{"section":"known-issues","requestedLocale":"en","requestedSlug":"callbackurl-always-returns-403-when-the-connector-owner-account-has-been-disabled","locale":"en","slug":"callbackurl-always-returns-403-when-the-connector-owner-account-has-been-disabled","path":"docs/en/known-issues/Payments/callbackurl-always-returns-403-when-the-connector-owner-account-has-been-disabled.md","branch":"main","content":"## Summary\n\n\nFor connectors using our PPP, the connector configuration includes a field called `accountName` that specifies the account used to publish the app. Typically, the `accountName` value is the same as the partner account name. However, when the partner publishes connectors with their infrastructure, they use a specific endpoint, which is not relative; this is how connectors using our IO infrastructure do.\n\nThis difference in publishing methods affects how the gateway builds the `callbackUrl`, which uses the `accountName` to determine the tenant. As a result, the URL construction is inflexible, and there are instances where the account associated with the accountName might be disabled and unable to accept requests. This leads to every request being denied with a 403 code since the gateway always uses this account to build the URL.\n\n\n##\n\n## Simulation\n\n\nThis scenario cannot be simulated unless a deactivated account is available.\n\n\n##\n\n## Workaround\n\n\nThere are some workarounds to this scenario, including changing the accountName where the connector was published and submitting a new publication request to switch the connector to our new \"wrapper\" solution. From the provider's side, they can replace the tenant with the current account when requesting a callback."}