When you send an HTTP request to a SharePoint site or its API and receive a 403 Forbidden error, the request is reaching the server but the server is refusing to authorize it. This usually happens because the user, app, or service principal making the request lacks the correct permissions on the SharePoint resource. The error can also appear when a sharing link or token has expired, or when conditional access policies block the request. This article explains the most common causes of a 403 error in SharePoint and provides step-by-step fixes that end users can apply without needing SharePoint admin rights.
Key Takeaways: Fixing HTTP 403 Errors in SharePoint
- SharePoint site permissions check: Verify you have at least Read access to the site or document library you are requesting.
- SharePoint sharing link expiration: Regenerate a new sharing link if the current one has expired or been revoked.
- Azure AD conditional access: Ensure your device or network meets your organization’s security policies before making the request.
Why SharePoint Returns a 403 Forbidden Error
The HTTP 403 status code means the server understood your request but refuses to authorize it. In SharePoint, this happens for one of three core reasons.
Missing or Insufficient User Permissions
Every SharePoint site and item has a permission set. If you send an HTTP request to a site where you are not explicitly added as a member or visitor, SharePoint returns 403. This applies to REST API calls, browser requests, and requests from third-party apps. The same happens when you use a user account that has been removed from the site or Microsoft 365 group.
Expired or Invalid Access Tokens
When you use OAuth tokens or sharing links to access SharePoint, those tokens have a finite lifetime. A default sharing link for anonymous access expires after 30 days in most tenants. If you try to use an expired token or a token that was issued for a different scope, SharePoint rejects the request with 403.
Conditional Access or IP Restrictions
Your organization may have Azure AD conditional access policies that block access from untrusted locations, unmanaged devices, or specific client applications. Even if you have the correct SharePoint permissions, the request fails at the authentication layer. The browser or app receives a 403 because the token is not valid under the policy.
Steps to Fix a 403 Error in SharePoint
Before you start, confirm that you are using the correct SharePoint site URL. A typo in the URL can produce a 404 or 403 depending on how the server handles it. Also verify that the SharePoint site is active and not under a site lock or read-only mode set by an admin.
- Check your SharePoint site permissions
Open the SharePoint site in a browser. Click the gear icon in the top-right corner and select Site permissions. Under Site sharing and Site members, confirm that your account is listed. If you are not a member, ask the site owner to add you. For document library access, the library may have unique permissions. Click the library name, then select Library settings > Permissions for this document library to verify your access level. - Regenerate a new sharing link
If you received a 403 while using a sharing link, the link may have expired. Go to the SharePoint document library, select the file or folder, and click Share. In the sharing dialog, click Copy link and then People with existing access or Specific people. Set an expiration date if needed. Use the new link to make the HTTP request. - Clear browser cache and cookies
Outdated authentication cookies can cause 403 errors in browser-based requests. In Chrome, click the three-dot menu > Settings > Privacy and security > Clear browsing data. Select Cookies and other site data and Cached images and files. Click Clear data. Restart the browser and try the request again. - Reauthenticate with your Microsoft 365 account
Sign out of all Microsoft 365 services. Go to https://login.microsoftonline.com and sign out. Close all browser windows. Open a fresh browser window and sign in at https://www.office.com. Then navigate to the SharePoint site and repeat the HTTP request. - Check if the site is in read-only mode
An administrator can set a SharePoint site to read-only. In the browser, look for a banner at the top of the site that says This site is set to read-only. If you see this, no write operations will succeed. Contact your SharePoint admin to remove the read-only lock. - Test with a different device or network
Conditional access policies often restrict access from personal devices or external networks. If possible, try the HTTP request from a company-managed device connected to the corporate network. If the request succeeds, the issue is likely a conditional access policy. Contact your IT help desk to request an exception or to enroll your device in management.
If SharePoint Still Returns 403 After the Main Fix
HTTP request from a third-party app or script
If you are using a custom script, Power Automate flow, or third-party app to make HTTP requests to SharePoint, the 403 error often comes from an expired or missing access token. Re-authenticate the app or service principal. In Power Automate, open the SharePoint connection and click Fix connection or delete and recreate the connection. For scripts using the SharePoint REST API, regenerate the OAuth token using the Microsoft Authentication Library.
403 error when uploading files via OneDrive sync
OneDrive sync may return a 403 when the synced library has unique permissions that do not include your account. Pause sync, go to the SharePoint library in a browser, and verify your permissions as described in step 1. After confirming access, resume OneDrive sync.
403 error on a SharePoint site that was recently migrated
If a site was moved from one tenant to another, or from SharePoint Server to SharePoint Online, the URL may change. Old bookmarks or cached links pointing to the old URL will return 403. Navigate to the new site URL directly and update any saved links or scripts.
Common HTTP Status Codes vs 403 in SharePoint
| HTTP Code | Meaning in SharePoint | User Action |
|---|---|---|
| 200 OK | Request succeeded | No action needed |
| 401 Unauthorized | Missing or invalid authentication | Sign in again or provide a valid token |
| 403 Forbidden | Authenticated but not permitted | Check permissions, token scope, or conditional access |
| 404 Not Found | Site or resource does not exist | Verify the URL |
| 429 Too Many Requests | Rate limit exceeded | Wait and retry |
After you resolve the 403 error, test the HTTP request again. If the error persists, collect the full error details including the request ID and timestamp. Share these with your SharePoint administrator or IT support team. They can review the SharePoint Unified Audit Log and Azure AD sign-in logs to identify the exact blocking policy or permission gap.