403 Forbidden means your Bearer token is valid but this operation is not allowed for your merchant account right now.
The problem
Typical causes:
- Merchant account still in compliance review
- Feature not enabled until KYB/KYC completes (payouts, API keys, payment links, refunds)
- Token scoped to a different environment than the resource
How to identify
- Log in to merchant.heydollr.app and check verification status
- Note which endpoint returns 403 (payout vs collection vs links)
- Confirm you are not mixing sandbox and production credentials
Solution
Complete verification
Submit required documents in the portal. Turnaround is typically 1–72 hours.
Retry after approval email
Regenerate API keys if needed, obtain a new token, and retry.
Use allowed features while pending
Some collection flows may work before payouts — align your integration order with portal messaging.
Still having issues?
Contact Support with merchant ID and the exact endpoint path.
Last modified on May 22, 2026
