Forbidden

The session is valid but lacks permission for this action.

Status: 403 Type: https://brivo.ltd/docs/identity/api/errors/forbidden

The request was authenticated successfully but the session does not have the permissions required to perform the action. This is different from Unauthorized, which means no valid session was present at all.

For actions that require re-authentication rather than additional permissions, see Sudo Required.

Common causes

  • Attempting to access another organisation's resources
  • Role does not include the required permission
  • Resource-level access control denied the request

Example

{
  "type": "https://brivo.ltd/docs/identity/api/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "You do not have permission to delete organisation members."
}

Resolution

Check that the authenticated user has the appropriate role for the action. Organisation-level permissions are managed at accounts.brivo.ltd.

On this page