Summary
After migrating a Reltio tenant from AWS to GCP (<tenantId>on <environment>. The D&B Workato connector buttons in the UI (“Get D&B Match” and “Get D&B Company Info”) stopped working.
Clicking the buttons resulted in a 401 error from APIM:
com.reltio.services.rih.proxy.service.http.IHttpClient.StatusException:
401: [{ "error": "Access to this API has been disallowed" }]
Symptoms
-
UI buttons:
Get D&B Match
Get D&B Company Info
-
Behavior:
Buttons appear in the UI, but clicking them does not trigger successful enrichment.
HAR trace and backend logs show APIM returning 401 – Access to this API has been disallowed.
"innerErrorData": { "exception": "com.reltio.services.rih.proxy.service.http.IHttpClient. StatusException:401: [{\n \"error\": \"Access to this API has been disallowed\"\n}]", "stack": [] }
Customer Scenario
The customer originally had the D&B Workato integration working on AWS.
The tenant was migrated from AWS to GCP.
-
Post-migration, the D&B UI buttons stopped working:
APIM endpoint changed (to a different workspace/region).
-
Customer and Reltio reset:
API key,
APIM collection endpoint,
API collection,
RIH Proxy (per
MANF-9222).
Despite these resets, the 401 error persisted.
Root Cause
The profile name configured in the UI plugin did not match the RIH Proxy profile name exactly.
The names are case-sensitive, and the mismatch was subtle:
-
UI Configuration:
"profileName": "<tenantId>_DnB_API" -
RIH Proxy Profile Name:
<tenantId>_DNB_API
Difference: the “n” in “DnB” vs “DNB”.
Because of this mismatch:
The UI plugin invoked the RIH Proxy using a non-existent/unauthorized profile.
APIM rejected the request with 401 – Access to this API has been disallowed.
The AWS → GCP move was not the direct technical cause; it just coincided with the misconfiguration and made it appear migration-related.
How the Issue Was Fixed
-
Reviewed UI Configuration
The D&B plugin configuration in Physical/UI configurations included:
{
"id": "D&B",
"views": [
{
"id": "com.reltio.plugins.entity.org.GetMatchButtonView",
"label": "Get D&B Match",
"url": "https://360-rih-proxy.reltio.com/api/v1/proxy/workato/invoke_endpoints",
"success": "Success! Please reload this profile and review the 'Verification' details to check whether a match was found. Resolve the Potential Match to enrich the profile.",
"fail": "Failure:",
"loading": "Processing...",
"height": 34,
"profileName": "<tenantId>_DnB_API",
"workatoEndpoint": "https://apim.workato.com/equinix311/trigger-recipes/dev-dnb-api-real-time-enrichment-rest-api?doNotMerge=true&dataBlocks=companyinfo_L2_v1,hierarchyconnections_L1_v1&entityURI=",
"proxyMethod": "POST"
},
{
"id": "com.reltio.plugins.entity.org.GetCompanyDetailsButtonView",
"label": "Get D&B Company Info",
"url": "https://360-rih-proxy.reltio.com/api/v1/proxy/workato/invoke_endpoints",
"success": "Success! This profile should now be enriched with the latest company information.",
"fail": "Failure:",
"loading": "Processing...",
"height": 34,
"profileName": "<tenantId>_DnB_API",
"workatoEndpoint": "https://apim.workato.com/equinix311/trigger-recipes/dev-dnb-api-real-time-enrichment-rest-api?doNotMerge=false&dataBlocks=companyinfo_L2_v1,hierarchyconnections_L1_v1&entityURI=",
"proxyMethod": "POST"
}
]
}
-
Compared Against RIH Proxy
The RIH Proxy username/profile was
<tenantId>_DNB_API.
-
Corrected the Profile Name in UI Config
-
Updated the UI configuration:
From:
"profileName": "<tenantId>_DnB_API"To:
"profileName": "<tenantId>_DNB_API"
-
-
Result
After updating and saving the UI configuration, the D&B buttons started working again.
Subsequent clicks correctly invoked the Workato recipe through APIM and RIH Proxy, and enrichment was completed as expected.
Troubleshooting Checklist for Similar Issues
If D&B (or any RIH/Workato-based) UI buttons suddenly stop working, and you see a 401 with “Access to this API has been disallowed”:
-
Check APIM / RIH Error
-
Confirm the error in HAR or logs:
StatusException:401with"Access to this API has been disallowed".
-
-
Verify Profile Name Consistency (Case-Sensitive)
-
In UI configuration:
Inspect the plugin view’s
profileName.
-
In RIH Proxy:
Check the actual profile name used for that integration.
-
Ensure they are identical, including:
Uppercase vs lowercase,
Spelling (e.g.,
DNBvsDnB).
-
-
Validate Workato Endpoint & Keys
-
Confirm:
workatoEndpointURL is correct for the environment (e.g.,devvsprod).API keys and APIM collections are current and match the new region/workspace after migration.
-
-
Re-test After Corrections
Update configuration if needed.
Save and reload the profile in the UI.
-
Click the button again and verify:
No 401 errors.
Enrichment details are updated on the entity profile (for entity-based connectors).
- Steps taken to apply the DnB connector to production.
Prereqs.
- Ensure your D&B Data Blocks integration is deployed in Reltio Integration Hub (RIH), and you meet the connector prerequisites.
- Users who should see/click the buttons must have a D&B connector role (e.g., ROLE_DNB_CONNECTOR).
Step 1: Create the RIH Proxy token (used by the buttons)
Step 2: In Tools → API Platform:
- Create a new API Client (Auth method = Auth Token) for the D&B REST API collection.
- Generate an API Key (profile name convention like {tenantId}_{apiCollection}) and keep the token handy; you’ll reference this profile name in the UI config.
Step 3: Wire up RIH connections (RIH project)
- In Integration Hub → Projects → Connections:
- Open D&B | CON | Reltio Platform Connection and enter your Reltio environment URL, tenantId, clientId, and clientSecret. Enable Use Client Authorization.
- Open D&B | CON | D&B Services Connection, provide the D&B API key/secret, and select the licensed Data Blocks you plan to use (Company Info, Principals & Contacts, Hierarchies & Connections, Diversity Insights). Connect and verify.
Step 4: Enable recipes and API endpoint
- In your project/workspace, enable the real-time recipes (e.g., Real Time Enrichment – Match and Append).
- In API Platform → API Collections, activate the Real Time Enrichment – REST API endpoint.
- Enable the single-trigger recipe (Real-Time Enrichment – REST API). (One trigger covers all buttons; parameters drive behavior.)
- Make sure that Schema validation is disabled
Step 5: Open a Support ticket to register the profile with the provided API key. Please provide the name of the API key. The profile name will be returned.
Step 6: Add the buttons to the Organization UI (UI Modeler)
- Go to Reltio Console → UI Modeler → Import/Export UI Config Files and download com.reltio.plugins.entity.organization.json. Back it up.
- In the JSON, locate the top-level sidePanelViews array and add a section (e.g., "id": "D&B") that contains three CustomActionView entries—one per button:
- Get D&B Match (does not merge, returns candidate)
- Get D&B Company Info (merges new data)
- Get D&B Hierarchy & Contacts (pulls hierarchy & principals/contacts)
Step 7: For each button, set the key fields (names vary a little by your environment):
- "class": com.reltio.plugins.ui.CustomActionView
- "label": Button text (as above)
- "url": RIH proxy endpoint (e.g., https://360-rih-proxy.reltio.com/api/v1/proxy/workato/invoke_endpoints)
- "profileName": the API Key profile name you created in step 5 (e.g., DnB-_REST_API_Collections)
- "workatoEndpoint": Your Workato/RIH endpoint plus parameters. Typical patterns:
- Match: .../dev-dnb-api-real-time-enrichment-rest-api?doNotMerge=true&dataBlocks=[list]&entityURI=
- Company Info: doNotMerge=false&dataBlocks=[list]&entityURI=
- Hierarchy & Contacts: doNotMerge=false&dataBlocks=[list]&entityURI= (include hierarchy/principals blocks)
- "proxyMethod": POST
- "action.permissions": allow the proxy and Workato domains (e.g., https://360-rih-proxy.reltio.com, https://apim.workato.com)
- "action.files": include the published helper script for the proxy action if provided by Reltio
- "canRead.roles": include ROLE_DNB_CONNECTOR (and admins, as needed)
Step 8: Re-upload and publish the modified UI config.
Comments
Please sign in to leave a comment.