https://community.cloudera.com/t5/Support-Questions/Getting-quot-No-applicable-policies-could-be-found-Contact/m-p/202327#M164333 <P>Ok, it is interesting is that you mentioned you can put the URL in Google Chrome and get the JSON back...</P><P>Do you have a client certificate in your browser for NiFi?</P><P>In your curl examples you are using Kerberos...</P><P>Normally the first time you hit the UI, it exchanges the Kerberos ticket for a JWT (just like you were doing to get the token) and then it puts the JWT in local storage of your browser. On every request after that the UI code will send the Authorization header with the JWT from local storage.</P><P>When you put the API URL directly into your browser, none of NiFi's UI code is running, so there isn't anything that would perform the ticket exchange, and nothing that would send the Authorization header. So I wouldn't expect that to work unless you had a client certificate in your browser.</P><P>You may want to compare the nifi-user.log above, to one when you access the URL from Chrome to see if the requests are being made as the same identities.</P> Sat, 20 Jan 2018 03:09:21 GMT bbende 2018-01-20T03:09:21Z