this post was submitted on 26 May 2024
6 points (100.0% liked)

Programming.dev Meta

2474 readers
2 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 1 year ago
MODERATORS
snowe
Ategon
6
403 on API endpoints (lemmy.readme.io)
submitted 5 months ago by refalo to c/meta
6 comments fedilink hide all child comments
 

Tried to use several different API endpoints as described in the link, but they all return 403 with a cloudflare "Just a moment..." html reply. Even tried copying an existing jwt token from a working logged-in browser but the same thing still happens.

Any idea what I could be doing wrong?

curl -v --request POST \
     --url https://programming.dev/api/v3/user/login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{"username_or_email": "redacted", "password": "redacted"}'
...
< HTTP/2 403
...

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>
...
top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 5 months ago (1 children)

You're not passing cloudflares anti bot challenge. This is known to be a hard problem, as obviously CF is highly motivated to stop bots

[–] refalo 3 points 5 months ago (1 children)

then what is the point of allowing bots on lemmy if they can't work?

[–] [email protected] 1 points 5 months ago

Bots on Lemmy are allowed, that's why the API exists.
Bots on programming.dev seems are not allowed since all endpoints require to pass CF.

[–] [email protected] 3 points 5 months ago (1 children)

I have no knowledge of this specific issue but 403 means unauthorized and the "Just a moment" response is usually because the server sends a JavaScript challenge to verify that you are a 'real' browser/user. It's an anti bot verification and you're not passing.

[–] refalo 3 points 5 months ago

yes but this defeats the whole point of allowing bots on lemmy in the first place.

[–] Ategon 3 points 5 months ago* (last edited 5 months ago)

If you want to run a bot against our api I'm able to whitelist ips to bypass the bot check. Feel free to reach out on matrix