All api requests are returning 403 after enabling SSL

hey guys, I run a dropshipping woocommerce store.
so I have an external site that uses my woocommerce API’s and webhooks to update the inventory and price of the items

ever since I enabled the SSL on my site all calls are being returned as 403 status.
looking at wp logs, it’s being sent by Cloudflare IP’s (not the original sender) and apparently with the headers messed up

now I tried a couple of solutions that I found here like turning off and on the universal SSL, and turning off browser integrity check, both have failed

i also submitted a ticket for Cloudflare support, and after a quick first reply, the ticket is unreplied for more than 24 hours now

what else can I do ? its an eCommerce site so the downtime is really hurting me

here is the correct picture, disregard the one above

on the left is a picture of the api call headers prior to enabling the SSL, and on the right is after
i think that is corrupting the JWT auth

SSL should have no impact on reachability. Your site had SSL before adding it to Cloudflare, right?

hey mate,
i just confirmed it. its cloudflare

i cloned the site into a new host, then using connected directly via the api, worked flawlessly
then i enabled cloudflare CDN (i didnt issue any SSL, so it just got lets encrypt), and i got a semilar error as the above

headers are being malformed after passing through cloudflare

Can you post the ticket #? You probably got an automated response. Did you reply to that? It usually gets a human’s attention after that.


guys functionality has been down for almost 4 days… ticket responses are once a day at max

i think i am going to switch DNS providers as i have to get this working

Maybe @cloonan can check the status of this ticket (1869725).

1 Like

hey @cloonan please check the posts here aswell for additional context, as i dont think its an SSL certificate thing only.
its generally the request header change while passing through cloudflare

1 Like

If CF was corrupting the request mid way, you would be able to tell by enabling logs on your origin? So if the key and all headers look good the only thing that might be blocking it is the IP it’s connecting from but if you had the IP address being forwarded then I have no clue. Maybe your API has a check for CF headers and blocks it? Otherwise I got no clue man, only other time i seen something similar was when CloudFlare would provide a captcha some of the POST material was being lost for me.

it is strange, its changing the requests headers as shown above

@sdayman do you have a paid support option because i cannot afford any further downtime

This topic was automatically closed after 30 days. New replies are no longer allowed.