API is returning 403-Forbidden on a large number of our requests..??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are running AWS services to handle 3rd party onboarding for merchants into our PayPal for WooCommerce plugin.
For some reason we are getting a bunch of 403-Forbidden replies from the API instead of proper responses. We have tried assigning different dedicated IP addresses to our AWS configuration, but we're still having the same problem no matter what we try.
I have MTS ticket #10758076 open with more details, but have not had a reply there since 5/18. If anybody here can help get some eyes on that ticket it would be greatly appreciated.
Thanks!
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @angelleye,
Thanks for your post. Always great to see you around! Sorry that it's under unfortunate circumstances this time. The merchant tech side of things isn't my forte, but I asked someone to look into your ticket and my understanding is that the cause of the issue has been resolved at this point. Are you still experiencing the problem?
Olivia
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @PayPal_Olivia ,
Thanks for helping get some eyes on that ticket. We are still experiencing the problem, but we found a way to work-around it for now.
The PayPal API endpoint is https://api-m.paypal.com. This seems to be hosted by a Microsoft Azure cloud system, so it will resolve to a variety of IP addresses for different PayPal servers on this system.
What we have found is that if the domain resolves to 192.229.210.155 specifically, those are all being blocked. If it resolves to any other IP address then it works fine.
To get around this, we updated our script to use one of the IP's we know works directly instead of using the api-m.paypal.com domain, effecitively filtering out the bad IP address. Since we've done this we haven't seen any more failures, but this is not an ideal solution.
I do see a response in MTS today that they made an adjustment they're hoping will solve the problem. I'm about to run some more tests to see if that IP is accepting our requests now. I'll update accordingly.
Thanks again!
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just providing an update here. It turns out there was an issue on PayPal's side that the MTS team has now resolved.
They said there was a firewall rule that was blocking us, so I'm hoping for some more details about what that rule was, why we were the only ones being blocked...or were we..??
As of now the crisis is averted, but I'll update again as I get more info just in case somebody searches for this sort of thing in the future.
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @angelleye,
Thank you for the updates! You're always looking out for others and that's very appreciated!
Olivia
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This error indicates that the server has determined that you are not allowed access to the thing you've requested, either on purpose or due to a misconfiguration . It's probably because the site owner has limited access to it and you don't have permission to view it. The vast majority of the time, there's not much you can do to fix things on your (*client) end. There are four common causes for 403 Forbidden error (server side) . Here they are listed from most likely to least likely:
- An empty website directory
- No index page
- Incorrect settings in the .htaccess file
- Permission / Ownership error
If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Webhooks from PayPal Sandbox are not sending any JSON data, just headers in Sandbox Environment
- Is there an api to get a list of users who have requested a refund? in REST APIs
- GET /customer/partners/:partner_id/merchant-integrations/:seller_id returning 404 in Sandbox. Help! in Sandbox Environment
- Securing Return and Error URLs for Payflow Pro Transparent Redirect Implementation in Payflow
- How to see api calls in Event Logs, in Sandbox - using Postman PayPal APIs forked collection? in REST APIs