Forbidden here, forbidden there

This is the message I’m always getting:

{'message': 'forbidden.'}

Whether I use my paper trading API Keys or the ones I got from OAuth Developer apps. Either way, the docs are unclear as to which keys I should use when trying to query simple data API. Endpoint:{symbol}{symbol}

What am I doing wrong? Which keys should I be using?

Version 1 of the Data API is forbidden. Just use the version 2 endpoints. But some URL for the v2 endpoints is different. For instance, the latest trade endpoint URL in v2 looks like this:{symbol}/trades/latest

No dice. Still says forbidden. Should I be using the keys from my paper wallet or the API keys that I created during App creation? Either way, both are giving me 403 Forbidden

I have the same thing.
Was working fine a few months ago and now forbidden for both paper and live keys.

It’s one thing to have code that doesn’t work, but for the hist feed to break randomly is unacceptable especially when I pay for the unlimited plan for rt feed.
I’m not aware of any breaking changes for v2 over the last few months. Isn’t part of versioning meant to address breaking changes?

I too have the same problem.

Bump. Same thing. Anyone have a solution?

@jjphung @Z223I

Hello guys.
The paper ID API, should use the sandbox endpoint, not the live one.
here is the sandbox endpoint:

The details, can be found here:

Thank you

1 Like

@algorithmatic @mcshakes

1 Like


please look at my answer above

1 Like

I am having the same issue right now.

Also I have to mention it HAS worked before with “//

I am on a paid plan.

I am using JS API as well as my requests saved in Postman - also with new Api Key/Secret

Is there any way to get appropriate support? “Contact” page refers to this forum and “Community” slack is currently only for Alpaca employees?

Also, I want to mention that the documentation states the following ( for example for crypto)

Base URL

The Crypto Data API provides historical data through multiple endpoints. These endpoints have the same URL prefix (omitted from now on):

This URL is the same for both subscription plans , there is no limitation

Authentication #

The authentication is done the same way as with the Trading API, simply set the following HTTP headers:


Also, when looking at the source code of the api, there is no difference if paper/live when using Market Data Api

I expect a more qualified answer to this issue.

Was able to solve this by regenerating keys.

Might have been a simple copy/paste error in my case - and if so, foolishly multiple times

I’m getting {“message”: “forbidden.”} on the python SDK, Postman and on my own simplified python connector. I get the same error when connecting to endpoints on;;

I’ve refreshed my keys.

What am I doing wrong? How do you connect to Alpaca via python?

Hello - this just started happening to me. It has been working fine for the past couple weeks. I have a paid plan and am actively using the API, however if I was hitting some rate limit, I would expect a different response. Also, the forbidden response has repeated over the past hour. Wondering if Alpaca is under maintenance again. I’ve noticed the status page is not always accurate.

I would like reals customer support to look into my account or at least a way to report an incident. Any ideas?

Turns out, if you reset your paper account balance - it also deletes your API keys. I should have figured that out sooner. Anyways, that’s what happened to me. Hope it helps someone.


Hi All,

I’m still getting the forbidden error, ‘b’{“message”: “forbidden.”}\n’, when trying to connect to the API using regular requests or using the SDK. Not sure what is wrong… I’ve tried regenerating my API keys multiple times.

Any help is appreciated.

Here is my attempt to access the account endpoint:

Figured it out using the SDK. Still curious why the request straight to the end point didn’t work though. As a nooby I’d love to understand.

Anyways, here is what worked for me:

1 Like