API request turns 403 Forbidden Error

  • sengelmann
    Gefragt am 22. Juni 2023 um 06:00

    Wir machen API Calls von einem Cloudflare Worker und die kommen mit einem 403 Forbidden (error code: 1106) zurück

    API Calls von unserem eigenen Computer funktionieren aber ganz normal.

    Wo liegt der Fehler?


    RouteHandlerError: An error occured in the route handler "createInvoice".


    JotformError: An error occured in function "getSubmission".


    FetchResponseError: Fetch request returned unexpected response:

    >>> Status: 403

    >>> Status Text: Forbidden

    >>> URL: https://eu-api.jotform.com/submission/5632356697263799449

    >>> Body: "error code: 1106"



  • Olivia Product Triage Specialist
    Geantwortet am 22. Juni 2023 um 08:43

    Hi sengelmann,

    Thanks for reaching out to Jotform Support. Unfortunately, our Deutsch Support isn't available right now. So, I will try to help you in English, if you want to keep going on in your own language please just let us know.

    When I checked your account I saw that the option that prevents seeing the submissions without logging in was activated. We recommend you to deactivate this option and give it another try. Let me show you how to do that:

    1. Click on your account's avatar at the right top of your screen and select Settings.
    2. Go to the Security tab on the left.
    3. Now, unselect Require login to see submissions.

    API request turns 403 Forbidden Error Image 1 Screenshot 20Give it a try and let us know how it goes.

  • sengelmann
    Geantwortet am 22. Juni 2023 um 09:14

    Thanks a lot Olivia for you quick reply.

    Unfortunately this didn't help. I also tried to change the API token's permission from "read" to "full" which didn't help either. As I said previously: the requests I send from my own computer work perfectly fine. Only requests I sent from the Cloudflare Worker cause this issue.

    Therefore my guess would be that the Cloudflare Worker's IP address was blocked. Unfortunately these Workers have no static IP address and I also cannot see the currently assigned IP. But maybe you can see the IP of the request that cause the error and check if the IP was blocked.

    Thanks in advance for your help :)

  • Ryan Enterprise Support
    Geantwortet am 22. Juni 2023 um 17:12

    Hi sengelmann, 

    Thanks for getting back to us. Unfortunately, we can only check if the IP address has been blocked if you could provide us with the actual IP address. Can you test it again and provide us with the IP address that encountered the issue so that we can check?

    Once we hear back from you, we'll be able to help you with this.

  • sengelmann
    Geantwortet am 23. Juni 2023 um 01:20

    Hi Ryan,

    thank you for getting back to me. With a workaround I could get the IP of the Cloudflare Worker and made another request this morning, which again failed.

    Here are the details:

    • Time of the request: 2023-06-23 - 05:12:21 (UTC)
    • IP Address (IPv6): 2a06:98c0:3600::103
    • Result Status: 403 Forbidden
    • Result Body: "error code: 1106"

    I hope this is enough information for you to check if the IP was indeed blocked.

    Thanks for your help :)


  • Olivia Product Triage Specialist
    Geantwortet am 23. Juni 2023 um 02:56

    Hi Hi sengelmann,

    Thanks for getting back to us and providing the IP information. I've checked the IP address you provided and whitelisted it immediately. Can you please try it again if you still face with the same issue?

    Give it a try and let us know how it goes.

  • sengelmann
    Geantwortet am 23. Juni 2023 um 04:05

    Hi Olivia,

    thanks a lot for responding so fast. I just checked and it works again!

    Unfortunately I found out, that the issue of the IP being blocked doesn't necessarily mean, that I (my Cloudflare Worker) sent too many requests or something like that. Because all Cloudflare Workers share a pool of IP addresses, another worker (by someone else; that used the same IP in the past) may have caused the IP to be blocked. This means the problem could occur again.

    To circumvent this issue completely I already found an alternative solution. As I'm only interested in the data that was submitted in the form, the "rawRequest" field in the webhook payload contains all the information I need. I implemented some logic to get the data from the "rawRequest" field and updated all my systems already.

    Do you see any problem with this alternative solution? Is the "rawRequest" field subject to change or not always set?

    Thanks again for your help :)

  • Dagmar_B
    Geantwortet am 23. Juni 2023 um 04:31

    Hi sengelmann,

    we are gldd you could figure out an alternative solution. The  "rawRequest" field should not change or go missing, so this should work for you.

    Reach out again if you have any other questions.