DevToolbox

HTTP 403 Forbidden

The server understood the request but refuses to authorize it.

4xx Client Error

403

Forbidden

Description

The 403 Forbidden status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload. If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client should not automatically repeat the request with the same credentials. The client may repeat the request with new or different credentials, but repeating with the same credentials is pointless. An origin server that wishes to hide the current existence of a forbidden target resource may instead respond with 404 Not Found to avoid revealing the resource's existence.

When Is It Used?

Returned when the user is authenticated but does not have permission to access the requested resource. Common scenarios include trying to access an admin panel as a regular user, accessing another user's private data, or attempting an operation that requires elevated privileges.

Example Response

HTTP/1.1 403 Forbidden
Content-Type: application/json

{"error": "forbidden", "message": "You do not have permission to access this resource"}

Related Status Codes

401

Unauthorized

Authentication is required and has failed or has not been provided.

404

Not Found

The server cannot find the requested resource.

405

Method Not Allowed

The request method is known by the server but not supported for the target resource.

Look Up Any Status Code

Browse all status codes