HTTP 403 Not Just Authorization Related

If you are integrating with an API that requires authorization and you get a HTTP 403 “Forbidden” response, your first instinct may be to start investigating your credentials and authorization methods. Before you do that, though, there is a simpler cause to eliminate from your inquiry.

The most common cause of the 403 status code in my experience is a bad URI.

So if the service is found at:

And you attempt to access it at (note the missing “s” in customers):

You may well get a 403.

It is always worth double-checking your URI before you start looking at the authorization (especially as completely incorrect authorization usually results in a 401 – a 403 would typically mean you have good credentials, but cannot access the resource, for example because of permissions).