- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-03-2025 04:25 AM
Hello Team,
I have a problem with Cisco WSA Proxy integration.
I'm trying to connect XSOAR with Cisco WSA Proxy through Cisco WSA v2 integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully.
When I'm trying to execute one of other GET and POST requests, every time I'm receiving error:
Error in API call [403] - Forbidden {"error": {"message": "Invalid User.", "code": "403", "explanation": "403 = Request forbidden -- authorization will not help."}}
AsyncOS is enabled, all communications are open, I tried with different ports, but situation is the same.
Can anyone suggest an option to resolve this problem?
Thank you!
07-03-2025 09:26 PM
Problem: !cisco-wsa-url-categories-list
works, but other API calls fail with "403 Forbidden: Invalid User."
Why (Likely Cause):
Your API user, even if a "full admin," lacks specific API permissions within the Cisco WSA's user roles. Cisco WSA API access is granular.
Solution (Main Steps):
Check WSA User Roles: On your WSA (System Administration > Users
), verify the role assigned to your XSOAR API user.
Verify Role Permissions: Edit that role (or create a new one) and explicitly enable "API Access," "Management API," or "Reporting API" permissions, plus any specific Read/Write permissions needed for the failing commands.
Check WSA Logs: Look in System Administration > Log Subscriptions
on the WSA for API/Access logs. They'll give more detail on why the user is deemed "invalid" for specific requests.
07-08-2025 01:29 AM
Hi, Mudhireddy,
Thank you for detailed steps!
- I checked the role in the WSA User Roles - Everything is correct.
- I tried to find the menu for Role Permissions, but there is no option to enable or disable different permissions on the predefined roles. Also, I don't have option to create a new role with specific permission. I didn't find any information in the Cisco WSA manuals how to do that.
I use the latest WSA version- AsyncOS 14.5.
Is there anything else I can try or look for to deal with this problem?
Regards,
Yuliyan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!