403 ForbiddenWhat 403 Forbidden means
HTTP 403 means the server understood your request completely and refused to fulfill it. Authentication isn't the issue — credentials may be valid or unnecessary — the server has simply decided you aren't allowed. Unlike a 401, retrying with credentials won't change the answer; something about the requester has to change.
403s split into two families with different fixes. Application-level 403s are genuine permission checks: your API token lacks a scope, your account can't access the resource, a file's ACL excludes you. Infrastructure-level 403s are access-control filtering: a WAF or anti-bot layer scored your request as automated, your IP range is blocklisted, the content is geo-restricted, or repeated requests from one address escalated into a block.
For scraping and data pipelines the second family dominates, and the response body usually tells you which one you're facing: JSON with an error code points to application permissions; an HTML challenge page, a reference ID, or a bare 'Access Denied' points to filtering — meaning the fix is your traffic profile, not your code.