BessaPay Developer Portal
BessaPay Developer Portal
← Back to Error Reference

Forbidden Error

Overview

A Forbidden error occurs when the server understands the request but refuses to authorize it. This error is returned with HTTP status code 403.

Unlike an Unauthorized error, authentication is not the issue here. The client is authenticated but doesn't have sufficient permissions to perform the requested action or access the requested resource.

Error Details

  • Type: https://bessapay.net/errors/forbidden
  • Status: 403 Forbidden
  • Error Code: FORBIDDEN
  • Title: Access to the requested resource is forbidden

Common Scenarios

  • API key has insufficient permissions or scopes
  • Attempting to access another user's resources
  • Attempting to modify a resource that is in a read-only state
  • Rate limiting or usage limitations (in some cases)
  • Account restrictions due to policy violations

Example Error Response

Forbidden Error Response
1{
2  "type": "https://bessapay.net/errors/forbidden",
3  "title": "Access to the requested resource is forbidden",
4  "status": 403,
5  "detail": "Your account does not have permission to access this resource",
6  "instance": "/api/v1/users/456/transactions",
7  "error_code": "FORBIDDEN",
8  "timestamp": "2023-06-15T09:23:45Z"
9}

How to Fix

1. Check your access permissions

Ensure that your account or API key has the necessary permissions to perform the requested action. Review the permission scopes associated with your API key in your BessaPay dashboard.

2. Verify resource ownership

Make sure you're only attempting to access resources that belong to your account. API endpoints that include user IDs or resource IDs must match those associated with your account.

3. Request additional permissions

If you need access to additional resources, contact your administrator or upgrade your account to a plan that includes the necessary permissions.

4. Check for account restrictions

Your account may have temporary restrictions due to security concerns or policy violations. Check your account status in your BessaPay dashboard.

Code Example: Handling Forbidden Errors

JavaScript Error Handling
1// Example of handling forbidden errors in JavaScript
2async function accessUserData(userId) {
3  try {
4    const response = await fetch(`https://api.semuni.com/v1/users/${userId}/data`, {
5      headers: {
6        'Authorization': `Bearer ${apiKey}`,
7        'Content-Type': 'application/json'
8      }
9    });
10    
11    if (response.status === 403) {
12      const errorData = await response.json();
13      console.error('Permission error:', errorData);
14      
15      // Handle the forbidden error
16      if (errorData.error_code === 'FORBIDDEN') {
17        // Show permission denied message to the user
18        showPermissionDeniedMessage();
19        
20        // Optionally, provide guidance on how to obtain the necessary permissions
21        suggestPermissionUpgrade();
22      }
23      return null;
24    }
25    
26    const data = await response.json();
27    return data;
28  } catch (error) {
29    console.error('Error accessing user data:', error);
30    return null;
31  }
32}