Forum Discussion
Shows 403 when trying to do "get"->api.security.microsoft.com/api/dataexportsettings via code
Hi,
There are some ways to verify all this.
If you are using an app registration, you want to use the application permissions and not delegated.
If that is checked, maybe the issue is on the token itself. Ensure your token is correctly obtained and correctly used where you need it.
One of the things you can do to verify the token contains what you need it to contain is transforming it into JWT. Print a token and search for the JWT tool from Microsoft. Review that all permissions are correct, the app matches yours, etc
With that it should be enough to make a first check. If not, show how are you using the token.
Fr4nsec Thanks for replying.
Below are the roles I have when I try the token on JWT.
All of those are "Application" permissions. Here's what I do after getting the token -
$token = "TOKENHERE"
$headers = @{
'Content-Type' = 'application/json'
Accept = 'application/json'
Authorization = "Bearer $token"
}$url = "https://api.security.microsoft.com/api/dataexportsettings"
Invoke-WebRequest -Method Get -Uri $url -Headers $headers
What I get -
Any idea which permission I'm lacking here? Any suggestions are appreciated!
KeshavKhanna I think it's something to do with the application not having permission to access the API. When trying to create a new export setting, I get this error: {"error":{"code":"Forbidden","message":"Application context is not allowed to access this API. Expected user context.","target":"|."}}
