I've had an application that embeds soundcloud links as valid players using the soundcloud API for awhile now, I recently noticed a moderate volume of 403 Unauthorized errors returning from track lookups (api.soundcloud.com/tracks/[TRACK NO].json?client_id=[CLIENT ID]).

The track I am testing with is https://soundcloud.com/crystal-castles/deicide, with a track id of 212943992.

I went to the URL in my browser and got the correct json returning, tried in incognito, 403. I cleared my soundcloud cookies, 403s suddenly. I've tried with multiple api keys with no success.

I cannot for the life of me figure out why certain songs would give me 403s from depending on the state of my cookies-why would the api even care about that if I have a valid api key? It doesn't seem like this track has any privacy settings (it is definitely embeddable, sharable, etc). What is so special about this track?

Can anyone shed any light on this situation?

EDIT: I've pinned it down a cookie. this cookie:

_session_auth_key [random value] api.soundcloud.com /tracks Session 47

when the call works, if I delete this cookie and get a new auth key, it fails.