Environment
- Carbon Black Cloud (formerly CB PSC): All Versions
- Enterprise EDR (formerly CB ThreatHunter)
- Watchlist API for Enterprise EDR: V3
- API call using the Org Id in the request
Symptoms
- Requests to get watchlist information via API returns 403 forbidden
- Access Levels for org.watchlists include Create, Read, Update and Delete permissions
- API call uses the Org ID in the request URL
Cause
The Org Id is not supported in API requests, the Org Key should be used instead
Resolution
Update the request to use the Org Key instead of Org Id
Related Content