search

wix-incubator / DeviantArt-API

The DeviantArt API
https://www.deviantart.com/developers/
MIT License
35 stars 5 forks source link

Error 403 on `/oauth2/placebo` #251

Closed SomewhatDamaged closed 6 days ago

SomewhatDamaged commented 1 week ago

Getting a 403 error when trying to make a placebo call to check my keys. This was working fine, but has been going on for hours now.

According to the documentation:

If you recieve 403 errors that contain an HTML response rather than JSON, please ensure your client is sending a User Agent header and using HTTP compression for the request, we reject any requests not meeting this requirement.

I can verify that I am using compression and sending a User Agent. This is only happening on my production server and not my local environment (which is running the same code).

The body of the 403 is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: QT7gYbARTQpXAJR2I0a6xddeNmxCss_OKqCQp7rDLhXWXPwJUbzDrw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
redstonemercury commented 1 week ago

You likely were caught in a block during a DDOS mitigation. This can sometimes happen based on where your server is deployed and the IP block it's coming from, if you end up sharing a VPN with bad actors, etc. We realize sometimes these factors are completely outside of your control, but we always have to prioritize server health when maintaining the site.

This is likely fixed for you as of right now, so I'm closing it, but please reopen if you have further issues. Just FYI this may happen again during any sort of DDOS mitigation, so you might want to catch these errors and either wait, or retry at an interval, or something.

Also just FYI we also do rate limit traffic, so depending on how often you're hitting endpoints, you might see this same block. Our rate limiting thresholds change from time to time as we try to prune bad traffic and prioritize legitimate traffic, so if you get this same error but can occasionally get through, we may have changed our rate limiting thresholds and you might just need to lower the rate of requests to the APIs.

SomewhatDamaged commented 1 week ago

Yeah, seems clear now. Authenticated and connected.

Generally, my service only kicks off a request when a user asks for content, which at the moment doesn't trip any rates in normal use.

I'm hosted on DigitalOcean, and I'm fairly sure you've hit them once or twice before with such a block. I don't suppose there is a certification process planned or in place to get added to a whitelist?