Share via

Azure De-identification Service - both .Net cleint and Python Client SDKs are raising an 403 error

Thaenraj Packiamani 20 Reputation points
2025-02-14T04:43:09.11+00:00

I am trying to call the created Azure de-identification resource service URL's Deidentify Text function but keep getting the 403 - Forbidden error. Here are the steps I have followed:

Step 1: Created de-identification.azure.com service using my email ID and ensured the managed identity is set to 'on'.

Step 2: Downloaded both Python and .NET Azure SDKs from the Azure official URL:

Step 3: Instantiated the DeidentificationClient for the de-id resource endpoint and the Azure token credential created for client_id, client_secrets, and tenant in both the Python client app and the .NET app.

Step 4: Invoked the deidentify function from the DeidentificationClient and caught an exception '403 - forbidden'.

Step 5: I even tried the Azure health data de-identify text endpoint 'POST {endpoint}/deid?api-version=2024-11-15', and got the same error.

I debugged the code and the only information I got was the HTTP response error text '403 - forbidden', but I don't see any failure reason in the de-id resource activity JSON logs. I appreciate your help.

Azure Health Data Services
Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
179 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,159 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Loknathsatyasaivarma Mahali 465 Reputation points Microsoft Vendor
    2025-02-14T06:10:59.71+00:00

    Hello @Thaenraj Packiamani,

    Thanks for posting your concerns in Microsoft Q&A platform!

    The 403 - Forbidden error when calling the Azure de-identification service typically indicates authorization issues. First, ensure that the managed identity used has the necessary permissions, such as the Contributor role, assigned in the Azure portal under the "Access control (IAM)" section of your de-identification resource. Verify that you are using the correct endpoint URL in the format https://<your-resource-name>.azure.com and appending the appropriate path for the de-identification function, including the correct API version (2024-11-15). Check that you are acquiring the token correctly, targeting the Azure Health Data Services resource, and using the right scope (https://<your-resource-name>.azure.com/.default).

    • Also, from this document it clearly states that the default value of API version is "2024-07-12-preview".
      image (10)

    Also, for your better understanding refer the following documents and related community ANSWERS.

    I hope the above provided information will help in better understanding and solve your issue, if you have further queries or concerns, please feel free to reach out to us.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.