Common · shared

Forbidden 403

Authenticated, but not allowed to perform this action.

type https://errors.swepay.com.br/common/forbidden

What this means

The request was authenticated, but the caller is not permitted to perform the requested operation on the target resource. The credential is valid — it simply lacks the required permission, scope, or an active subscription.

Unlike Unauthorized, refreshing the token will not help; the principal genuinely lacks access.

Common causes

The token is missing the scope or role required for this operation.
The tenant is suspended, cancelled, or its trial has expired.
The resource belongs to a different tenant than the caller.

How to resolve

Confirm the authenticated principal has the required scope and that the tenant's subscription is active. If the tenant is suspended, cancelled, or on an expired trial, billing must be resolved before access is restored — contact your account owner. Retrying without changing permissions will keep failing.

Example response

HTTP 403 · application/problem+json

{
  "type": "https://errors.swepay.com.br/common/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "Your subscription is not active. Renew to restore access.",
  "instance": "/v1/certificates"
}

References

Machine-readable: /common/forbidden.json