I'm receiving a 403 error when requesting data from the Mapbox static tiles API. This API call has been working fine until recently, and we haven't made any changes to our web server configuration, nor our URL policy.

We are accessing via a web page on one of the whitelisted domains, not a tool/CLI.

A 403 suggests that the issue is some kind of access issue. I tried removing the URL policy for the access token in question (to allow access from any domain), and this seemed to work - the API calls started succeeding again. So I think the problem only concerns tokens scoped to specific URLs/domains.

Here's an example of the 403 response headers I'm seeing;

Access-Control-Allow-Methods GET
Access-Control-Allow-Origin *
Cache-Control no-cache
Connection keep-alive
Content-Length 23
Content-Type application/json; charset=utf-8
Date Tue, 28 Sep 2021 15:41:04 GMT
ETag W/"17-bqIm6pxC4cx+ZoszvXxsClwgWw8"
Via 1.1 572270b8624c0596173ef8189682d917.cloudfront.net (CloudFront)
X-Amz-Cf-Id pxwf39dmi1zB3oFY9dvYia_dVZpcgKpYCTDJT5Vjfp85MsU8NuVeLA==
X-Amz-Cf-Pop LHR52-C1
X-Cache Error from cloudfront
X-Content-Type-Options nosniff
X-Edge-Origin-Shield-Skipped 0
X-Powered-By Express

In particular, the "X-Cache Error from cloudfront" header seems to be of interest - although not really informative enough for me to action anything off of it.