Okay... I think I got it.
From the github doco:
Authentication
There are three ways to authenticate through GitHub API v3. Requests that require authentication will return
404 Not Found
, instead of403 Forbidden
, in some places. This is to prevent the accidental leakage of private repositories to unauthorized users.
I was expecting a 403 if Auth was a problem but they are throwing a 404, so basically I probably need to make sure I am auth'd correctly and all will be well.
SOLVED: I created a personal oauth token (under settings/applications) and add to curl request in header and it all works great.
curl -XPUT -H "Authorization: token MYSECRETTOKEN"