Very strange 403 error

[Zy19]

Overview

• Client ID: Li0opvV3txyPQjHzDQR8Sw
• Issue type: 403 Forbidden
• Summary: The request works on office computers (PC/Mac), but does not work on servers (Windows Server 2022 Datacenter)
• Platform: Windows Server 2022 Datacenter

Description

The request works on office computers, but does not work on servers. The application - Java/Spring boot/ NGINX. We used all Java frameworks, Yelp offers + Spring RestTemplate, everything is fine on office computers and don't work on servers.

We run PowerShell on local - fine, on servers - error:

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved.                            $headers=@{}

$headers.Add("accept", "application/json")s and improvements! https://aka.ms/PSWindows $headers.Add("Authorization", "Bearer oToWwvJEijK9U0CXIPPgkeVD ") $response = Invoke-WebRequest -Uri 'https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20&offset=0' -Method GET -Headers $headers Invoke-WebRequest : The remote server returned an error: (403) Forbidden. At line:4 char:13

• $response = Invoke-WebRequest -Uri 'https://api.yelp.com/v3/businesse ...
•             ~~~~~~~~~~~~~     + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException     + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

As far as we understand the problem is TLS_1_3, Yelp needs TLS_1_2, fixed, also just in case set http/1.1 (locally by default is was http/1.2 on servers).

Nope.

More information

We compare response objects from local and from server.

Endpoint

https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20)

Parameters or Sample Request

Parameters are above, GET call.

Response

Local, 200:
 
 result = {Response@1930} "Response{protocol=http/1.1, code=200, message=OK, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 request = {Request@1929} "Request{method=GET, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20, tags={}}"
 protocol = {Protocol@2014} "http/1.1"
 code = 200
 message = "OK"
 handshake = {Handshake@2016} "Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 peerCertificates=[CN=[yelp.com](http://yelp.com/), O=Yelp Inc., L=San Francisco, ST=California, C=US, CN=zs_ssl_intermediate_ca1, O=<>, C=US, CN=<>, OU=Enterprise PKI, O=<>, C=US] localCertificates=[]}"
 headers = {Headers@2017} "Connection: keep-alive\ncontent-type: application/json\nratelimit-resettime: 2024-05-15T00:00:00+00:00\nratelimit-remaining: 4969\nserver: envoy\nx-tracing-auth: 1PR2h6hCyGX9pM5jbsvoNBiEBxBJiG4LiBYqB94yqMs\nratelimit-dailylimit: 5000\nx-routing-service: routing-main--useast1-6c59645886-8mbqn; site=public_api_v3\nx-zipkin-id: 964fb0afe32b1cc3\nx-b3-sampled: 0\nx-mode: ro\nx-proxied: 10-65-137-148-useast1bprod\nx-extlb: 10-65-137-148-useast1bprod\ncache-control: max-age=0, no-store, private, no-transform\nAccept-Ranges: bytes\nDate: Tue, 14 May 2024 10:57:01 GMT\nVia: 1.1 varnish\nX-Served-By: cache-lga21951-LGA\nX-Cache: MISS\nX-Cache-Hits: 0\nVary: Accept-Encoding\nalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400\ntransfer-encoding: chunked\n"
 body = {RealResponseBody@2018} 
 networkResponse = {Response@2019} "Response{protocol=http/1.1, code=200, message=OK, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 cacheResponse = null
 priorResponse = null
 sentRequestAtMillis = 1715684221597
 receivedResponseAtMillis = 1715684222159
 exchange = {Exchange@2020} 
 cacheControl = null

Server, 403:

result = {Response@2420} "Response{protocol=http/1.1, code=403, message=Forbidden, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 request = {Request@1688} "Request{method=GET, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20, tags={}}"
 protocol = {Protocol@2424} "http/1.1"
 code = 403
 message = "Forbidden"
 handshake = {Handshake@2426} "Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 peerCertificates=[CN=[yelp.com](http://yelp.com/), O=Yelp Inc., L=San Francisco, ST=California, C=US, CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US] localCertificates=[]}"
 headers = {Headers@2427} "Connection: close\nContent-Length: 0\nServer: Varnish\nRetry-After: 0\nAccept-Ranges: bytes\nDate: Tue, 14 May 2024 10:56:13 GMT\nVia: 1.1 varnish\nX-Served-By: cache-fra-etou8220037-FRA\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1715684173.391716,VS0,VE0\nalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400\n"
 body = {RealResponseBody@2428} 
 networkResponse = {Response@2429} "Response{protocol=http/1.1, code=403, message=Forbidden, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 cacheResponse = null
 priorResponse = null
 sentRequestAtMillis = 1715684173379
 receivedResponseAtMillis = 1715684173389
 exchange = {Exchange@2430} 
 cacheControl = null```

## Extra information
Sample code (Java, we coded the key but byte array just in case - probably push/pull to GitHub changed something):

import java.io.IOException;
import java.util.Arrays;

import com.example.geo.providers.yelp.model.GeoYelpFusionIntroResponse;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;

public class GeoYelpFusionIntroService2
{

private GeoYelpFusionIntroResponse searchPoiOneShot() throws IOException
{

byte[] keyBytes = {111, 84, 111, 87, 119, 118, 74, 69, 105, 106, 75, 57, <....>};

String key = new String(keyBytes);

ConnectionSpec requireTls12 = new ConnectionSpec.Builder(ConnectionSpec.RESTRICTED_TLS)
 .build();

OkHttpClient client = new OkHttpClient.Builder().protocols(Arrays.asList(Protocol.HTTP_1_1))
 .connectionSpecs(Arrays.asList(requireTls12))
 .build();

new OkHttpClient.Builder().protocols(Arrays.asList(Protocol.HTTP_1_1)).build();

okhttp3.Request request = new okhttp3.Request.Builder()
 .url("https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20")
 .get()
 .addHeader("accept", "application/json")
 .addHeader("Authorization", "Bearer " + key)
 .build();

okhttp3.Response response = client.newCall(request).execute();

if (response.isSuccessful())
{
System.out.println();
}
else
{
System.out.println();
}

return null;
}

public static void main(String[] a) throws IOException
{

GeoYelpFusionIntroService2 geoYelpService = new GeoYelpFusionIntroService2();
geoYelpService.searchPoiOneShot();
}
}

=====================================================

We spent a working day trying to figure out what was going on, but we were running out of ideas.

We will be very grateful for any tips.

Regards,
Ian

[rockdog]

Hi @Zy19,

in our logs I can't find any 403's for the client_id you are providing. I see successful (response code 200) respones except for 1 request returning a 400 because of missing location/lat+lng on the business search endpoint.

[Zy19]

Thank you for the answer, RockDog,

We don't understand anything as well..

This is the log an hour ago.

So as far as I understand "Authorization: Bearer oToWwvJEijK.." that the server receives comes as if distorted, the server does not understand it and refuses to complete the command, and you do not see our requests, right?

Regards, Ian

---

Connected to the target VM, address: '127.0.0.1:51893', transport: 'socket' 17:59:19.063 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default 17:59:19.085 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context 17:59:19.087 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 0 of 20; total allocated: 0 of 200] 17:59:19.111 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 1 of 20; total allocated: 1 of 200] 17:59:19.115 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://api.yelp.com:443 17:59:19.138 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to api.yelp.com/146.75.120.116:443 17:59:19.139 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to api.yelp.com/146.75.120.116:443 with timeout 10000 17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1] 17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake 17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established 17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.3 17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_AES_128_GCM_SHA256 17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=yelp.com, O=Yelp Inc., L=San Francisco, ST=California, C=US 17:59:19.510 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [yelp.com, .admin.yelp.com, .biz.yelp.com, .m.yelp.com, .yelp.com, admin.yelp.com] 17:59:19.510 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US 17:59:19.516 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 161.97.64.238:51898<->146.75.120.116:443 17:59:19.516 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 60000 17:59:19.516 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1 17:59:19.516 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED 17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1 17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> accept: application/json 17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: Bearer oToWwvJEijK... 17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> user-agent: unirest-java/3.1.00 17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> accept-encoding: gzip 17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: api.yelp.com 17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "accept: application/json[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Authorization: Bearer oToWwvJEijK..[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "user-agent: unirest-java/3.1.00[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "accept-encoding: gzip[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.yelp.com[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" 17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 403 Forbidden[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: close[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Varnish[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Retry-After: 0[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Accept-Ranges: bytes[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Tue, 14 May 2024 15:59:19 GMT[\r][\n]" 17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Via: 1.1 varnish[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Served-By: cache-fra-etou8220042-FRA[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache: MISS[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache-Hits: 0[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Timer: S1715702360.532148,VS0,VE0[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400[\r][\n]" 17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]" 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 403 Forbidden 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Varnish 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Retry-After: 0 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Accept-Ranges: bytes 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Tue, 14 May 2024 15:59:19 GMT 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Via: 1.1 varnish 17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Served-By: cache-fra-etou8220042-FRA 17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Cache: MISS 17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Cache-Hits: 0 17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Timer: S1715702360.532148,VS0,VE0 17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 17:59:19.541 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection 17:59:19.544 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded 17:59:19.544 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 0 of 20; total allocated: 0 of 200] 17:59:19.562 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Cancelling request execution

[rockdog]

Hi @Zy19, are you sure you are using the correct API key? It should be 128 characters long.

If the API key would be malformed but everything else would be correct (hostname, parameters, etc) we would be seeing the request in our logs. However we don't see any 403's coming from your client.

Also: if these 403's would come from our API the response should be json and the reponse body should contain an error object with an error code. If you are seeing that, it would be helpful for debugging.

[bizmate]

17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 403 Forbidden[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: close[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Varnish[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Retry-After: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Accept-Ranges: bytes[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Tue, 14 May 2024 15:59:19 GMT[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Via: 1.1 varnish[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Served-By: cache-fra-etou8220042-FRA[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache: MISS[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache-Hits: 0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Timer: S1715702360.532148,VS0,VE0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 403 Forbidden

Most likely you have a Varnish instance configured as a WAF in your organisation dropping these types of requests. Investigate internally

[Zy19]

RockDog, BizMate - thank you very much.

BizMate - When you say “these types of requests” what do you mean?

It's just a hosting company, we need to tell them something and we call a dozen services, never had a problem.

Regards, Ian

[bizmate]

@Zy19 I cannot give you a deterministic answer, also your logs are application specific and not actual HTTP packets and it is all a troubloshooting exercise of your solution rather than a problem on the Yelp api. I suggest you look up what a WAF is. Also I have not suggested you consult the hosting company, but to "Investigate Internally" ... it could be your own code but it is totally up to you to establish.

Do you get the same error If you run the same request from an external client like Postman?

[Zy19]

Hello @bizmate,

OK, I see, but seems to us - it's not a problem of our code: I attached 2 requests, server and local, these are 100% the same, but results are different. Ot's not Postman, but SoapUI.

Regards, Ian

UPD: Also (I forgot so say) SoapUI shows us 2 certificates of Yelp, so it means our request reached your server, but requests were rejected:

Peer Certificate 1: [ [ Version: V3 Subject: CN=yelp.com, O=Yelp Inc., L=San Francisco, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits params: null modulus: 23314...817 public exponent: 65537 Validity: [From: Wed Nov 22 01:00:00 CET 2023, To: Fri Dec 06 00:59:59 CET 2024] Issuer: CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US SerialNumber: [ 0ef12baa d3b98176 645150d4 34a3701a] ......

[Zy19]

Hello,

Reproducing the problem is even easier than we thought, you just need to paste this URL into your browser

https://api.yelp.com/v3/businesses/VcRgzCMcY7QXMEAcAnljtg

You should get: {"error": {"code": "VALIDATION_ERROR", "description": "Authorization is a required parameter.", "field": "Authorization", "instance": null}}

From our servers we get a 403 error.

We contacted our hosting company, maybe they can tell us something.

Many thanks for the help.

Regards, Ian

[Zy19]

Hello @bizmate,

You were right - we connected by VPN (not each fits) and it works, so it means it's our hoster network settings as you said.

Thank you again.

Regards, Ian

[khansuhel]

@Zy19 taking from your last comment that it’s not a problem on Yelp’s side. Closing this issue.