Getting a 403 error with 7k calls from the same IP while using multiple devices


Our team has been having this issue of sending a REST API call to a 3rd party API and getting back 403 errors. It’s been happening for the past 4 weeks, everything we’ve done comes back with the same error. I’ve contacted the 3rd party company that hosts the API and they said that it comes to them as bot behavior, where they receive 7k calls within the span of an hour and it’s tied to my IP. The issue here is that:

  1. We get 403 errors immediately, not after a certain amount of calls but the very first call it gives us this error.
  2. I’ve tried using several different devices, using my Wifi, 5G (on mobile), using a VPN to connect from several different countries (to change my IP) on each device. But it all still gives us the same error.
  3. Our team is actually fully remote and we are scattered all around the US, every single one of my teammates get the exact same error.
  4. They asked us to try their demo app to make sure there’s nothing wrong with our code, I tried it with every device I have, again changing the forms of connection to change my IP. And our entire team still gets this same 403 error when they try it as well.
  5. We are calling it from C# (using Unity) but we also have a website that calls those exact same endpoints using JavaScript (I’ve peeked at the links for the endpoints for both languages and they are exactly the same). But the website never gives us any trouble, no 403s.
  6. When the issue first occurred, we did not touch that aspect of the code. It just one day broke down without us changing anything.

I’ve heard it might be a firewall issue, where it’s denying access to calls coming from Unity. But since we are not the ones in control of the server, I cannot say for certain. Anytime I bring up what could be causing the issue, they just point back to “us being bots”, throwing that 7k call figure, and saying the issue is that it’s all coming from the same IP (my IP, none of my other teammates’ IPs).

There is a GitHub issue on their repo that is saying that the server is configured wrong, it is still open as of the time of this writing, and it gives credence to the fact that it is a firewall issue. However, I brought this up as well, and was greeted to another “it’s a bot issue”. Here is their GitHub issue:

I do not know anything about how Cloudflare works nor it’s interfaces. But I do have an understanding of the inner workings of how remote/hosting servers, CDNs, and the like. What I’m asking for here is some assistance, a nudge or a lead at the very least, on how to solve this conundrum, so I can confidently tell them where to look, or assess what is the real issue at hand. That way I can either finally get this game breaking bug fixed or tell my boss it’s a lost cause.

You will need to contact the owner of the API regarding the 403s. They are the ones in control of their zone’s Cloudflare Firewall settings, they will be able to see why the requests are being blocked in their Firewall event log

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.