Unexpected 403 error when requesting documents API directly

Hi! I'm integrating my team's Python app with Prismic using the documents API directly, as the community Python kit is outdated. My goal is to fetch prismic documents from my Python/Flask application.

Request: 'GET' https://{repository_name}.cdn.prismic.io/api/v2/search?ref=Ze9HCREAACEAzZHD&access_token={access_token}

Error: 403 Forbidden {"message": "Missing Authentication Token"}

I believe that I have formatted my request correctly, and I have confirmed that I am using the correct access_token and repository_name. Is there something I'm missing here?

Thank you!

1 Like

Hi April,

I'm not sure why you're getting this error, but you could try setting your repo security to open if it's causing problems. All your content will be visible on your website anyway, and no one can make any changes to your repo if the content API is set to open, so there's no risk to sercurity.

You'll also have to remember that your ref changes every time content is published:
ref=Ze9HCREAACEAzZHD

So you must always first query the API endpoint to get and pass the latest ref to your document search query:
https://your-repo-name.cdn.prismic.io/api/v2

Thanks.

Setting our repository to 'open' did not resolve the issue. However, I was able to get this resolved.

The documents API returns 403 forbidden when the q param is not present or correctly formatted, which should be 400 Bad request. The docs don’t say that q is required either. The request succeeded as expected once I added a valid q to the query params.

Can we log a bug with the Prismic dev team to fix this up?

1 Like

The team is already tracking/planning to improve the API error messaging, but I'll add this thread to the tracker for that.