403 Permissions Error Response on sending API Requests to Specific Endpoints

Update timeline

1. investigating Apr 02, 2026, 01:54 PM UTC

   We are receiving reports of 403s when interacting with specific API endpoints such as our Trial Balance or Chart of Accounts endpoints

2. monitoring Apr 02, 2026, 03:47 PM UTC

   A fix has been implemented and we are monitoring the results.

3. resolved Apr 02, 2026, 05:46 PM UTC

   The fix for this has been deployed, and the incident has been resolved.

4. postmortem Apr 06, 2026, 06:16 PM UTC

   **Summary:** Clients experienced authorization errors \(403s\) when attempting to push data through FloQast's external API integration pipeline. **Root Cause:** As part of ongoing security infrastructure improvements, FloQast migrated services to a more robust web application firewall \(WAF\) configuration. In pre-production environments, a supplemental ruleset had been in place that, by design, took precedence over certain standard security rules — effectively masking how those rules would behave in production. When the migration to the stricter production security configuration occurred, legitimate integration traffic was inadvertently caught and blocked. **Immediate Resolution:** Engineering teams performed a full rollback of the affected deployments, restoring integration functionality for impacted customers. Once stable, the team began a careful analysis of the specific security rules to confirm that the appropriate level of restrictions was being adhered to. **Follow-up Actions:** The team is taking a deliberate approach to reintroducing the production security ruleset in monitoring mode before enforcing blocks, allowing for validation against known traffic patterns.