KB-2217 Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured


On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":


A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.


Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 2: Update the trusted IPs list to include the outbound gateway IP for the region the site is hosted in. Note: the risk is that traffic from other Cloud sites hosted in the same region will also be allowed, which includes sites for other customers.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022