Documentation

Unable to connect Adobe CLI due to 403 Forbidden error

Last update: Tue May 27 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

When retrieving programs via the Cloud Manager API in Adobe Experience Manager (AEM) as a Cloud Service, you’re encountering a  403 Forbidden error. To fix it, verify roles and permissions, check Adobe I/O configuration, and add custom Certificate Authorities (CAs).

Description description

Environment

Adobe Experience Manager (AEM) as a Cloud Service - Sites

Issue/Symptoms

You experience the following symptoms when using Adobe CLI with Cloud Manager integration:

  • Inability to list or select organizations using commands, such as aio cloudmanager org list or aio cloudmanager:list-programs.
  • Receiving a blank response when listing organizations.
  • Successful browser-based authentication but failure in service-based authentication using client secret configuration.
  • Persistent errors despite having appropriate roles like Deployment Manager  or Business Owner.

Here’s an example of the error message:
Error Message: Cannot retrieve programs: https://cloudmanager.adobe.io/api/programs (403 Forbidden)

Resolution resolution

To resolve the issue, follow these steps:

  1. Ensure your account has the necessary roles, such as Deployment Manager  or Business Owner, and confirm with your administrator that there have been no recent changes in roles or permissions.

  2. Verify that your Adobe I/O Project is configured correctly with all required API services, and regenerate the JWT token if applicable, ensuring it is valid.

  3. Work with your IT team to unblock access by allowing traffic to specific domains required by Adobe services. Add custom Certificate Authorities (CAs) for SSL using the following command: export NODE_EXTRA_CA_CERTS=/path/to/your/custom-certificate.crt

  4. Ensure proxy settings allow traffic to these domains:

    • .adobeio-static.net
    • .adobeioruntime.net
    • .adobe.io
    • addons.adobe.com
    • adobe-addons.com
    • adobe-runtime.com
    • adp.adobe.io
    • developer.adobe.com
    • console.adobe.io
    • runtime.adobe.io
    • webhooks.adobe.io ``

  5. Check for any recent changes made in the Admin Console that might affect permissions or configurations.

  6. Confirm access to developer.adobe.com/console. If access is blocked, coordinate with IT administrators for resolution.

  7. Once all configurations are verified and network restrictions are addressed, retry commands such as aio cloudmanager:list-programs and aio cloudmanager org list.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f