We developed a middleware service Web API app in .NET 6 with several endpoints and deployed it to Azure. We get a strange error with an endpoint that implements a POST method.
If we change the version of the endpoint from v2.1 to v3, Azure returns a http 403 error - it works perfectly in local environment.
To recap:
{{Baseurl}}/bookings/api/v2.1/checkout/nexi -> Status Code: 200 Ok
{{Baseurl}}/bookings/api/v3/checkout/nexi -> Status Code: 403 Forbidden
In the controller we have updated just the version no other changes are present.
How is it possible that azure stop the request on V3 version of the API? All endpoints, except this one, work perfectly.
We found out that the problem was an object in the request but we still don't understand why this is a problem only with v3 version of the endpoint
Disclaimer There's only limited information available and, at this point, there's no diagnostics on how other endpoints would behave with the changed route. Hence, all the below is a guesstimation and may very well be entirely irrelevant and misleading.
I note two things. First being that it seems to behave expectedly on your local system (and as far my experience goes, so does it on a server in a general case). So your specific hosting environment is a suspect here.
Second thing is the uncommon status code: 403 ko. It gives me sensation of a smelly concept because it should be 403 Forbidden, which means that the user is identified (has logged in, hence no 401 Unauthorized).
So my **guess*timation is that whoever set up your hosting (the infra dudes, devops or whoever governs the server environments at your place), made a boo-boo and somehow prevented certain patterns to be forwarded to the application.
This may be due to load balancer settings, docker orchestration, gateway configuration and, possibly, a bunch of other weird places that a developer should know of but will unwillingly horse around with.
Do you have access to those properties of your server environment? Or, at least, can you talk to someone who does?
I'd start looking into Azure's gateway and its traffic redirection.