[Hardik Gupta]

Up

0

Down

::

Hi @praspras6360gmail-com

We’ve seen this across multiple production deployments post-deployment. It’s almost always a service principal re-authentication issue; the integration carries cached credentials from lower environments and loses its active token in production.

Quick Fix (Tested):

1. Clear & Re-authenticate

– Data Integration > Edit project > Remove Connection

– Re-establish connection with fresh OAuth flow in production

2. Verify Azure AD Permissions

– Confirm service principal has “Dynamics 365 Finance and Operations” permission

– Grant admin consent if needed

3. Reset Batch & Reprocess

– Check Activity Monitor for failed batches

– Restart job with fresh authentication

The 403 error means invalid token/insufficient scope. Re-authenticating in production generates a fresh token and resolves it.

Let us know if this works or if you need to explore other approaches.

[andrew alwin]

Up

0

Down

::

403 in prod but not in other environments is almost always auth/permission or endpoint restriction, not code.

Things to check:

AAD App / Service Principal permissions

Make sure prod has the same API permissions + admin consent as UAT/dev

Endpoint / URL mismatch

Double-check the prod base URL and company name in the API call

IP restrictions / firewall

Prod endpoints may block requests if coming from different IPs

Token / auth setup

Ensure the token is generated for the correct tenant + environment

Batch service account

Check if the integration runs under a user/service account that lacks rights in prod

Also, the fact that retry/export fails suggests the initial failure is not clearing the batch state, so fix the auth first, then reprocess

In most cases like this, it ends up being missing permission or wrong app registration in production