[question] @solana/pay findReference() fails with a 403 on mainnet-beta

[brihter]

It seems my website got blocked on mainnet-beta and I can't process Solana Pay payments anymore.

I have a website accepting payments through Solana Pay. During the process of payment, the website renders the QR code and starts pooling data from mainnet-beta checking for the payment reference every second. When the payment reference is found on chain, the pooling stops as the payment is complete.

This stopped working a while ago.

Now, the RPC request returns a 403 and the following response:

{
  "jsonrpc": "2.0",
  "error": {
    "code": 403,
    "message": "Access forbidden, contact your app developer or support@rpcpool.com."
  },
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

What I found is that the request goes through when removing the origin header from the request which would indicate my website is blocked.

From the documentation:

*The public RPC endpoints are not intended for production applications. Please use dedicated/private RPC servers when you launch your application, drop NFTs, etc. The public services are subject to abuse and rate limits may change without prior notice. Likewise, high-traffic websites may be blocked without prior notice.

Requiring private RPCs from merchants is a horrible user experience. Shouldn't the cost of payment infrastructure be covered with the transaction fee?

Anyway, what are my options? This is not a high-volume website, it's a tiny experimental project that can't afford a private RPC.

[jordaaash]

I'm afraid this isn't a Solana Pay-specific issue.

Please search or ask on the Solana Stack Exchange: https://solana.stackexchange.com

Someone there will have a better answer on the topic than I do!

[jordaaash]

Ah, I found your post there: https://solana.stackexchange.com/questions/4716/solana-pay-findreference-fails-with-a-403-on-mainnet-beta

I'll see if I can get someone to respond to it.

[brihter]

For anyone else dealing with the same issue, I ended up subscribing to Alchemy (referral link) who at the time of writing provide free-tier access to the mainnet. The free-tier offers 300M compute units that's enough for ~10M getSignaturesForAddress RPC calls.

A few additional things had to be implemented in order to make Solana Pay work:

• an RPC proxy (so that Alchemy's access token is hidden from the outside world) and
• exponential backoff when pooling (so that it doesn't break the bank and tries to stay within the free-tier limit).

I still maintain requiring private RPC servers from merchants is a horrible user experience. The RPC calls required for Solana Pay to work should be available on the mainnet.