FortiSOAR Playbook Read Record from an API Endpoint Trigger

Forum|Forum|5 months ago
January 14, 2026
1 reply
194 views

I have this API endpoint trigger created and one API response argument is UUID of a Incident, when im trying to read the incidents with the UUID its giving following error.

"Access Denied. URL: https://localhost/api/query/incidents?%24limit=30&%24partial=true Call for URL: https://localhost/api/query/incidents failed with status code 403"

as i understand when find record is called from an API endpoint trigger it doesn't have permission to query the alerts or incidents. is there a workaround for this.

FortiSoar

doubleohseven

Explorer

Are you using an appliance or API key to authenticate? If so, you have to give permissions to allow the API key access to the incidents and/or alerts.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded