HTTP Status Forbidden from Paper API Server

Hello. My REST calls for account info are getting a forbidden HTTP 403 response. I tried checking with the curl command at Authentication but it’s also forbidden. I’m trying to access

I tried regenerating my API keys but it didn’t help. Any ideas? I’ve looked at a lot of the ‘similar to’ topics but none have had the answer.

Are you using algo to access your account ?

@trevdawg122 Try the following request. It fetches account info for a demo account. If you can get that to respond, then replace the API key and secret key with your own paper account keys. That should then return info for your account. If you get a forbidden error then either your key or secret key are incorrect.

curl --location '' \
--header 'APCA-API-SECRET-KEY: J3sV2W1nGK4PchSxb2jR1g5daSovyFcqLbgAABxB'

Does that help?

It’s a python script using the alpaca_trade_api library.

@Dan_Whitnable_Alpaca, that does help. I tried your curl command syntax for the demo account and my account and they both returned successful request responses. I then tried my original script and it worked as well. I’m not sure what happened so it’s probably safe to say I got confused. The example from the page I shared earlier, Authentication, still doesn’t work and that didn’t help my confusion.

Thanks for helping me troubleshoot!

@Dan_Whitnable_Alpaca , I found out what was going on. I reset my account thinking it was only resetting my portfolio. With that knowledge I now see this has confused others in the past and you suggested fixing it. See below. Thanks again.

I am facing this issue also.

@trevdawg122 I can certainly relate to the issues/frustrations with having the API keys reset when resetting a paper account. This behavior, however is not going to change anytime soon. It may help to understand that resetting an account doesn’t simply ‘reset’ the various values. In the background, an entirely new account is created. The old account isn’t really deleted. Actually, you can still access the orders etc from an old account by using the old API keys (which also can create some confusion).

@Dan_Whitnable_Alpaca it’s not a big problem since I’m aware and assuming I don’t forget again! How about something to notify the user in the UI that if they reset they’ll also need new keys to access the account info?

@trevdawg122 Good callout. I’ll pass it on to the UI team that a notification may needed when resetting an account.