Why do I receive a "403 or 010: Not Allowed" error?

403 or 010 API error messages

After submitting an API call to Adyen, you might receive a 403 Not Allowed or Forbidden error in the API response. The API response we return looks like: 

   "status" : 403,

   "errorCode" : "010",

   "message" : "Not allowed",

   "errorType" : "security"

 It can come along with errorCode: 010, 802 and 701 and it indicates you’re missing the right permissions. This most likely means that your API credentials (web service user) (eg. ws@Company.[YourCompanyAccount]) doesn’t have the right roles for the request you’re trying to make.

Troubleshoot error messages

  1. If you’re doing a payments request by sending in raw (unencrypted) cardholder data, you need the API PCI Payments role for your webservice user. Note that on test we can enable this for you, but on live you need to be fully PCI compliant. Therefore, if you’re not fully PCI compliant, use our client-side solutions instead.
    1. To test a payment via a tool like Postman you can 'encrypt' test card details.
    2. To be granted the API PCI Payments on TEST role ask your admin to submit a request for this role.
    3. To have this role on LIVE, you have to be PCI Level 1 or Level 2 certified.
  2. If you’re testing via one of our client-side solutions such as Drop-in or Components and are experiencing this error, it means the webservice user is probably missing the Checkout webservice role.
    1. If so, submit a request to enable this role on TEST.
    2. To have this role on LIVE, you have to be PCI SAQ-A compliant.

Tip: Learn more on how to handle HTTP responses and error messages.


Learn more

Find more details on this topic.

Go to Adyen Docs
The illustration of support agent wearing a headset.

Do you need additional help?

Contact our support team

Send us the details of your issue by adding images or screenshots.

Submit a request