diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a5dda217a..dbe1a286b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -233,6 +233,8 @@ jobs:
           
       - name: Fetch GUI dist
         run: make fetch-gui
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Cache
         uses: actions/cache@v5
diff --git a/bin/fetch-gui-dist.sh b/bin/fetch-gui-dist.sh
index 3460f3727..bf37bbebb 100755
--- a/bin/fetch-gui-dist.sh
+++ b/bin/fetch-gui-dist.sh
@@ -14,9 +14,19 @@ TAG_FILE="${DEST}/.tag"
 
 CURL_OPTS=(-fSs --retry 5 --retry-delay 2 --retry-all-errors)
 
+# Use GITHUB_TOKEN (or GH_TOKEN) if present so that GitHub API calls are
+# authenticated. Unauthenticated calls are limited to 60/hour per source IP,
+# which is regularly exhausted on shared GitHub Actions runners.
+AUTH_HEADER=()
+TOKEN="${GITHUB_TOKEN:-${GH_TOKEN:-}}"
+if [ -n "${TOKEN}" ]; then
+    AUTH_HEADER=(-H "Authorization: Bearer ${TOKEN}")
+fi
+
 # Get the latest release info
 echo "Checking latest release of ${REPO}..."
-RELEASE_JSON=$(curl "${CURL_OPTS[@]}" \
+RELEASE_JSON=$(curl "${CURL_OPTS[@]}" "${AUTH_HEADER[@]}" \
+    -H "Accept: application/vnd.github+json" \
     "https://api.github.com/repos/${REPO}/releases/latest") || {
     echo "Error: failed to fetch release info from GitHub API" >&2
     exit 1
@@ -50,7 +60,7 @@ TMPFILE=$(mktemp /tmp/rclone-gui-dist.XXXXXX.zip)
 trap 'rm -f "${TMPFILE}"' EXIT
 
 echo "Downloading dist.zip from ${TAG}..."
-curl -L "${CURL_OPTS[@]}" -o "${TMPFILE}" "${ASSET_URL}" || {
+curl -L "${CURL_OPTS[@]}" "${AUTH_HEADER[@]}" -o "${TMPFILE}" "${ASSET_URL}" || {
     echo "Error: failed to download dist.zip" >&2
     exit 1
 }