RTFM: How a 403 Error Led Me to Build an Apple Business Roles & Permissions Checker

After the announcements at WWDC around the expanded Apple Business API, which lets you pull device information and audit events from Apple Business Manager, and also assign or unassign devices, I got into Xcode to start working with it. I quickly ran into an annoying error while using the Audit Events API: Raw response body: { "errors" : [ { "code" : "FORBIDDEN_ERROR", "detail" : "The API key in use does not allow this request", "id" : "b8ffb8f4-31e5-43a6-9f64-bd1ce47e8ae5", "status" : "403", "title" : "This request is forbidden for security reasons" } ] } The error was clear enough, but apparently I hadn’t used the right role or have the permissions to use this API....

July 16, 2026 · 3 min