What is HTTP Response Status Code 403 Forbidden?
HTTP response status code 403 Forbidden indicates that the server understands the request but refuses to authorize it. This is typically due to insufficient permissions or access restrictions.
When is HTTP Response Status Code 403 Forbidden Used?
The 403 status code is used when the client is authenticated but does not have permission to access the requested resource.
Example 1: Accessing Restricted Data
# Client sends a request to access restricted data.
GET /admin/settings HTTP/1.1
Host: www.example.com
Authorization: Bearer valid_token
# Server Response
HTTP/1.1 403 Forbidden
Date: Wed, 09 Oct 2024 14:20:00 GMT
Server: Nginx/1.18.0
{
"error": "You do not have permission to access this resource."
}
Example 2: Trying to Delete an Admin Resource
# Client attempts to delete an admin-level resource.
DELETE /admin/user/12345 HTTP/1.1
Host: api.example.com
Authorization: Bearer valid_token
# Server Response
HTTP/1.1 403 Forbidden
Date: Wed, 09 Oct 2024 14:22:00 GMT
Server: Apache/2.4.41 (Ubuntu)
{
"error": "You are not authorized to delete this user."
}
Summary
The HTTP 403 Forbidden status code is used when the client is denied access to a resource even though they may be authenticated. It signifies access is explicitly restricted for the requested action.
