Skip to main content

MIKRO002 - MikroTik Authorization Failed

Agent error code #MIKRO002 indicates that the MikroTik user authenticated successfully but lacks the permissions required to read or modify the firewall address-list. The REST endpoint returned HTTP 403 Forbidden.

Common causes include:

  • The user is in a group missing the rest-api policy (required on RouterOS v7.1+)
  • The group lacks the write policy needed to add or remove address-list entries
  • The user is in a read-only group like read or a custom group with no firewall write access

Steps to Resolve

Review the Group Policies

  1. In RouterOS, open System > Users > Groups
  2. Select the group the service user belongs to (e.g., knocknoc)
  3. Ensure these policies are enabled: api, rest-api, read, write, policy
  4. Save and retry the operation from Knocknoc

Use a Dedicated Group

If your service user is in the built-in full group only to give it the right permissions, create a tightly-scoped custom group instead. Disable everything except api, rest-api, read, write, and policy. This limits blast radius if the credentials are ever leaked.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top