403 on device subscriptions


We are having an issue connecting to the URL returned by the Subscription API.

We use the AUTH token and send a request to a Subscription API, which returns a structure with a URL in it when we try to connect to that URL we get a Forbidden (403).

We started seeing this issue since yesterday. Is there a change on the API side that might have caused this issue ?

Thanks in advance


Tagging @nayelyz

As a result we are unable to receive any device status updates.

Hello @khelkhelmain,

This error could appear due to the token type and scopes, or the InstalledAppId used to create the subscription.
If you are using an API access app, make sure you are requesting the subscription creation using the InstalledAppId granted with the Access Token. Here is an example of the response from the Oauth/token endpoint:

    "access_token": "xxxx-xxxx-xxxx",
    "token_type": "bearer",
    "refresh_token": "xxxx-xxxx-xxxx",
    "expires_in": 86399,
    "scope": "r:locations:* x:devices:* r:devices:*",
    "installed_app_id": "xxxx-xxxx-xxxx",
    "access_tier": 0

If you are using a SmartApp, would you please share with me the logs of the request to create the subscription and its response?


Another developer working on the same issue with @khelkhelmain.

The code was working for weeks, months.

The current situation is the request to :


returns NoContent, and a Subscriptions json, with subid, regurl, name and filters.

The request to connect to the regUrl returns a 403.

The code was running fine one day, and then in the morning started receiving the 403 responses.

We had recently had some adjustments to our API levels and possibly this is related.

Will post requests / responses shortly.

Login response :
AccessToken granted
ResponseScopes = “r:devices:* x:devices:* r:locations:*”

Request to v1/subscriptions

“subscriptionId”: “xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”,
“registrationUrl”: “https://xxxxxx-xxxxxx-xxxxx.api.smartthings.com/xxxx/xxxxxx-xxxxx-xxxxx-xxxxx-xxxxx”,
“name”: “xxxxxx”,
“version”: 1,
“subscriptionFilters”: [{
“type”: “LOCATIONIDS”,
“value”: [“xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”]

The request to the regURL with token, responds with 403.

I am having the exact same issue. Like the others, my code had been running fine for me for over a year so something recently changed. I first began receiving reports of the 403 errors on 10/7/2020.

My application is not using a SmartApp. It’s using a personal access token generated from the URL below. Even with every option checked on the token page, it’ll still send a 403 Forbidden Error when trying to listen to the event stream.

What I find odd is that I am still able to create the subscription with the POST request. It’s only when I send the GET request to the “registrationUrl” that it fails.

As a work around I’ve implemented periodic device polling but I’d much prefer listening to the events so I don’t have to worry about exceeding API rate limits.

Hello @bvenhaus,

Would you please open a support ticket by sending an email to build@smartthings.com and share with me this information?

  • Are you using an API Access app or you are interacting with the SmartThings API using only the Personal Access Token? (If you are using an API Access App, please, include its App ID obtained from the Developer Workspace)
  • Complete logs of the request to create the subscription and its response

Thanks for looking into this @nayelyz! I just sent an email with the information you’ve requested. In the email, I attached a TXT file with the logs. If for some reason that got removed, let me know & I can resend it.

Everything appears to be working again! I just tested it a little bit ago & no more 403 errors :slightly_smiling_face:

Hi @nayelyz

Was anything changed to resolve the issue ? Is there a place we can get notifications about changes to the service so we are aware of changes ?