Page 60 of 61 if Forbidden when using pagination

[pbldmngz]

I've encountered this issue specifically on one of my paginated requests:

https://pokeapi.co/api/v2/pokemon?offset=1218&limit=21 is just fine.

https://pokeapi.co/api/v2/pokemon?offset=1239&limit=21 This raises 403 - Forbidden

https://pokeapi.co/api/v2/pokemon?offset=1260&limit=21 is just fine.

Basically I created pages of 21 elements, which gives me around 61 pages. Page 60 is the only one that it seems that I cannot access. Is there some secret Pokemon there or why could this be happening?

This is the consumer app I was toying around with when I found out:

Originally posted by @pbldmngz in https://github.com/PokeAPI/pokeapi/issues/135#issuecomment-1551374609

[Naramsim]

Does it happen consistently or only in the last few days? Might be a cache problem.

[Naramsim]

On my side i don't get your 403, so i think it's a rare cache problem. Could you wait a few days and update us?

[phalt]

That's a very odd behaviour and I think Naramsim is correct - this feels like a caching issue. There shouldn't be a reason for the 403 at all, even without a user-agent header (if you know adding a user-agent header solves it, you should use it!)

[ddmuzyk]

I'm also receiving a 403 error (Forbidden) on some of the pokemon requests on my side - for example this one "https://pokeapi.co/api/v2/pokemon/yveltal" doesn't work. My site doesn't have a server, for the past month everything worked fine. It started happening yesterday.

[ddmuzyk]

Or did I receive a ban of some sort by the pokeApi

[phalt]

Hmmm where are you sending your API requests from? Cloudflare may be blocking you if you're sending a lot of requests.

[ddmuzyk]

From Poland, although now I reduced the number of requests to the API and I don't see the problem anymore, will see if it happens again. But it wasn't a cache problem I think cause I had the same issue when requesting on my phone.

[Gabb-c]

I'm also recieving some 403 in my tests:

Node: lts/hydrogen OS: Ubuntu latest

[phalt]

In our security logs on Cloudflare I can see a significant number of blocked threats (in excess of 100,000 requests) from Colombia and Brazil. This is likely triggering Cloudflare to be extra sensitive for all traffic. We should double check firebase isn't setting off these 403's though just to be sure

[Naramsim]

Hmm, I modified some parameters in our function on GCP. Let's see if this changes something. Otherwise, the issue might be in the function's dependencies update I did the other day.

If the issue doesn't resolve I'll roll back

[pbldmngz]

After several attempts over the days, this is what I know:

• The page that gets the 403 FORBIDDEN seems random at first, but it's consistent at least for a few minutes
• I happens when I try to run through all the pages, so it might have to do as you say with some sort of limiter as I'm doing a lot of requests in a few seconds (60 requests for the pokemons, 21*60 for the sprites, all that from the same IP in 30 seconds)
• I was no longer able to reproduce the issue today

[PauliusRap]

I had similar situations to @pbldmngz :) but the situation seems to have been fixed or at least improved. Thanks!