During migration, the website sends a OTP code. The account I am using is a Legacy account. When it sends the post request to the api to check if a OTP can be sent it returns a 403. Not sure exactly why, I tested using various Site-Referrer status (strict, origin) and across Firefox, Chrome, Safari, IE, Private mode, and on Mac and windows to no solution.