All api requests are returning 403 after enabling SSL

a7medo778 · April 15, 2020, 3:02pm

hey guys, I run a dropshipping woocommerce store.
so I have an external site that uses my woocommerce API’s and webhooks to update the inventory and price of the items

ever since I enabled the SSL on my site all calls are being returned as 403 status.
looking at wp logs, it’s being sent by Cloudflare IP’s (not the original sender) and apparently with the headers messed up

now I tried a couple of solutions that I found here like turning off and on the universal SSL, and turning off browser integrity check, both have failed

i also submitted a ticket for Cloudflare support, and after a quick first reply, the ticket is unreplied for more than 24 hours now

what else can I do ? its an eCommerce site so the downtime is really hurting me

a7medo778 · April 15, 2020, 3:18pm

here is the correct picture, disregard the one above

a7medo778 · April 15, 2020, 4:12pm

on the left is a picture of the api call headers prior to enabling the SSL, and on the right is after
i think that is corrupting the JWT auth

sdayman · April 15, 2020, 8:27pm

SSL should have no impact on reachability. Your site had SSL before adding it to Cloudflare, right?

a7medo778 · April 16, 2020, 7:03pm

hey mate,
i just confirmed it. its cloudflare

i cloned the site into a new host, then using connected directly via the api, worked flawlessly
then i enabled cloudflare CDN (i didnt issue any SSL, so it just got lets encrypt), and i got a semilar error as the above

headers are being malformed after passing through cloudflare

sdayman · April 16, 2020, 7:07pm

Can you post the ticket #? You probably got an automated response. Did you reply to that? It usually gets a human’s attention after that.

a7medo778 · April 16, 2020, 7:25pm

1869725

a7medo778 · April 17, 2020, 2:24pm

guys functionality has been down for almost 4 days… ticket responses are once a day at max

i think i am going to switch DNS providers as i have to get this working

sdayman · April 17, 2020, 2:30pm

Maybe @cloonan can check the status of this ticket (1869725).

a7medo778 · April 17, 2020, 2:55pm

hey @cloonan please check the posts here aswell for additional context, as i dont think its an SSL certificate thing only.
its generally the request header change while passing through cloudflare

a7medo778 · April 18, 2020, 5:57am

it is strange, its changing the requests headers as shown above

a7medo778 · April 18, 2020, 5:58am

@sdayman do you have a paid support option because i cannot afford any further downtime

system · May 15, 2020, 3:02pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Wordpress SSL issue with API Security	2	742	June 27, 2023
WooCommerce + Host error 520 (Admin dashboard and User) Website, Application, Performance	0	519	October 23, 2023
401 Authorization Errors when attempting Woocommerce REST API requests General	1	1369	July 25, 2023
A Cloudflare setting that is preventing a Rest API from working Security Center	4	8754	October 6, 2023
Wp-json woo api not working with cloudflare Rules	6	1611	October 29, 2023

All api requests are returning 403 after enabling SSL

Related topics