
--- a/spec/requests/api/files_spec.rb
+++ b/spec/requests/api/files_spec.rb
@@ -391,6 +391,24 @@ describe API::Files do
       expect(response).to have_gitlab_http_status(400)
     end
 
+    context 'with PATs' do
+      it 'returns 403 with `read_repository` scope' do
+        token = create(:personal_access_token, scopes: ['read_repository'], user: user)
+
+        post api(route(file_path), personal_access_token: token), params
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+
+      it 'returns 201 with `api` scope' do
+        token = create(:personal_access_token, scopes: ['api'], user: user)
+
+        post api(route(file_path), personal_access_token: token), params
+
+        expect(response).to have_gitlab_http_status(201)
+      end
+    end
+
     context "when specifying an author" do
       it "creates a new file with the specified author" do
         params.merge!(author_email: author_email, author_name: author_name)