Discussions
Persistent 403 Forbidden on /v1/sessions/start Despite Successful /v1/sessions/token (NextJS)
last month by Vinc'
Hi there,
I am attempting to implement the LiveAvatar (Free) API using a Next.js (Node.js) API route, and I am encountering a critical authentication issue on the second step of the session creation process.
- Access Token Retrieval (Step 1: SUCCESS)
- Endpoint: POST https://api.liveavatar.com/v1/sessions/token
- Authentication: X-Api-Key header (using my valid primary API key).
- Result: 200 OK. I successfully receive a JWT access_token.
- Live Avatar Session Start (Step 2: FAILURE)
- Endpoint: POST https://api.liveavatar.com/v1/sessions/start
- Request Body: The body is fully structured (including avatar_id, mode: "FULL", avatar_persona, etc.) to prevent 422 errors.
- Result: 403 Forbidden with the response body: {"code":4003,"data":null,"message":"Not authenticated"}.
Failed Authentication Attempts for /sessions/start (All return 403 or 401 errors):
- Using the access_token in the standard header: Authorization: Bearer [token].
- Using the access_token without the prefix: Authorization: [token].
- Using the primary API Key (instead of the access token) in the X-Api-Key header.
- Using the access_token in the X-Api-Key header.
Core Questions: - What is the exact, required authentication protocol expected by the /v1/sessions/start endpoint when using the access_token received from /token?
- Does the Free plan have a specific restriction that causes the access_token generated by /token to be immediately rejected or invalid for the /start endpoint?
Thanks!