Allowing 403 errors to pass CI lets us know that the API is still active but it doesn't like robots pinging its endpoint without a key.