`forbidden`

forbidden

Description

The caller is authenticated, but lacks the permission required by the endpoint.

HTTP Status

403 Forbidden

`doc_url` Format

The doc_url value is an absolute URL and changes by environment:

<docs-base-url>/errors/forbidden

Typical Causes

The access token is valid, but does not include the permission required for the route.
A restricted-access middleware rejected the caller (INSUFFICIENT_ROLES).
A required identity claim is absent from the token (the API response does not indicate which claim is missing).

Example

Response:

json

{
  "errors": [
    {
      "code": "forbidden",
      "message": "INSUFFICIENT_ROLES",
      "doc_url": "https://docs.example.com/errors/forbidden"
    }
  ]
}

How To Fix

Sign in with an account that has the required permission.
Check that endpoint's authentication requirements in the API reference and align your identity provider configuration with what that route expects.
Retry the request with a token that satisfies the access rule for that operation.

forbidden ​

Description ​

HTTP Status ​

doc_url Format ​

Typical Causes ​

Example ​