Forum Discussion
Web activity failure due to Invoking endpoint failed with HttpStatusCode - 403 -- help?
A 403 does not necessarily mean the credentials are wrong; it means the request that reached the provider was refused. The linked-service test and the Postman call also do not prove that Web Activity is sending the same URL, headers, body, or outbound IP.
For a third-party OAuth server, avoid Web Activity's Service Principal mode unless the provider uses Microsoft Entra ID. ADF documents that mode with tenant and resource for an Entra-issued token. For this ingestion scenario, use a REST linked service with authenticationType OAuth2ClientCredential and set tokenEndpoint, clientId, clientSecret, plus the provider's exact scope or resource, then use it in Copy Activity.
If you stay with Web Activity, compare it with Postman's generated request: POST the exact token endpoint, use Content-Type application/x-www-form-urlencoded, include grant_type=client_credentials, URL-encode the secret, and match scope/audience. Then pass the returned access_token as a Bearer token to the data request. If it still returns 403, ask the provider to check their logs and whether Azure Integration Runtime outbound IPs must be allow-listed.