Access forbidden Error

We try to upgrade our app from v1.9 to v2.
Beside the fact that V2 is much faster (!) we struggling with the following error:

First we login as demo user:


With body:

“email”: "",
“password”: “password”,
“duration”: 0

This works and returns a session_token and a session_id.

In next step we try to call the service “db” / app “apptest”


With header:
X-DreamFactory-Session-Token --> session_token from above
X-DreamFactory-Application-Name --> apptest

This returns:

“error”: {
“context”: null,
“message”: “Access Forbidden.”,
“code”: 403,

We have created a role with permissions on all services. Also we enabled CORS with * and assigned created role to user.

Problem stays the same on local install and on dreamfactory enterprise. We also tested with different services,users and roles.

After some try + error I found out that if using X-DreamFactory-Api-Key instead of X-DreamFactory-Application-Name the request works.

Is X-DreamFactory-Application-Name deprecated in V2?

Yes. As 2.0 is a complete rebuild and not an upgrade, some things like this have changed. I recommend checking the 2.0 wiki for details if you encounter this or other issues. The API key aspect is covered on this documentation page.

Thanks Jeffrey

We already found out :wink: