Adobe Target Edge interact calls return 207 with “TGT-12201-403 Unauthorized Mbox host - localhost” error
Adobe Target Edge interact calls return 207 with TGT-12201-403 Unauthorized Mbox host - localhost error when Host Authentication is enabled.
Description description
When browsing site pages where Adobe Target Web SDK is sending interact calls via AEP Edge:
- Network panel shows HTTP 207 responses from
.../v1/interact. - Inside the response body, Target activity for user activity/product view events fails with errors like:
{
"type": "https://ns.adobe.com/aep/errors/TGT-12201-403",
"status": 403,
"title": "Unauthorized Mbox host",
"detail": "Mbox token is invalid: Unauthorized mbox host - localhost for client <clientCode>",
"report": {
"eventIndex": 0,
"request-id": "<request-id>"
}
}
]
From a business perspective:
- All Target user activity data collection fails for the affected events, and
- Experiences or targeting rules that rely on those events don’t work.
The issue persists:
- Across multiple environments (QA/STG/PROD), and
- Even from non‑VPN networks and different personal devices.
Disabling Authorized Hosts immediately stops the Unauthorized Mbox host - localhost error, but this isn’t an acceptable long‑term solution.
Resolution resolution
Update the implementation so that web.webPageDetails.URL always includes the protocol (http:// or https://) before enabling Target Authorized Hosts.
Once the URL is fully qualified, host authentication correctly resolves the real host (For example: www.example.com) instead of localhost, and the TGT-12201-403 error no longer occurs.