How do I fix a 403 Forbidden error?

Confirm the user has the right role or permission Check server file permissions and access rules Verify API scopes and access policies Whitelist the IP if blocked by a firewall/WAF

403

Forbidden

4xx · Client Error

The server understood the request but refuses to authorize it.

What does HTTP 403 Forbidden mean?

The server understood the request but refuses to authorize it. Authentication may have succeeded, but the authenticated user does not have permission for the resource.

4xx responses indicate the request was faulty: bad syntax, missing authentication, or a resource that does not exist. The fix usually lives on the client/request side.

Common causes

Authenticated user lacks the required permissions/role
IP, geo, or firewall restrictions
Incorrect file/directory permissions on the server
Missing or invalid API scope

How to fix a 403 error

Confirm the user has the right role or permission
Check server file permissions and access rules
Verify API scopes and access policies
Whitelist the IP if blocked by a firewall/WAF

Related 4xx status codes

400 Bad Request 401 Unauthorized 404 Not Found 405 Method Not Allowed 409 Conflict 410 Gone 418 I'm a teapot 422 Unprocessable Entity 429 Too Many Requests

Look up and search every HTTP status code in one place.

Open the HTTP Status Code tool