diff --git a/website/docs/docs/dbt-cloud-apis/service-tokens.md b/website/docs/docs/dbt-cloud-apis/service-tokens.md
index 9553f48a013..f1369711d2b 100644
--- a/website/docs/docs/dbt-cloud-apis/service-tokens.md
+++ b/website/docs/docs/dbt-cloud-apis/service-tokens.md
@@ -115,3 +115,5 @@ To rotate your token:
4. Copy the new token and replace the old one in your systems. Store it in a safe place, as it will not be available again once the creation screen is closed.
5. Delete the old token in dbt Cloud by clicking the **trash can icon**. _Only take this action after the new token is in place to avoid service disruptions_.
+## FAQs
+
diff --git a/website/docs/faqs/Troubleshooting/ip-restrictions.md b/website/docs/faqs/Troubleshooting/ip-restrictions.md
new file mode 100644
index 00000000000..9f1aa41c574
--- /dev/null
+++ b/website/docs/faqs/Troubleshooting/ip-restrictions.md
@@ -0,0 +1,29 @@
+---
+title: "I'm receiving a 403 error 'Forbidden: Access denied' when using service tokens"
+description: "All service token traffic is now subject to IP restrictions. To resolve 403 errors, add your third-party integration CIDRs (network addresses) to the allowlist."
+sidebar_label: 'Service token 403 error: Forbidden: Access denied'
+---
+
+
+All [service token](/docs/dbt-cloud-apis/service-tokens) traffic is subject to IP restrictions.
+
+When using a service token, the following 403 response error indicates the IP is not on the allowlist. To resolve this, you should add your third-party integration CIDRs (network addresses) to your allowlist.
+
+The following is an example of the 403 response error:
+
+```json
+ {
+ "status": {
+ "code": 403,
+ "is_success": False,
+ "user_message": ("Forbidden: Access denied"),
+ "developer_message": None,
+ },
+ "data": {
+ "account_id": ,
+ "user_id": ,
+ "is_service_token": ,
+ "account_access_denied": True,
+ },
+ }
+```