cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bookings API By ID, returns 403 in postman, curl and custom apps, works fine on online API test tool

PrashantSoniHarman
Copper Contributor

‎Aug 31 2021 07:37 AM

‎Aug 31 2021 07:37 AM

Bookings API By ID, returns 403 in postman, curl and custom apps, works fine on online API test tool

We have deployed our custom app which consumes delegated graph AD app token for GET /bookingBusinesses/{id} API in our client environment. 

 

This token works fine with online API test tools like reqbin and webtools.

However, it fails with 403 forbidden for a console app, deployed Azure API app, azure function, CURL, Postman. 

 

Response Body:

{"error":{"code":"Forbidden","message":"Forbidden","innerError":{"date":"2021-08-31T13:32:09","request-id":"a10a3885-e96e-43b0-a242-11dff032f17a","client-request-id":"a10a3885-e96e-43b0-a242-11dff032f17a"}}}

 

We have set up the AD app in different tenants and it is working fine but it does not work in the client's tenant on custom apps and postman.  

 

The same token is working with online tools but not with custom apps and azure functions.

Is there any restriction that can be set up to block calls from certain clients? 

I have attached the token parsed diff file if that can help. 

 

 

 

 

 

 

Preview file
324 KB
831 Views
0 Likes
0 Replies
Reply
0 Replies