403 or 010 API error messages
After submitting an API call to Adyen, you might receive a 403 Not Allowed or Forbidden error in the API response. It can come along with errorCodes: 010, 802 and 701 and it indicates you’re missing the right permissions. This means most likely your API credentials (web service user) (eg. ws@Company.[YourCompanyAccount]) doesn’t have the right roles for the request you’re trying to make.
Troubleshoot error messages
- If you’re doing a payments request by sending in raw (unencrypted) cardholder data, you need the API PCI Payments role for your webservice user. Note that on test we can enable this for you, but on live you need to be fully PCI compliant. Therefore, if you’re not fully PCI compliant, use our client-side solutions instead.
- To test a payment via a tool like Postman you can 'encrypt' test card details.
- To be granted the API PCI Payments on TEST role ask your admin to submit a request for this role.
- To have this role on LIVE, you have to be PCI Level 1 or Level 2 certified.
- If you’re testing via one of our client-side solutions such as Drop-in or Components and are experiencing this error, it means the webservice user is probably missing the Checkout webservice role.
- If so, submit a request to enable this role on TEST.
- To have this role on LIVE, you have to be PCI SAQ-A compliant.
Tip: Learn more on how to handle HTTP responses and error messages.