Forbidden (HTTP 403)

The HCSS API returns Forbidden (HTTP 403) if an authorization token lacks the required scope.  APIs typically have at least two scopes: one providing read access, and one providing read+write.  If the server responds with Forbidden Request, there are two likely scenarios:

1. You only have read access to the API, and you tried to make a call that requires write access. (POST/PUT/PATCH/DELETE)
2. You do not have access to the API at all.  (e.g., your app has access to HeavyJob data, but attempts to call the Safety API)

If you receive HTTP 403 Forbidden, double check the scopes you requested during the Request Tokens step.  If you'd like to add additional scopes to your project, send us an email!