Share via

Error code - 23353 Getting Error 403 Forbidden while using the copy activity

nishant garg 20 Reputation points
2026-03-13T12:51:14.19+00:00

I am using the copy activity and when i use the mapping section then this showing the error -

Rest call failed with client error, status code 403 Forbidden, please check your activity settings.
Request URL: https://api.tracegains.net/v1/Enterprise/SC/Car/List?<suppressed 4 parameter(s)>.
Response: <html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>Microsoft-Azure-Application-Gateway/v2</center>
</body>
</html>

 
Activity ID: 8ec55833-c892-4f90-87ad-0afec8917f3d

Also when i hit the same API in the Postman then getting status 200 with the data.
Also i try the web activity in the ADF working fine getting data.

Please look on this as soon as possible.

Thanks.

Azure Data Factory
Azure Data Factory

An Azure service for ingesting, preparing, and transforming data at scale.

0 comments
Answer accepted by question author
  1. SAI JAGADEESH KUDIPUDI 790 Reputation points Microsoft External Staff Moderator
    2026-03-15T11:49:17.9633333+00:00

    Hi nishant garg,
    A 403 Forbidden error in Copy Activity while the same API works in Postman and Web Activity usually indicates a difference in request headers, authentication configuration, or network routing in Azure Data Factory (ADF). Since the API works outside Copy Activity, the issue is typically related to dataset/linked service configuration or headers not being passed correctly.

    Below are the recommended troubleshooting steps.
    Step 1: Verify Authentication Configuration in REST Linked Service

    Ensure the authentication method used in Postman is configured identically in ADF.

    1. Go to ADF → Manage → Linked Services.

    Open the REST linked service used by the Copy Activity.

    Verify the authentication type:

    Anonymous

      Basic
  
     OAuth2
     
        Managed Identity
        
           Service Principal

    If the API requires API key or token, ensure it is configured in Authentication or Additional Headers.
    Step 2: Add Required Request Headers in the Dataset

    Many APIs return 403 if required headers (for example Authorization, x-api-key, Accept, User-Agent) are missing.

    Open the REST Dataset used in the Copy Activity.

    Go to Connection / Request headers.

    Add the same headers used in Postman.

    Example:

    Authorization : Bearer <token>
Accept : application/json
Content-Type : application/json

    Step 3: Verify HTTP Method and Query Parameters
    If the API requires GET parameters or specific method configuration, ensure they match Postman.

    Open Copy Activity → Source tab.

    Confirm:

    HTTP method (GET/POST)

      Query parameters
  
     Relative URL

    Even a missing parameter can result in 403 from API gateways.
    Step 4: Check Integration Runtime Network Access

    The response header shows:

    Microsoft-Azure-Application-Gateway/v2

    This suggests the API may have IP filtering enabled.

    If the API allows only specific IP addresses:

    1. Identify the ADF Integration Runtime outbound IP.
    2. Add these IPs to the API allowlist / firewall.
      Step 5: Compare Copy Activity vs Web Activity Request

    Since Web Activity works, compare both configurations.

    Open Web Activity → Output.

    Capture headers and request format.

    Replicate the same configuration in Copy Activity REST dataset.

    This typically resolves issues where Copy Activity does not automatically include headers used by Web Activity.
    Reference Link:

    https://learn.microsoft.com/azure/data-factory/connector-rest
    https://learn.microsoft.com/azure/data-factory/copy-activity-overview
    https://learn.microsoft.com/azure/data-factory/connector-rest#request-headers
    https://learn.microsoft.com/azure/data-factory/control-flow-web-activity
    https://learn.microsoft.com/azure/data-factory/azure-integration-runtime-ip-addresses

    Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.

    Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-13T12:51:42.07+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The 403 Forbidden response indicates that the REST endpoint is rejecting the request made by the copy activity, even though the same endpoint works from Postman and from a Web activity. This typically means that something about how the request is sent from the copy activity (URL, headers, authentication, IP/network, or method) differs from the working calls.

    Based on the context, 403 errors in Azure services are commonly caused by:

    1. Network/firewall restrictions blocking the caller’s IP or environment.
    2. Authorization rules that depend on caller identity or IP.

    In this scenario, the key differences to validate are:

    1. Compare the exact request between Postman/Web activity and Copy activity
      • Ensure the same HTTP method (GET/POST) is used. The REST connector supports GET/POST as source and POST/PUT/PATCH as sink; if the API expects GET and the copy activity is using POST (or vice versa), the gateway or API might reject it.
      • Confirm the query parameters and URL path are identical to the working Postman/Web activity request.
      • Verify all required headers (Authorization, custom headers, content-type, etc.) are configured identically in the REST linked service/dataset and in the copy activity.
    2. Check authentication configuration
      • If using a token (Bearer, API key, etc.), confirm the same token or key is used in the copy activity as in Postman/Web activity.
      • If the API performs IP-based checks or has an application gateway/WAF in front (as indicated by Microsoft-Azure-Application-Gateway/v2), ensure the environment where ADF’s integration runtime runs is allowed. The gateway might allow Postman (from a local IP) but block the ADF integration runtime IP.
    3. Network / firewall / gateway rules
      • Since the response is coming from Microsoft-Azure-Application-Gateway/v2, review rules on that Application Gateway or any WAF policies:
        • Confirm that the public IP or outbound IP range of the ADF integration runtime is allowed.
        • Check if any rule blocks specific methods, headers, or paths used by the copy activity but not by Postman/Web activity.
      • If the API is behind a firewall or restricted network, ensure the ADF integration runtime (self-hosted or Azure) has network access and is included in any allowlists.
    4. Differences introduced by mapping / schema
      • When mapping is enabled, the copy activity may send additional requests (for example, to infer schema or sample data) or change how the request body is constructed. If the API or gateway blocks these patterns, 403 can occur only when mapping is configured.
      • Temporarily remove mapping and test, then re-add mapping and compare the requests (for example, by enabling logging on the API or gateway) to see what changes.
    5. Use REST connector capabilities correctly
      • Ensure the REST source is configured according to the REST connector guidance: only JSON response payloads are supported, and the connector supports GET/POST as source. If the API requires a different method or non-JSON response, the configuration might be forcing a pattern that the gateway rejects.

    Concrete steps:

    1. Capture a successful call from Postman (full URL, method, headers, body).
    2. Configure the REST linked service and dataset in ADF to match that call exactly.
    3. Run the copy activity without mapping to confirm it succeeds.
    4. Add mapping back; if it fails, enable logging on the Application Gateway/API to inspect the failing request and adjust rules or request configuration accordingly.
    5. If the gateway uses IP restrictions, add the outbound IP(s) of the ADF integration runtime to the allowlist.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.