You are currently reviewing an older revision of this page.

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Symptoms

The customer is trying to make a call to a new webAPI or integration on their own Appian Cloud instance but they are receiving a 403 "Forbidden" error on the Integration UI when trusted IPs are configured on their environment.

Error details

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

There are risks involved with this workaround. By enabling these IPs, the site will also allow traffic from any other Appian Cloud site hosted in the same region, this includes sites from other customers.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022
© 2025 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.