OAI Secure - Adding User-Agent Header to Resolve 403 Forbidden Error in Cumulocity

Divya_Krishnamurthy · October 4, 2024, 1:14pm

Hello,

When a new tenant is created in Cumulocity, the default login mode is set to OAI Secure, and the “Forbidden for web browsers” toggle is enabled. Consequently, our custom application encounters a 403 Forbidden error while attempting to fetch data. According to the documentation (Basic settings - Cumulocity documentation), it is necessary to include an additional User-Agent header in the request. Could you please provide a sample code to demonstrate how to accomplish this?

We are currently using the following method for authentication: Cumulocity Web SDK - v1021.13.3

Thanks,
Divya K

Tristan_Bastian · October 4, 2024, 1:40pm

Hi @Divya_Krishnamurthy,

I guess you are misinterpreting the documentation. Your web browser will automatically add the User-Agent header to every request, that it sends. There is no option to change the User-Agent header that is added by your browser within e.g. your javascript code.

You could add the user agents sent by your browsers to the trusted user agents here:

In general you should try to avoid basic auth where ever possible. I would suggest to use e.g. Client.authenticateViaOAuthInternal instead.

Regards,
Tristan

system · April 2, 2025, 1:40pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to config Basic Authorization in URL instead of Request Header Forum cumulocity	2	198	February 26, 2024
Cumulocity API calls resulting in Invalid credentials Forum cumulocity	3	991	September 29, 2022
Unable to access Cumulocity API via Postman Forum cumulocity	25	3907	June 27, 2022
401 Error, when accessing from API Gateway to Cumulocity Forum cumulocity	4	333	July 15, 2024
Cumulocity rest API authorization issue Forum cumulocity	5	761	March 18, 2023

OAI Secure - Adding User-Agent Header to Resolve 403 Forbidden Error in Cumulocity

Related topics