Support Questions

MuruganFinastra · ‎12-26-2025

Hi all,

I tried to start the process group using the NiFi API, but it always returned a 403 Forbidden message.

I follow the steps below

{{baseUrl}}/nifi-api/access/token - get the bearer token successfully
{{baseUrl}}/nifi-api/process-groups/{{pgId}} passing the JSON value in the body {\"id\":\"${PG_ID}\",\"state\":\"RUNNING\"}",
but I am getting 403- forbidden error message.

Please help me to resolve the issue.

Green_ · ‎12-29-2025

Hi @MuruganFinastra , Are you sure you are attaching your token correctly to your requests? You should be using an Authorization header with a value of "Bearer <token>" for all requests once you fetch the token.

MuruganFinastra · ‎12-29-2025

Thanks for your reply.

Yes, I am passing the Bearer token into the Authorisation header. Additionally, I can retrieve responses from the other APIs ({{baseUrl}}/nifi-api/flow/current-user and {{baseUrl}}/nifi-api/process-groups/{{pgId}}/status).

Green_ · ‎12-29-2025

So GET requests work fine for you but POSTs fail? Perhaps your user does not have write permissions?

I recommend opening devtools and looking at the Network tab to see what requests get sent when you do certain operations (starting/stopping a process group) in the UI. You should be able to replicate them with the REST API if you can do them manually in the UI.

MuruganFinastra · ‎12-30-2025

Thanks for your suggestion. I replicated the same as UI did, but still getting the same 403- Forbidden error response.

Green_ · ‎01-01-2026

So just to verify, in the UI you are able to start/stop process groups? If your user is able to do so by clicking on the PG, it should be able to do so with the REST API

MuruganFinastra · ‎01-01-2026

Thank you for your input. Your point is absolutely correct. If you could share a working example with the correct parameters, I will replicate it in my environment and verify the results.I appreciate your assistance in helping me resolve this issue.

Green_ · ‎01-05-2026

I am not clear on what kind of example I could share with you. 403 seems to imply the user you got the token for does not have permissions to run the operation. You should verify if your user has the correct permissions, specifically "Operate the component" permissions, though I believe these are included if the user has modify permissions.

MattWho · ‎01-06-2026

@MuruganFinastra

Since you are getting a 403 response, the first thing you should do is see what user identity this 403 is being returned for. For this you'll want to be tailing the nifi-user.log while you attempt to make this rest-api call. You will see the denied related log lines in the nifi-user.log. That logging will provide the user identity string and which NiFi authorization policy required for which that user identity did not have the required permissions. Using this output, we can determine the next steps required here.

Is the expected user identity being logged?
What is the logged authorization policy resulting in the 403 response?

Also which user authentication and authorization configuration options are you using in your setup?

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

Cloudera Community

Support Questions

is there way to control the process group though using nifi 2 api