The server understood the request but refuses to authorize it. Authentication won't help — the user lacks permissions.
// Server-side
res.setHeader('Access-Control-Allow-Origin', 'https://yourdomain.com');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');Configure CORS headers if the 403 is caused by cross-origin requests.
ObserveOne tracks permission errors and identifies misconfigured access policies.
Start Monitoring FreeThe request requires authentication. The client must provide valid credentials.
The client has sent too many requests in a given time period. The server is rate-limiting to protect itself.
The server cannot process the request due to malformed syntax, invalid parameters, or bad encoding.
The server cannot find the requested resource. The URL may be wrong, the resource may have been deleted, or the route doesn't exist.
The HTTP method (GET, POST, PUT, DELETE) is not supported for this endpoint.