The request sent to the server was formed correctly and authorization parameters were valid but the target server refused it.
- Make sure you are authorized to access the resources you are requesting.
- Check if you have the appropriate rights granted to fetch/change resources.
- In case of calls that use OAuth and access token, make sure that the right scopes are requested or end-user accepted consent, requested by the client application.
For example, If a call tries to fetch an account that doesn't belong to the customer who is authenticated via OAuth, 403 error code will be returned.
Updated about 2 years ago