Error 403 when accessing process variable

Hello All,

We are accessing a process variable from a form, using the API accessor (…/API/bpm/activityVariable/{{taskId}}/productList).

This works perfectly for the admin user (user with both the user and admin profiles), but it doesn’t work for a regular user, even though the user initiated the case. OTOH, it always works for the admin user, even when the admin user didn’t start the case.

The regular user receives a 403 Forbidden error. When we review the request and response, we see the bonita cookie there.

We are using version 7.5.0.

Any help very welcomed.

Edo.

Your issue is probably related to the default REST API authorization configuration. You can read the documentation page about REST API authorization to find out how to configure the authorization to allow a normal user to access process variables through REST API.