Getting 403 Forbidden error while testing webApi internally

Question

Hi Guys, 
 I created a webApi and tested internally with the below code. I am getting Forbidden error, 
 PFB the code 
 a!httpQuery( url:"https://........../suite/webapi/testRunStatusForId ", //I am working in a bank network method:"GET", queryParameters:a!httpQueryParameter( name:"id", value:261 ), basicAuthenticationCredentials:a!httpAuthenticationBasic( userName:a!scsField( externalSystemKey:"citestwebapi", fieldKey:"username" ), password:a!scsField( externalSystemKey:"citestwebapi", fieldKey:"password" ), preemptive:true ) ) 
 
 Test Output 
 Time

296 ms

* Type

Dictionary

* Value

[success:false,result:,error:[code:[category:0,namespace:1,detail:0],title:HTTP error connecting to cip-dit1.bankofamerica.com/.../testRunStatusForId 403 Forbidden,detail:No details available]] 
 
 But it is working fine inside the created webApi internal test build. Confused !!! 
 Kindly help me out guys

vijayd · Answer

Your url contains .com as extension, check your URL is configured correctly or not ?

aloks0189 · Answer

Hi guruprakashk As per my understanding, 403 errors are almost always caused by issues where you're trying to access something that you don't have access to. 
 
Before i proceed further and discuss about the resolution step, i would like to know, following: 
1. The Service which you are trying to consume, are they using SSL? 
 
However You can try following steps to resolve this issue, mention below: 
 
1. Clear Your Browser Cache(sometime browser caches also may cause 403). Issues with a cached version of the page you're viewing could be causing 403 Forbidden issues 
 
2. It will be useful if you obtain the information on HTTP response headers. If you are using Mozilla Firefox, you can download an 'add-ons' (extension) called LiveHTTPHeaders which will allow you to capture this information. If you are using Internet Explorer, you can use DebugBar instead, to see what headers the browser is sending, then emulate them in your code using a!httpHeader() function. 
 
Hope the step-2 will give you clear picture about what are the headers you need to send while making a request to this Service. 
 
Also please do remember, if the API uses SSL, in such case you need to configure the same in Appian as well. However you can have a try on above mention steps, hope this will work for you.

aloks0189 · Answer

Also I would like to say, TLS 1.0 is legacy, and Appian is going to stop the support for this in upcoming version. 
 
I understand that you are working with old version of Appian i.e. 16.x but I wouldn't recommend you to go for this. 
 
In fact java 7 also stopped the direct support for TLS 1.0. 
 
But still if you want to proceed, I think you need to import the client certificate in Appian, which will be provided by the service provider. Third party credentials will not help you in such case, this is specially introduced for HTTP BASIC AUTHENTICATION.