For an anonymous application connection, an X-SUP-SECTOKEN cookie is generated when you create the application connection, and you must include the X-SUP-SECTOKEN in request header and cookie during subsequent read or write requests for the application settings. If you do not provide an X-SUP-SECTOKEN in the request for the anonymous application settings, you will receive a 403 error.