Bookings API By ID, returns 403 in postman, curl and custom apps, works fine on online API test tool

%3CLINGO-SUB%20id%3D%22lingo-sub-2703218%22%20slang%3D%22en-US%22%3EBookings%20API%20By%20ID%2C%20returns%20403%20in%20postman%2C%20curl%20and%20custom%20apps%2C%20works%20fine%20on%20online%20API%20test%20tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2703218%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20deployed%20our%20custom%20app%20which%20consumes%20delegated%20graph%20AD%20app%20token%20for%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fbookingbusiness-get%3Fview%3Dgraph-rest-beta%26amp%3Btabs%3Dhttp%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EGET%20%2FbookingBusinesses%2F%7Bid%7D%3C%2FA%3E%20API%20in%20our%20client%20environment.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20token%20works%20fine%20with%20online%20API%20test%20tools%20like%20%3CA%20href%3D%22https%3A%2F%2Freqbin.com%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ereqbin%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Fwww.webtools.services%2Fonline-rest-api-client%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ewebtools.%3C%2FA%3E%3C%2FP%3E%3CP%3EHowever%2C%20it%20fails%20with%20403%20forbidden%20for%20a%20console%20app%2C%20deployed%20Azure%20API%20app%2C%20azure%20function%2C%20CURL%2C%20Postman.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EResponse%20Body%3A%3C%2FP%3E%3CP%3E%7B%22error%22%3A%7B%22code%22%3A%22Forbidden%22%2C%22message%22%3A%22Forbidden%22%2C%22innerError%22%3A%7B%22date%22%3A%222021-08-31T13%3A32%3A09%22%2C%22request-id%22%3A%22a10a3885-e96e-43b0-a242-11dff032f17a%22%2C%22client-request-id%22%3A%22a10a3885-e96e-43b0-a242-11dff032f17a%22%7D%7D%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20set%20up%20the%20AD%20app%20in%20different%20tenants%20and%20it%20is%20working%20fine%20but%20it%20does%20not%20work%20in%20the%20client's%20tenant%20on%20custom%20apps%20and%20postman.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20same%20token%20is%20working%20with%20online%20tools%20but%20not%20with%20custom%20apps%20and%20azure%20functions.%3C%2FP%3E%3CP%3EIs%20there%20any%20restriction%20that%20can%20be%20set%20up%20to%20block%20calls%20from%20certain%20clients%3F%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20attached%20the%20token%20parsed%20diff%20file%20if%20that%20can%20help.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We have deployed our custom app which consumes delegated graph AD app token for GET /bookingBusinesses/{id} API in our client environment. 

 

This token works fine with online API test tools like reqbin and webtools.

However, it fails with 403 forbidden for a console app, deployed Azure API app, azure function, CURL, Postman. 

 

Response Body:

{"error":{"code":"Forbidden","message":"Forbidden","innerError":{"date":"2021-08-31T13:32:09","request-id":"a10a3885-e96e-43b0-a242-11dff032f17a","client-request-id":"a10a3885-e96e-43b0-a242-11dff032f17a"}}}

 

We have set up the AD app in different tenants and it is working fine but it does not work in the client's tenant on custom apps and postman.  

 

The same token is working with online tools but not with custom apps and azure functions.

Is there any restriction that can be set up to block calls from certain clients? 

I have attached the token parsed diff file if that can help. 

 

 

 

 

 

 

0 Replies
www.000webhost.com