How to avoid 403 error while calling Kore SaaS Public API from any code

Hello Users,

Some of you may have tried to call Kore’s public API from within your code. Some users have reported that the Kore SaaS API on our Japan and European regions ( or ( were throwing 403 Forbidden error code when they tried to call out API from their code. However, for our US SaaS instance, ( this issue was not observed.


  1. Our SaaS WAF (firewall) expects ‘User-agent’ in the header. Some clients like Postman, etc. add it already. So, from Postman this issue is not observed.
  2. There are certain constraints because of which and other instances have minor differences in WAF settings. In AWS does not impose this header restriction for ‘User-agent’ in the header. Whereas for the other instances this is imposed. We are working with AWS to ensure all instances are configured the same way but there are certain version restrictions that are not in direct control of

The below code shows the usage of placing ‘User-agent’ in the header and it should work in JP and EU instances also provided all other API pre-conditions are met.

var request = require('request');
var options = {
  'method': 'POST',
  'url': '',
  'headers': {//Auth is from Admin Console Scope to get details of all the bots under that account.
    'Content-Type': 'application/json',
    'User-agent':'Custom-App' //Usually agents like postman add this on its own. But from code, this is NOT added unless specifically mentioned. This can be anything as per your naming convention/internal policies},
  body: JSON.stringify({
    "fromDate": "2021-11-11", //8-January
    "toDate": "2021-11-14" //9-January

request(options, function (error, response) {
  if (error) throw new Error(error);