When the API responds with a 403 Access Denied/Forbidden error, it can be for one of a few reasons:
Access Token permissions
- A read-only access token is being used to make a request to create or update a resource.
When creating an access token through the dashboard, you are given the option to allow read or read-write access. To create or update resources, a read-write access token must be used.
Restricted Endpoint usage
- A request is being made to a restricted endpoint to carry out one of the following actions for an account that is not using GoCardless Pro with approved payment pages, or your partner app hasn’t been approved to use custom payment pages:
If you’re not a Pro merchant, you can create customers using our redirect flow.
- A request is being made to create a refund with this feature having been enabled.
The refunds endpoint is disabled by default - you can contact us to request that we enable this for you by emailing help@gocardless.com.
If you still need help with an error message that you’ve received, please email api@gocardless.com with your request ID and the full error message and we’ll be happy to look into this for you.