403 Forbidden Error When Making FME Server Request

Liz Sanderson
Liz Sanderson
  • Updated


When making an HTTP request to one of FME Server's services (Job Submitter, Data Download, REST API), you receive a response with error code 403 Forbidden. This is visible either directly in the browser, or upon inspection of an AJAX call in the F12 Developer Tools (Console tab).

In some cases, (see cross domain requests, below) you will also get an error in the browser's JavaScript console.

Example, Chrome:
 XMLHttpRequest cannot load http://safe.com/. No 'Access-Control-Allow-Origin'; header is present on the requested resource. Origin 'http://localhost:9909'; is therefore not allowed access.

Example, Firefox:
 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://safe.com/. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Example, Internet Explorer:
 SEC7127: Redirect was blocked for CORS request. SCRIPT7002: XMLHttpRequest: Network Error 0x2ef1, Could not complete the operation due to error 00002ef1.

To learn how to use Developer Tools to monitor network traffic please see the following documentation:
Internet Explorer


FME Server will respond with a 403 Forbidden error when credentials have been supplied, but the user is not authorized to access the resource. This can either be as a result of an incorrect username, password, or token, or can be due to not having adequate permissions.

Additionally, this error may come up when trying to make an AJAX request from a different domain. This is due to cross-domain requests being blocked by default.


1. Verify that your username, password, or token are correct, and try again.

2. If you suspect this is a cross-domain request issue (CORS), please see the instruction in the Creating REST Web Services article (Allow Cross-Origin Resource Sharing) or FME Server Web UI documentation.

Was this article helpful?



Please sign in to leave a comment.