This came up in a recent case with a Partner. Their B2 is exposing a new endpoint in Learn for their external server make calls to. (Example: webapps/abc-myb2-VeryLogSaaSDBschemaName/MyEndpoint) Everything worked fine on their test system. But when they deployed to a recent 3100 build, the calls the external server made were not getting through to Learn. Why? Because newer builds of Learn have the 'Security Management: Cookie Disclosure' B2 installed and active. This B2 forces you to accept Blackboard's Cookie Disclosure Agreement before logging in. It also blocks incoming calls to endpoints like that described. There is no impact on our REST APIs. I've not checked our Web Service SOAP APIs yet... In any case, how do you work around it? Put a cookie in your cookie jar. Just set a cookie with name="COOKIE_CONSENT_ACCEPTED" and path="/" in your cookie jar, so it's sent with every request. Hope this helps the next developer who runs into this one!