After you have created an API User with the correct access for making REST API calls to your Marketo instance, you still receive a response with Error 603 Access Denied even when making API calls using an up-to-date access token that you manually created.
The most likely resolution is that you have Web Service IP Restrictions enabled on your instance.
- Go to Admin > Web Services
- Click the Edit button next to the IP Restrictions box
If IP Restrictions are turned on and there are no IP addresses listed, all calls to the Marketo REST API endpoint will fail. If IP Restrictions are turned on and the IP making the API call is not listed, add it to the list and save. You can also set up wildcard IP addresses here to cover a range of IP addresses.
You can learn more about whitelisting IP addresses in Marketo in the article "Create a Whitelist for IP-Based API Access".
If you have confirmed that IP Restrictions are NOT enabled and have also gone through our API User documentation to ensure the API User is set up correctly but your calls are still failing as Access Denied, please create a support case.