403 when attempting the use any of the private APIs

Identity Security Cloud (ISC) ISC Discussion and Questions
1

{{url}}/cc/api/identityAttribute/list

I’m trying to modify a custom IDN attribute to be searchable. I seem to get a 403 on any of the cc APIs. Other APIs seem to be working fine, such as creating a template.

What am I missing? I’m using sp scopes all.

2

According to my notes, the “IdentityAttribute/list” API uses the “v1” endpoint without “.api” in the URL - so it’s “https://tenant.identitynow.com/cc/api/IdentityAttribute/list”. I just tested with a couple environments and that worked for me.

3

Yes, the full url I am using is https://-sb.identitynow.com/cc/api/identityAttribute/list

4

Screenshot 2023-10-02 132803
Screenshot 2023-10-02 132803754×524 23.7 KB

This screenshot is showing that I’m trying to extend the samaccountname IDN attribute to be searchable.

Still getting a 403 error. The screenshot shows a Get, but using a Post.

5

As part of troubleshooting this I went as far as creating a new postman account and import all of the existing collections.

with the cc based url with the recent collection download, I was able to execute /cc/api/rule/list just fine. I was not able to get the IdentityAttribute/list withthe cc (private) api, as it still gives a 403.

6

When you say you’re using sp scopes, that makes me wonder what type of credentials you’re using. Are you using a personal access token or application client credentials you generated in the admin section?

EDIT: Nevermind, you’d get a 401 if you were using a non-PAT cred

7

I think I ran into a similar circumstance and it ended up being because (maybe?) I was including too many fields in the POST body. Check out the request body in this post. I narrowed my update down to just the attributes it had and it worked. dateType IdentityProfile attribute issue - #4 by AnamicaShroti

{
  "displayName": "MyCustomAttr",
  "name": "mycustomattr",
  "searchable": true,
  "sources": [{
      "properties": {
        "ruleName": "Cloud Promote Identity Attribute",
        "ruleType": "IdentityAttribute"
      },
      "type": "rule"
    }
  ],
  "type": "string"
}
8

Thanks Mark. Still getting the 403 error.

403
403664×650 54.5 KB

Also get the error just doing a Get for a list.

403a
403a802×628 38.2 KB

9

Have you tried this from a script, or only in Postman/Postman plugin for VS Code? Could it be something as simple as your Authorization header not being present? Check your “Headers” tab to ensure it’s in there and has the correct Bearer Token.
Also, try clearing your cookies from the “Cookies” link under the “Send” button.

10

Hi @ts_fpatterson,

From what I have deciphered, these could be some potential issues:

  • The PAT ID and Secret come from an account that do not have sufficient privileges (try creating a PAT with an Org Admin identity)
  • The scope set for the token is not set properly (requires sp:scopes:all)
  • The Postman environment variables set might not have the correct values (this can be rectified by entering the proper values for the variable under the initial value column and clicking on Reset All)

Hope this helps!

11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.