tripit / api

TripIt's API Documentation and Support Forum
http://www.tripit.com/developer
Other
47 stars 16 forks source link

All requests to api.tripit.com returns HTTP 403 since 10 Dec 2016 #173

Closed famanson closed 7 years ago

famanson commented 7 years ago

Hi,

All requests that we send to api.tripit.com have returned 403s since 10 Dec 2016. These include even the OAuth requests for login/signup with Tripit and trip objects API requests. An example response looks like this:

<HTML><HEAD>\n<TITLE>Access Denied</TITLE>\n</HEAD><BODY>\n<H1>Access Denied</H1>\n \nYou don\'t have permission to access "http&#58;&#47;&#47;api&#46;tripit&#46;com&#47;oauth&#47;request&#95;token&#63;" on this server.<P>\nReference&#32;&#35;18&#46;b3f31502&#46;1481541432&#46;c1af19f\n</BODY>\n</HTML>\n

We had absolutely no problem before that time and this has been going on for a few days now. Are we doing something wrong or is there a problem on Tripit side that we don't know?

Thanks,

prasadkarkera commented 7 years ago

Hi,

Can you give me more information on the request you are making? What is the consumer key in the oauth request you are making?

Thanks

famanson commented 7 years ago

@prasadkarkera hmm is posting the key on a public forum a good thing?

famanson commented 7 years ago

@prasadkarkera We are getting 403s specifically on these 2 calls:

https://api.tripit.com/oauth/request_token https://api.tripit.com/v1/list/object

I can send you the consumer key, but preferably not on this ticket?..

prasadkarkera commented 7 years ago

Yeah, please send them to api-support@tripit.com and Include this issue id in your email.

famanson commented 7 years ago

@prasadkarkera thank you, I just got in touch

prasadkarkera commented 7 years ago

Hi,

I did not receive consumer key from you in the email, so I checked apps with names having esplorio. I found four apps and all four of them seem to have access to https://api.tripit.com/oauth/request_token. If you are referring to a different app, please send the consumer key to api-support@tripit.com and I will take a look.

Best Prasad

famanson commented 7 years ago

@prasadkarkera Sorry, I forgot to paste the key in the email. Could you please check it again now?

prasadkarkera commented 7 years ago

Yeah, this was one I already checked, but I made sure to check it again. I tried requesting token using postman and it worked for me.

prasadkarkera commented 7 years ago

Let me try to search the logs and see for your past failed requests.

famanson commented 7 years ago

thanks

famanson commented 7 years ago

@prasadkarkera in case it helps, there was a https://api.tripit.com/oauth/request_token?oauth_callback=https://api.esplor.io/auth/callback/tripit call at 12:07 p.m GMT Wed, December 14, 2016 that returned a 403

famanson commented 7 years ago

@prasadkarkera it'd be good if you could also let me know how you constructed the request via postman as well :)

prasadkarkera commented 7 years ago

Heres an example

screen shot 2016-12-14 at 4 44 20 pm
famanson commented 7 years ago

@prasadkarkera interesting, I think this is an issue on our side. We use a library to make these calls and the library itself uses httplib2 (python)

In [1]: from httplib2 import Http

In [2]: req = Http.request(Http(), 'https://api.tripit.com/')

In [3]: req
Out[3]:
({'connection': 'close',
  'content-length': '264',
  'content-type': 'text/html',
  'date': 'Thu, 15 Dec 2016 02:23:32 GMT',
  'expires': 'Thu, 15 Dec 2016 02:23:32 GMT',
  'mime-version': '1.0',
  'server': 'AkamaiGHost',
  'status': '403'},
 '<HTML><HEAD>\n<TITLE>Access Denied</TITLE>\n</HEAD><BODY>\n<H1>Access Denied</H1>\n \nYou don\'t have permission to access "http&#58;&#47;&#47;api&#46;tripit&#46;com&#47;" on this server.<P>\nReference&#32;&#35;18&#46;df81655f&#46;1481768612&#46;4245fee2\n</BODY>\n</HTML>\n')

whereas requests does not have the same 403 problem with the same query

In [1]: import requests

In [2]: req = requests.get('https://api.tripit.com/')

In [3]: req
Out[3]: <Response [404]>

(when used with a real oauth request, httplib2 fails with the same 403 while requests succeeds)

famanson commented 7 years ago

@prasadkarkera my next question would be what do you guys return a 403 for to direct requests to https://api.tripit.com? I'm debugging httplib2 itself but would speed up the process if we know that

prasadkarkera commented 7 years ago

We throw 404 for https://api.tripit.com/. The httplib2 library must be causing the issue here.

famanson commented 7 years ago

@prasadkarkera yes I can see that (I tested it with another library as in the last comment) but do you know under which circumstances does the server throw a 403? You also said earlier you'd look into the log, did you find anything?

prasadkarkera commented 7 years ago

Hi,

It looks like our cdn is blocking the user-agent: Python-httplib2. I am going to further check with our dev-ops team regarding this and will update you when we have a resolution. Meanwhile if you change the user-agent header on your side, the api should start working for you.

Sorry for the inconvenience.

Thanks

famanson commented 7 years ago

@prasadkarkera thanks for checking that, I figured it out yesterday when comparing the requests done by httplib2 and requests. The API calls are now working properly - if you guys could add that to the docs so others can avoid the same issue, it would be great. I shall close this ticket now