Gravatar for

Question by benaldo, Jan 23, 2017 10:17 AM

403 Forbidden error from rest api


We've been getting a 403 Forbidden error when trying to access our rest/api page. We have sitecore installed

I've confirmed that the config.yml for the search api is set to allowImpersonate: true, and that the application secret there matches what is in the rest.custom config file.

Looking at the coveo logs, once the problem started, requests have come in as: Authorization: Bearer [some guid]. When it was working, they'd come in with the appropriate application secret instead of this guid. I can't find any trace of the guid associated with the Bearer tag in showconfig.

The diagnostic page says the rest endpoint and search web service are down. I've verified the paths for our sitecore certificate are accurate, and that they match what is in the config files using the showconfig. When I hit the coveo rest endpoint from out sitecore box (we have sitecore on one box, CES and search API on another), I am able to access the page.

Any ideas what else I could try to get rid of this 403 error?

1 Reply
Gravatar for

Answer by Dominic Berube, Jan 23, 2017 10:28 AM


This could append if your Coveo for Sitecore is configured for an On-Premises setup, but is linked to a Cloud organization. Make sure you are correctly connected to an On-Premises organization by configuring the Coveo Cloud Organization via the Coveo Control Panel.

Gravatar for

Comment by benaldo, Jan 23, 2017 1:08 PM

Thanks for the suggestion. I verified we are linked to an on-premises organization. The rest endpoint is still down,and I'm no longer seeing a node for the search service in the coveo diagnostic page.

Gravatar for

Comment by Dominic Berube, Jan 23, 2017 2:29 PM

Can you validate that your ApplicationSecret is correctly configured in the showConfig, I have tried to remove it from my configuration and I also get a 403 on the Rest endpoint.

Gravatar for

Comment by Rik, Jul 5, 2017 7:51 AM

FYI, didn't found out what the problem was, but for future reference:

Uninstalling the API and reinstalling it resolved it for us.

Gravatar for

Comment by Rik, Jul 4, 2017 3:24 PM

@Dominic Berube

we're having the same issue, 403 for the url

Secret is ok, certificates are ok, checked with our sandbox and I can't see a difference.

There is this: We are using a temporary url for the CD and coveo server (set in the hosts file).
Url's will only be available after all config is ok.
Could this be the issue?

Ask a question