We used the third-party web app and tried to integrate this Google API for Translation.
Currently, it's working OK. We can call the API to do the translation.
However, when we started to restrict this by using the HTTP REFERRER. We keep getting: Requests from referer are blocked.
On the URL, we tried the combination below and no luck:
*.ourdomainname.com/*
ourdomainname.com/*
The developer helped us to identify this and come up with this error detail:
Requests from referer <empty> are blocked.
Any ideas? Currently, it's working OK if we are not putting any restrictions, which is not good :) We prefer to restrict this.
I'm appreciated your feedback.
Thanks
Related
I have an API developed in PHP for my Flutter web app. I am using this API to fetch all the data. But, I can see all the requests made to the server.
Is there any way to hide/restrict any unauthorized person to use my API? I am using HTTP library to make calls from my flutter app to API. I just want to hide those calls to web API. I have seen some websites do that. Since the server code and website code in those websites are in the same directory it can be accessed directly without having to make a request to the webserver.
Two problems I see are
You are able to see all the request made to backend server from your web page and you want to hide them.
The answer to this is No you cant. I say this based on my search in google and some posts in SO like this
You may think about disabling the developers tools. The answer is No and maybe with unknown side effects.
Is there any way to hide/restrict any unauthorized person to use my API?
The answer to this question is yes and can be done in many approaches. Like you said token based authorization has its own issue with keys being leaked and thats why there is always validity associated with it and should be considered. There are mechanisms such as refresh tokens to renew tokens etc.
The first and foremost thing I would do is enable CORS mechanism in your sever where the server will only allow request from very specific domains to be processed. More details available here
I am creating a php application with the Coinbase API and the blockchain.info API. My (000webhost.com) webhost's communications with coinbase.com and blockchain.info API servers are getting a HTTP 403 CloudFlare Captcha. This completely cripples the API. I tried connecting with HTTPS, and tried changing the user agent, tried curl(), tried file_get_contents(), but I can't seem to get a real response from the API servers.
This is the error I get:
http://s10.postimg.org/ff8ggm6yx/Cloud_Flare_error2.jpg
Thanks for any help, I've been trying to figure this out for days.
The captcha is a security challenge page presented based on the security settings selected by Coinbase. Either the IP you're using or the user agent you're sending triggered the security challenge page here. If you complete the captcha (in a browser) a cookie would be temporarily set indicating you've passed this security challenge page successfully. Your best bet would be to contact Coinbase's support folks if you are still seeing this issue, and request that they consider whitelisting your IP address so that in the future you wouldn't receive a security challenge page like the one you indicated.
Disclaimer: I work at CloudFlare.
Until recently we have been using the old gapi php class to extract Google Analytics data from a variety of sites that we manage.
In a nutshell at night the sites download the Analytics data and stores it locally. Until recently it worked beautifully but all of a sudden we started receiving all sorts of weird errors like CaptchaRequired.
Anyway I've done some reading and got the impression that it was time we move to the new Google APIs platform and while I have tried to follow the HelloAnalyticsAPI tutorial we initially got a 403 error but now after leaving it for a while when I try and run the app I get redirected to Google to login.
I just don't seem to be able to get my head around it. We need to completely automate this process so redirecting to login on the Google site isn't going to cut it.
Can anyone help? Anyone seen these issues?
Use google api client for php, it's easy
http://code.google.com/p/google-api-php-client/
And dev guide for analytics (V3):
https://developers.google.com/analytics/devguides/config/mgmt/v3/
Google sends Captcha responses if they are unsure about the authenticity of the request. This can be caused by multiple requests from the same IP for various different accounts, use of the ClientLogin authentication mechanism, and even weak passwords on the account you are logging in to.
To prevent them, I would recommend using OAuth 2.0 for the authentication - there are other security benefits to using this too.
I am having problems sending requests to the Google Places API because my machine is behind a proxy with authentification. I successfully worked around this in the past by using a context when sending http requests from PHP. I have trouble getting this to work with HTTPS from Google places and the easiest way would be to just use HTTP.
I cannot find the link for the HTTP API. The basic URL for requests is:
https://maps.googleapis.com/maps/api/place/search/output?parameters
(source: http://code.google.com/apis/maps/documentation/places/).
I am looking for a way to connect to this API without using https. Just using http://maps.googleapis.com/maps/api/place/search/output?parameters results in a 404.
Thanks,
David
You should write 'json' or 'xml' instead of 'output' in url.
like http://maps.googleapis.com/maps/api/place/search/json?..
I'm using the Zend Framework, specifically the Zend_Feed class, to grab the Facebook XML feed at http://www.facebook.com/feeds/page.php?format=rss20&id=120635284755 and merge it with a similar Twitter feed for display on a website.
The problem is that while I can grab the feed absolutely fine from both my local and remote testing servers, when I launch the app live at [http://www.pycsam.com.au], it is receiving a 403 response code.
Until I work out what is going wrong, I am mirroring the Facebook feed through my testing server, which proves that it works just fine, but it's not a good long-term solution since it requires an extra request.
Is anybody able to tell me why I would be receiving a different response from the Facebook server when the request is coming from different servers?
Many thanks in advance!
403 means "Forbidden". This can have any number of reasons:
You need to authenticate at some point, and the authentication doesn't work
The IP you are making the request from is blocked by Facebook's servers for some reason
There is a proxy somewhere in between blocking access (rather unlikely I'd say)
you may be able to get more detailed info by checking what the request body has to say.