Solved

API 403 forbidden issue

  • 14 April 2022
  • 6 replies
  • 1188 views

Badge +7

Hello,

 

Would anybody know how to troubleshoot 403 forbidden API error?

 

I am trying to acquire QSDK token, well basically to login, to continue my queries, but it straight away gives out 403 error. I don’t even see the attempt in webserver.log of commcell to which I query for QSDK token..

Ports 80,443 are open and working correctly, all firewalls are allowed.. I am not even sure where to check.

 


 

 

 

auth[‘url] variable is: http://ipaddressofcommcell/webconsole/api/

self.cs_login_url variable is: '<DM2ContentIndexing_CheckCredentialReq mode="Webconsole" username="<<username>>" password="<<password>>" />'

 

Does not matter what credentials I use, I’ve tried admin account of commcell, I’ve tried my own domain account, with all of them I can login to JAVA GUI with no issues.

 

Any ideas where to start looking?

icon

Best answer by Mike Struening RETIRED 27 April 2022, 17:42

View original

If you have a question or comment, please create a topic

6 replies

Userlevel 7
Badge +15

Hi @benjaminas 

Thanks for the question, it looks like ports might be the issue.

There are a few ways to access APIs: Available Web Services for REST API

Usually, I would expect to see an internal request use the Web Server URL over http:81:

 http://web_server_host:81/SearchSvc/CVWebService.svc/.

But the method you have specified is using the Web Console redirector for webconsole/api, but using http.

There is a default redirect on Web Console using http:80, to automatically push connections to https:443.

Please try using https:

https://ipaddressofcommcell/webconsole/api/

Thanks,

Stuart

Badge +7

Hi @Stuart Painter 

 

I’ve tried the method http://web_server_host:81/SearchSvc/CVWebService.svc/ also - same situation.

 

The port situation:
 



Oh and I forgot to mentioned, it worked 2 days ago.. and yes - no changes were made! :)



 

Userlevel 7
Badge +15

Hi @benjaminas 

Thank you for the extra details, the 403 response suggests that a connection is being made because the service is returning that error code, so that proves tcp connections are being made.

Something is different from 2 days ago, we need to figure out where.

The Web Console is an endpoint redirect to the actual Web Service, so somewhere the connection is getting denied with 403 forbidden - is it the Web Console part or the follow on Web Server part?

Or potentially some other service in between your API client and the Web Console is interfering with the connection and returning the 403 response.

Are you able to check the webConsole.log on the Web Console machine to see what messages are reported when you make connection request?

Thanks,

Stuart

Badge +7

Hi @Stuart Painter 



I logged into commserv server to which I run the API to get the QSDK (it holds that webserver) - there are even no entries in the log of the attempt of the mentioned API call… So where in the world the deny comes.. :|

Userlevel 7
Badge +15

Hi @benjaminas 

I would like to check the webconsole.log on the Web Console server, because it’s a 403 response, I’m guessing this is coming from Tomcat (or something else) rather than the Web Service (IIS).

We might be reaching the end of what we can achieve here in Community and we may be better served here with a support ticket to progress this issue.

If you do raise a support ticket, please feel free to PM me the number so that I can track internally.

Thanks,

Stuart

Userlevel 7
Badge +23

Sharing case solution:

Finding Details:

Issue:
=====
REST API returns error 403 forbidden error.

Solution:

The API is showing the status as 200 which is the OK message but on the output, it says 403 error.

The API was working fine without any issues since the 12th of April and suddenly it got stopped.

Checked the webserver.log after increasing the debug level but did not any error reported on the logs.

They are trying to run the API through the python SDK.

Tried pinging the Commserv "81.225.177.246" but the ping was disabled.

Checked the required ports are open 80,81 and 443.

We tried following the documentation and running the API but did not make any difference.

Suggested the below steps to the customer:

- use the HTTPS: on the API call as the certificate was imported recently.

Example: https://Webserver host name/webconsole/API/Login