Showing results for 
Search instead for 
Did you mean: 

HTTP response code: 403 for URL:

I wanted to call using HttpURLConnection. This is a similar pattern used in the sample JSP of the documentation. 403 error is thrown, and looking at the Secure Acceptance instance, no transaction is logged. Has anyone encountered this issue before? I saw this post all keys are working fine using JSP.



url = new URL("");

            final HttpURLConnection connection = (HttpURLConnection) url.openConnection();

            connection.setRequestProperty("Content-Type", APPLICATION_JSON);
            connection.setRequestProperty("Accept", APPLICATION_JSON);

            // Create a map to hold parameters
            final Map<String, String> parameters = new HashMap<>();
            parameters.put("access_key", accesskey);
            parameters.put("profile_id", profileId);
            parameters.put("transaction_uuid", transactionId);
            parameters.put("signed_field_names", signedFieldNames);
            parameters.put("unsigned_field_names", unsignedFieldNames);
            parameters.put("signed_date_time", signedDateTime);
            parameters.put("locale", locale);
            parameters.put("transaction_type", transType);
            parameters.put("reference_number", "1356");
            parameters.put("amount", "123.00");
            parameters.put("currency", "USD");
            parameters.put("signature", signature);

            // Build the parameter string
            final String paramString = buildParameters(parameters);

            System.out.println("paramString: " + paramString);

            // Write the parameters to the output stream
            writeParameters(connection, paramString);




Hey juanguzman,

I suspect you're getting a 403 because you're missing some of the required headers or they're improperly formatted. I'm not familiar with the parameter map pattern you're implementing here, but it might be worth trying to use the Java rest client to do some of the lifting on your behalf.

This example uses Unified Checkout not Secure Acceptance, but a lot of the same principles are going to apply, you'll just need to generate your Call using the callAuthenticationHeader method.

  • Create an ApiClient using a MerchantConfig class. This is all done in one line in the example. The required properties are listed here, with sample values here. It sounds like you might be using OAuth or another authentication type, but you switch that property to the desired value that'll work, otherwise this code should work with the HTTP signature authentication type if you're open to that.
  • Create a call using the buildCall method. I don't have an example of this on GitHub to hand, but it should be relatively straightforward, something along the lines of:
// Above here would be code which sets up the required merchant config properties in a standard Java Properties class
final ApiClient apiClient = new ApiClient(new MerchantConfig(applicationProperties.getAsJavaProperties()));
apiclient.buildCall(saPath, "POST", jsonFormattedRequestBody, null, null, null, null)

I believe you won't need to pass the header params as there's an internal call to callAuthenticationHeader, but I'm not 100% sure there.

If you want to keep generating the request without the SDK, it might be worth comparing your headers to the ones here. I know there were some recent minor changes to the signature though and I have not tested this code against them, so it might be best to leverage the SDK to avoid any issues there.


Hi there,

It seems like you're having a problem making a connection to "test secure acceptance" using Http URL Connection in Java. The server is responding with a 403 error, indicating an authorization issue.

Here are some things to look into:

  1. URL Permissions: Ensure that the URL is accessible and that your credentials have the necessary permissions.

  2. Request Headers: Double-check the headers you're setting in your request. Make sure they match the server's requirements.

  3. Security Protocols: Confirm that the server supports the security protocols you are using.

  4. Parameters and Payload: Verify that the parameters you are sending match the expected format and are correctly signed.

  5. Documentation Review: Check the official documentation for any updates or changes in the API usage.

  6. Logging and Debugging: Enable detailed logging or debugging in your application to capture more information about the request and response.

If the issue persists, consider reaching out to Cyber Source support or community forums for assistance.

I hope this helps! 


Facing a 403 error while connecting to "test secure acceptance" via Http URL Connection in Java? Here's a quick guide:

URL Permissions:
Confirm URL accessibility and check your credentials' permissions.

Request Headers:
Ensure headers align with the server's requirements.

Security Protocols:
Verify server support for your security protocols.

Parameters and Payload:
Check parameters match the expected format and are correctly signed.

Documentation Review:
Refer to the API documentation for updates or changes.

Logging and Debugging:
Enable detailed logging for more request/response information.

For persistent issues, contact Cyber Source support or community forums.

Hope this helps!