OAI Secure - Adding User-Agent Header to Resolve 403 Forbidden Error in Cumulocity

Divya.Krishnamurthy · October 4, 2024, 1:14pm

Hello,

When a new tenant is created in Cumulocity, the default login mode is set to OAI Secure, and the “Forbidden for web browsers” toggle is enabled. Consequently, our custom application encounters a 403 Forbidden error while attempting to fetch data. According to the documentation (Basic settings - Cumulocity IoT documentation), it is necessary to include an additional User-Agent header in the request. Could you please provide a sample code to demonstrate how to accomplish this?

We are currently using the following method for authentication: Cumulocity Web SDK - v1020.26.2

Thanks,
Divya K

Tristan_Bastian · October 4, 2024, 1:40pm

Hi @Divya.Krishnamurthy,

I guess you are misinterpreting the documentation. Your web browser will automatically add the User-Agent header to every request, that it sends. There is no option to change the User-Agent header that is added by your browser within e.g. your javascript code.

You could add the user agents sent by your browsers to the trusted user agents here:

In general you should try to avoid basic auth where ever possible. I would suggest to use e.g. Client.authenticateViaOAuthInternal instead.

Regards,
Tristan

Topic		Replies	Views
Is it possible to config Basic Authorization in URL instead of Request Header Cumulocity-IoT , IoT	2	196	February 26, 2024
Cumulocity API calls resulting in Invalid credentials Cumulocity-IoT , IoT	3	969	September 29, 2022
How to access user endpoint of cumulocity with REST call Cumulocity-IoT , IoT	2	29	November 4, 2024
Swagger API with Cumulocity Microservice Cumulocity-IoT , IoT	4	515	May 21, 2023
Issue after upgrading Sub-tenant-management App Cumulocity-IoT , IoT , IoT-Platform	1	23	August 22, 2024

OAI Secure - Adding User-Agent Header to Resolve 403 Forbidden Error in Cumulocity

Related topics