Loading

Data 360: 403 Forbidden Errors when Ingesting Special Characters via Ingestion API

Udgivelsesdato: Apr 28, 2026
Beskrivelse

Salesforce Data 360 enforces security through WAF rules that inspect incoming payloads.
Certain patterns using backticks (`) resemble SQL injection or malicious input, causing the request to be blocked with a 403 response.

Scenarios That Trigger 403 Errors

Rule 1: Backtick Value with Path/Flag/SQL Keyword + Logical Operator

A backtick-enclosed value that:

  • Starts with / or -, or
  • Contains SQL keywords like LIMIT or HAVING,
  • Followed by a logical operator (AND / OR)

Examples:

  • `/foo` and
  • `--foo` and
  • `limit` and
  • `having` or

Rule 2: Multiple SQL DML Keywords in Backticks

Payload contains two or more SQL DML keywords wrapped in backticks.
Keywords include: SELECT, INSERT, UPDATE, CREATE
Examples:

  • `select` `select`
  • `update` foo `insert`

Rule 3: Backtick-Wrapped AND and OR Together

Payload includes both AND and OR (case-insensitive), especially within backticks.
Examples:

  • `AND` OR
  • `and` `or`
  • `AND` blah OR

Rule 4: Backtick Value Starting with HTML-Encoded <

Backtick-enclosed value begins with &lt; (HTML-encoded <).
Examples:

  • `&lt;`
  • &lt;foo&gt;
Løsning

HTTP 403 errors during ingestion is caused by WAF rules detecting potentially unsafe patterns involving backticks. This is an expected behaviour.
If backticks are required for business logic, consider restructuring the payload to avoid triggering WAF rules.

Vidensartikelnummer

005321432

 
Indlæser
Salesforce Help | Article