Rest API 403 Forbidden Error while Update module cell data
Using below link I am trying update module cell data using Transactional APIs using Postman.
But I am getting 403 Forbidden error. I am able to use all other GET request successfully.
Please find below screen shot:
I can manually login to Anaplan and update the cells manually but unable to do the same using APIs.
I have full authorizations as shown below:
I am not sure what I am missing. Please help.
It might be obvious, but still.
Did you replace orange variables in Header for token and URL (WS & Model IDs)?0
Yes, I am using environment variable feature of postman for ease of use and chaining the requests.
Orange variable are environment variables and their values are maintained. I have tried passing the values directly without variables as well but same result.
Your input module has only 2 lists ? Are you sure about dimension ID ?
Member id selected is only base member ?
Line item selected is an input line item (without any formula) ?
Did you try to upload to an other module or line item of the module ?
The Transactional APIs require workspace admin rights, so I'd check again if you have Workspace Admin privileges in the workspace that the model you are trying to update. I know your screenshot showed you have Workspace Admin, but it could potentially be across a different Workspace.0
I checked all the IDs and seems to be correct. I got the IDs from other GET requests as mentioned in below link
I am trying to update one cell value in the module which has 2 dimensions Time and Product
Below is the dimension IDs I get
Not sure if this is a right way but in order to double-check IDs I made a change manually in exact same field which I am trying to update in Anaplan and tried to analyze request body in inspect, seems values I am passing are correct.
Values in request body from inspect and values in Postman are mapped with color coding for your reference:
I am not an expert in APIs, hope I am looking at right place.
Appreciate your help.
Yes I have Workspace admin rights for all the Workspaces. (We have only 2 Workspace).
Okay thanks for checking - on a random thought are you using a bot account/integration account to authenticate, and not your actual profile that you log in via the front end? I use a bot account that we have a certificate configured to authenticate, rather than my own personal credentials.0
I am using Basic Authentication using personal credential to get the authentication token, which is working fine in other GET requests. We are still in implementation phase and so far we have not created an integration account.
Is there any limitation in using personal account?
Not that I'm aware of. 403 errors are normally not as a result of the request being malformed, and neither to do with your credentials being invalid; rather, it could be something to do with security on the model side... I just checked model role (which doesn't seem to be the issue, if the model role isn't set correctly it returns a 404), malformed requests (i.e. incorrectly formatted body) which returns a 400, not really sure what else to check unfortunately 😞
I'll try the Workspace Admin setting tomorrow when my colleague is online, unfortunately I can't switch myself off Workspace Admin.0
@MayankPtry with disabled SSO if you didn't yet.0
We have not configured single Sign on.0
Thanks and appreciate your help Kevin...0
This error indicates that the server has determined that you are not allowed access to the thing you've requested, either on purpose or due to a misconfiguration . It's probably because the site owner has limited access to it and you don't have permission to view it. The vast majority of the time, there's not much you can do to fix things on your (*client) end. There are four common causes for 403 Forbidden error (server side) . Here they are listed from most likely to least likely:
- An empty website directory
- No index page
- Incorrect settings in the .htaccess file
- Permission / Ownership error
If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.0