WesleyLoo-2057 avatar image
0 Votes"
WesleyLoo-2057 asked CarlZhao-MSFT edited

403 Forbidden Microsoft-Azure-Application-Gateway/v2 - getting sensitivity labels

When calling this endpoint:

The call succeeds as expected when invoked in Postman, returns a response:

     "@odata.context": "$metadata#informationProtection/policy/labels",
     "value": [

However, using the exact same headers and access token when making a request in python yields as part of the response:

 "message":"<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>Microsoft-Azure-Application-Gateway/v2</center>\r\n</body>\r\n</html>\r\n"

The permission "" has been granted. Is there some other setting within the application that needs to be changed to allow the request to go through?

Also, when I try using the Graph Explorer to make the same call (under beta), the response contains: "code": "UnknownError"

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Use to parse your access token and provide screenshots.

0 Votes 0 ·

Here are some screenshots from the output of, of permissions and authentication type:


0 Votes 0 ·
image.png (32.5 KiB)
image.png (13.0 KiB)

There is nothing wrong with the token.

0 Votes 0 ·

Please also provide a complete python script.

0 Votes 0 ·
 import requests
 # access token was acquired via msal python package, looks something like:
 from msal import ConfidentialClientApplication
 cert_container = {
     "private_key": priv_key,
     "thumbprint": thumbprint,
     "public_certificate": cert
 app = ConfidentialClientApplication(
 result = app.acquire_token_for_client([""])
 return result["access_token"]
 header = {
     "Authorization": "Bearer {access_token}",
     "Accept": "application/json"
 res = requests.get("", headers=header)
0 Votes 0 ·

If the token you parse is obtained through your python script, then I think it should definitely work. I can't see any problems with it.

0 Votes 0 ·
Show more comments

0 Answers