Topic: Fidelity stopped working after using Quicken?

Hello!

I had, up until recently, successfully been connecting to Fidelity (non-netbenefits) using OFX. Then I downloaded Quicken, and connected, and now I receive an "Access Denied" error when attempting to connect. Oddly, this still works for NetBenefits.

I called Fidelity's Quicken help center, but the didn't have any answers. Has anyone else experienced this?

Here is my payload:

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:b22db18c968943ad8eb7fd2cf41c77ef

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20190803010358
<USERID>a
<USERPASS>b
<LANGUAGE>ENG
<FI>
<ORG>fidelity.com
<FID>7776
</FI>
<APPID>QBKS
<APPVER>1900
</SONRQ>
</SIGNONMSGSRQV1>
<INVSTMTMSGSRQV1>
<INVSTMTTRNRQ>
<TRNUID>eb7e09bf41a74d01be5ded8a4a13f4aa
<CLTCOOKIE>4
<INVSTMTRQ>
<INVACCTFROM>
<BROKERID>fidelity.com
<ACCTID>c
</INVACCTFROM>
<INCTRAN>
<DTSTART>20190703
<INCLUDE>Y
</INCTRAN>
<INCOO>Y
<INCPOS>
<DTASOF>20190803010358
<INCLUDE>Y
</INCPOS>
<INCBAL>Y
</INVSTMTRQ>
</INVSTMTTRNRQ>
</INVSTMTMSGSRQV1>
</OFX>

Previously this worked! But now I get the following return value:

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>

You don't have permission to access "http://ofx.fidelity.com/ftgw/OFX/clients/download" on this server.<P>
Reference #18.3e012417.1568725378.367c7459
</BODY>
</HTML>

Has anyone else experienced this? Any remedies or tricks to "undo" whatever (I assume) Quicken did to change access capabilities for Fidelity?

Re: Fidelity stopped working after using Quicken?

Update: This issue has fixed itself!

Here is my theory: Quicken possibly sends a token (such as a Bearer HTTP header), and I am assuming that that has since expired. Now, I'm able to continue accessing both netbenefits and my brokerage accounts as expected.

Whew!

Re: Fidelity stopped working after using Quicken?

A few weeks ago I posted about Discover Card no longer giving general OFX access to their servers; only Quicken can connect now.

I figured Quicken must be sending some sort of token to identify itself as Quicken so get access, but I didn't know what. So this "Bearer" header may be it. Can you post an example of it? Thanks.