403 Forbidden with Postman

Question

Hi there,

I'm receiving 403 Forbidden error despite following https://learn.microsoft.com/en-us/azure/healthcare-apis/azure-api-for-fhir/tutorial-web-app-fhir-server and getting 403 Forbidden error when trying to call the service using Postman. I can successfully fetch the token for AAD as well as get metadata for my FHIR service but when I try to make any API calls on Patient, I get 403 forbidden.

{  
    "resourceType": "OperationOutcome",  
    "id": "ef2eba2127ad1fd46137e714b2673129",  
    "meta": {  
        "lastUpdated": "2022-09-19T22:50:18.6864792+00:00"  
    },  
    "issue": [  
        {  
            "severity": "error",  
            "code": "forbidden",  
            "diagnostics": "Authorization failed."  
        }  
    ]  
}  

Answer 1

Hi @Frederick Huyan

A similar issue was posted on github at https://github.com/MicrosoftDocs/azure-docs/issues/70596

The answer seemed to be a permissions issue which solved the 403 Forbidden response:

You have granted permissions, for example, "FHIR Data Contributor", to the client application to access the FHIR service. More info at Configure Azure RBAC for FHIR

Please check your permissions for the app/account you are using to connect to the API.

-----------------------------------------

If this is helpful please accept answer.

Answer 2

Hi, I think I resolved the issue, I had to add myself in RBAC as a FHIR Data Contributor. This is strange because I created the resources so I have the Owner role assigned to me.