API call suddenly returns 403/Forbidden

we have a python script calling purge_cache periodically as a scheduled task. for months that ran just fine but today i noticed it was erroring out with 403/Forbidden.

i’m guessing this error started in may or june of 2022. took a while to troubleshoot and the result is that Cloudflare API is rejecting the default Python-urllib/3.x user agent.

once i changed the user agent header to some other value like curl/7.47.0, the API call started working fine.

anyone cares to speculate what that’s all about? Cloudflare suddenly decided to bounce Python-urllib user agents for some of its API calls. wtf?

Sounds like the User-Agent you’re having issues with has probably been added to the BIC list - https://support.cloudflare.com/hc/en-us/articles/200170086-Understanding-the-Cloudflare-Browser-Integrity-Check

that seems to be an unlikely reason. browser integrity checks are or at least should be for clients’ web sites not for cloudflare API calls.

also API calls are supposed to be from scripts and code libraries, not browsers. it’ll be ridiculous for Cloudflare to enforce browser integrity checks on its own API library.

even so, i actually disabled browser integrity check for the zone just to test this and as expected there was no favorable outcome.

but maybe that’s what they decided to do for their API library to be annoying, even if it’s simple to fool it.

@retroman did you find a solution for this? My Zone editing script started doing this now. I tried a new token, same prob.

@retroman my new token ultimately solved it.

in your case your token might have expired or somehow invalidated.

our script is still working fine with the fake user agent so we’ve just left it like that.