Invoking endpoint failed with HttpStatusCode - 403: Forbidden.

Question

"I am using Microsoft Fabric Web Activity to send pipeline notifications to Microsoft Teams via a webhook. However, when the Web Activity calls the Teams webhook URL, I get the following error:

'Invoking endpoint failed with HttpStatusCode - 403: Forbidden. Endpoint (URL) refused the request as the given identity is not authorized to perform this action. Please get the necessary permissions & retry.'

The webhook was configured using the Teams channel connector (Incoming Webhook). The Web Activity method is POST with Content-Type: application/json. Could anyone advise what could be the cause and how to resolve this?"

Answer 1

Hello @ALAN C JOHN ,

The 403: Forbidden error you are encountering is caused by the recent retirement of the legacy Office 365 Incoming Webhook connector in Microsoft Teams.

Microsoft officially deprecated and retired these legacy connectors, with the final cutoff occurring on April 30, 2026. Any existing webhook URLs generated via the old "Teams channel connector" (which begin with https://outlook.office.com/webhook/...) are no longer functional. Because the service has been shut down, these endpoints will now actively refuse requests, resulting in the exact 403 Forbidden authorization error you are seeing.

As stated in the official Microsoft documentation:

"Microsoft 365 Connectors (previously called Office 365 Connectors) are nearing deprecation... For more information on the schedule and how the Workflows app provides a more flexible and secure experience, see retirement of Microsoft 365 connectors within Microsoft Teams."

How to resolve this issue: To fix this pipeline failure, you must replace your legacy webhook with a new webhook generated by the Workflows app (powered by Power Automate) in Microsoft Teams.

1. Create the new Webhook in Teams:
   • Open Microsoft Teams and navigate to your target channel.
   • Click the More options (...) menu next to the channel name and select Workflows.
   • Search for and select the template "Post to a channel when a webhook request is received" (or similar webhook templates).
   • Follow the prompts to configure and save the workflow.
   • Copy the newly generated webhook URL (this new URL will look different, typically starting with something like https://prod-...logic.azure.com...).
2. Update your Fabric Web Activity:
   • Go to your Microsoft Fabric pipeline and open the Web Activity.
   • Replace the legacy URL with the new Workflows URL you just copied.
   • Ensure that Authentication is still set to None.
   • Method should remain POST, and Content-Type should be application/json.

Once updated to the new Workflows endpoint, your Fabric Web Activity will successfully authenticate and deliver the notification to Teams.

Please let me know in comments if above steps helps and any other issue.

Note: This response is drafted with the help of AI systems.

Answer 2

The 403 Forbidden error indicates that the endpoint accepted the connection but actively refused the request because the identity or authorization used by the web activity isn't allowed to perform the operation.

For web activities in Microsoft Fabric or Azure Data Factory, a 403 on a webhook call typically has these causes and checks:

1. Endpoint rejects the caller (authorization issue)
   • The error message explicitly states that the given identity isn't authorized. This means the Teams incoming webhook URL is rejecting the request based on how the endpoint is configured (for example, expecting a specific auth pattern or token, or not accepting calls from this client).
   • Verify that the Teams incoming webhook is still valid (not removed or re-created) and that the URL being used in the web activity exactly matches the one configured in the Teams channel connector.
2. Incorrect or unsupported URL / network restrictions
   • Web activities fail when the URL can't be reached or when the endpoint refuses the request. The troubleshooting guidance for web activities states that a 403 indicates the endpoint responded but refused the request.
   • Confirm that the URL is accessible from the environment where the web activity runs (no network restrictions, firewall, or DNS issues). If necessary, test the same webhook URL from a separate HTTP client (for example, using Fiddler as described in the troubleshooting guide) to ensure it accepts the same POST payload.
3. Payload or headers not accepted by the endpoint
   • For webhook-style activities, the endpoint may require a specific JSON shape or headers. If the endpoint considers the request invalid or unauthorized, it can return 403.
   • Ensure the request body is valid JSON and that Content-Type is set to application/json. If the endpoint expects additional headers or a specific schema, align the web activity configuration accordingly.
4. General web activity troubleshooting
   • If the error persists, capture the HTTP traffic using a tool such as Fiddler to inspect the exact request and response, including any additional error details returned by the endpoint. The web activity troubleshooting guidance recommends using Fiddler/Netmon/Wireshark to validate requests and responses.

In summary, the 403 means the Teams webhook endpoint is reachable but is rejecting the request as unauthorized. Validate the webhook URL, confirm that the Teams connector is still configured and active, ensure the payload and headers match what the Teams incoming webhook expects, and use an HTTP tracing tool to inspect the response details from the Teams endpoint.

---

References:

• Troubleshoot pipelines for Data Factory in Microsoft Fabric
• Troubleshoot Azure Data Factory and Synapse pipelines
• Troubleshoot Web Deploy problems with Visual Studio