auth.workspace_forbidden
The JWT or session does not grant access to the requested workspace.
auth.workspace_forbidden is returned when the current session or API key JWT does not have membership in the workspace identified by the request context. This is a cross-workspace access check that fires before any resource-level authorization.
The client is sending requests to a workspace the authenticated user or API key does not belong to. Common causes include hard-coded workspace IDs in scripts or API keys created for a different workspace.
Verify the workspace ID in the request matches a workspace the current session or API key belongs to. If using API keys, confirm the key was created for the correct workspace.
{
"error": {
"code": "auth.workspace_forbidden",
"message": "session does not have access to this workspace",
"request_id": "req_01900000abc"
}
}