OAI Secure - Adding User-Agent Header to Resolve 403 Forbidden Error in Cumulocity

Divya.Krishnamurthy · October 4, 2024, 1:14pm

Hello,

When a new tenant is created in Cumulocity, the default login mode is set to OAI Secure, and the “Forbidden for web browsers” toggle is enabled. Consequently, our custom application encounters a 403 Forbidden error while attempting to fetch data. According to the documentation (Basic settings - Cumulocity IoT documentation), it is necessary to include an additional User-Agent header in the request. Could you please provide a sample code to demonstrate how to accomplish this?

We are currently using the following method for authentication: Cumulocity Web SDK - v1020.26.2

Thanks,
Divya K

Tristan_Bastian · October 4, 2024, 1:40pm

Hi @Divya.Krishnamurthy,

I guess you are misinterpreting the documentation. Your web browser will automatically add the User-Agent header to every request, that it sends. There is no option to change the User-Agent header that is added by your browser within e.g. your javascript code.

You could add the user agents sent by your browsers to the trusted user agents here:

In general you should try to avoid basic auth where ever possible. I would suggest to use e.g. Client.authenticateViaOAuthInternal instead.

Regards,
Tristan