KB-2217 Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Fri, 24 Jun 2022 18:10:33 GMT

Current Revision posted to Appian Knowledge Base by Elly Meng on 6/24/2022 6:10:33 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 2: Update the trusted IPs list to include the outbound gateway IP for the region the site is hosted in. Note: the risk is that traffic from other Cloud sites hosted in the same region will also be allowed, which includes sites for other customers.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

KB-2217 Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Fri, 24 Jun 2022 18:10:33 GMT

Revision 16 posted to Appian Knowledge Base by Elly Meng on 6/24/2022 6:10:33 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

INT-XXXX Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Wed, 01 Jun 2022 21:23:34 GMT

Revision 15 posted to Appian Knowledge Base by Elly Meng on 6/1/2022 9:23:34 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

INT-XXXX Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Wed, 01 Jun 2022 21:20:26 GMT

Revision 14 posted to Appian Knowledge Base by Elly Meng on 6/1/2022 9:20:26 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

INT-XXXX Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Wed, 01 Jun 2022 21:20:11 GMT

Revision 13 posted to Appian Knowledge Base by Elly Meng on 6/1/2022 9:20:11 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Please be aware that moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

INT-XXXX Web APIs or integrations that call the site itself return "403 Forbidden” on Cloud sites with trusted IPs configured

Elly Meng — Wed, 01 Jun 2022 21:19:11 GMT

Revision 12 posted to Appian Knowledge Base by Elly Meng on 6/1/2022 9:19:11 PM

Symptoms

On a Cloud site with trusted IPs configured, web API or integration calls that attempt to make requests to the site itself return "403 Forbidden":

Cause

A cloud site with trusted IPs configured is not permitted to make web API or integration calls to itself.

Action

Option 1: Remove the configured trusted IPs, which will allow all traffic to the site.

Option 3: Instead of using a web API or integration object to make the call, use a different method such as the Call Integration Smart Service from within a process model.

Note: moving the site to a dedicated Virtual Private Cloud (VPC) will not resolve the issue as with trusted IPs, there is a firewall handling all traffic.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: June 2022

Tags: VPC, integration, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Tue, 15 Mar 2022 11:00:35 GMT

Revision 11 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/15/2022 11:00:35 AM

Symptoms

The customer is trying to make a call to a new webAPI or integration on their own Appian Cloud instance but they are receiving a 403 "Forbidden" error on the Integration UI when trusted IPs are configured on their environment.

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

There are risks involved with this workaround. By enabling these IPs, the site will also allow traffic from any other Appian Cloud site hosted in the same region, this includes sites from other customers.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 17:00:48 GMT

Revision 10 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 5:00:48 PM

Symptoms

The customer is trying to make a call to a new webAPI or integration on their own Appian Cloud instance but they are receiving a 403 "Forbidden" error when trusted IPs are configured on their environment.

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 13:09:39 GMT

Revision 9 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 1:09:39 PM

Symptoms

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:42:46 GMT

Revision 8 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:42:46 AM

Symptoms

The customer is trying to make a call to a new webAPI or Integrations on their own Appian Cloud instance but they are receiving a 403 "Forbidden" error while making the call on a Cloud site with trusted IPs configured.

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:41:57 GMT

Revision 7 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:41:57 AM

Symptoms

Cause

Since the customer has enabled the trusted IPs list on their Cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:38:14 GMT

Revision 6 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:38:14 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call on a Cloud site with trusted IPs configured.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic just like the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:36:52 GMT

Revision 5 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:36:52 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call on a Cloud site with trusted IPs configured.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic *just like* the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:34:37 GMT

Revision 4 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:34:37 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call on a Cloud site with trusted IPs configured.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic *just like* the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations getting 403 “Forbidden” on Cloud sites with trusted IPs configured

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:32:00 GMT

Revision 3 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:32:00 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call on a Cloud site with trusted IPs configured.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself. To allow the Cloud site to "call itself," we have a workaround available to allow the outbound gateway IPs for the region the sites are hosted in.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic as the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations not working on Cloud site, getting 403 “Forbidden” as site can’t “call itself"

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:13:58 GMT

Revision 2 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:13:58 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself. To allow the Cloud site to "call itself," we have a workaround available to whitelist the outbound gateway IPs for the region the sites are hosted in.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic as the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI

INT-XXXX WebAPI or integrations not working on Cloud site, getting 403 “Forbidden” as site can’t “call itself"

Miguel Ángel Antolín Bermúdez — Thu, 03 Mar 2022 11:10:52 GMT

Revision 1 posted to Appian Knowledge Base by Miguel Ángel Antolín Bermúdez on 3/3/2022 11:10:52 AM

Symptoms

The customer is trying to make a to a new webAPI or Integrations but they are receiving a 403 "Forbidden" error while making the call.

Cause

Since the customer has enabled the trusted IPs list on their cloud site, this does not allow them to call their site within itself. To allow the Cloud site to "call itself," we have a workaround available to whitelist the outbound gateway IPs for the region the sites are hosted in.

Action

Option 1: We can remove enabled trusted IPs on the customer Cloud site. If there are no enabled trusted IPs on the customer Cloud site, then all traffic is allowed and nothing is blocked.

Option 2: We can add to the trusted IPs list the outbound gateway IP for the region your site is hosted in. Again, there are risks involved with this workaround listed above.

Option 3: Instead of using a Web API to make a call to the same environment, a new way to call the integration will need to be used - such as a process model.

Moving the site to a private VPC won't solve the problem as there is a firewall handling the traffic as the trusted IPs feature does.

Affected Versions

This article applies to all versions of Appian Cloud that got enabled the trusted IPs feature.

Last Reviewed: March 2022

Tags: known issues, VPC, integration, infrastructure, Cloud, webAPI