Any request with an empty content body and content-type application/json returns a 403 from cloudfront. This likely happens due to cloudfront trying and failing to parse the json. This change occurred recently 1-2 weeks ago. If this is suppose to happen then great. It is still a change in the api and I saw no recent annoucements about it
What specifically is the request you’re making?
There have been some recent changes that have impacted people sending a body (even if it’s an empty body) on a GET request and it causing issues, and that’s because sending a body with a GET request is non-standard. So make sure the requests you are sending conform to the specification as if you’re sending malformed requests (eg, a body on a get request) then that’s an issue on your end.
What specifically has been changed? Also running into this issue getting cloudflare’s 403 from both Get Users and Get Ads Schedule endpoints. A body is not being sent with the request and both types are x-www-form-urlencoded, what gives?
Both of these endpoints are GET endpoints
There shouldn’t be a Body sent by you to the server
But you stated there is one by declaring a content-type of x-www-form-urlencoded
So do not send a content-type header with a get request
But you stated there is a body and the body is of type x-www-form-urlencoded doesn’t matter that a body wasn’t included, as you technically caused an error by saying there is a body then didn’t send one
I have been banging my head against this for a week and didn’t realize I could omit the content type, thank you. (Was losing my shit trying different methods!)
EDIT: Omitted content type, still getting 403. CURL is working fine so back to head banging. 
Hehe well for clarity:
| header | notes |
|---|---|
Accept |
hey server I’m expecting content of this type (any sort of request) |
Content-Type |
hey server I’m sending you content of this type (generally POST/PATCH/PUT) |
Whats the body message?
And/or what does your code look like?
(DEBUG) GET USERS: → Lookup request for user twitch
(DEBUG) GET USERS: API ENDPOINT https://api.twitch.tv/helix/users
(DEBUG) GET USERS: SET HEADER Client-Id
(DEBUG) GET USERS: SET HEADER Authorization Bearer
(DEBUG) GET USERS: SET METHOD: GET
(DEBUG) GET USERS: FETCHED https://api.twitch.tv/helix/users?login=twitch
GET USERS
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront) Request ID: 1SEp7yz5fCitWUy6FKYKqVd0uTJkBBE8vGYrgbkdA7qcOITkNoPGbg==GET USERS 403 GET USERS Forbidden
What about the code making the call
and the actual request made? In case whatever it doing these DEBUG messages is adding something it shouldn’t
The debug messages are from my applications logging/console. I’ve rewritten it from the ground up twice now. At this point, I’m just tired of fighting undocumented changes and general disdainful attitude from twitch leadership regarding development (not directed at you, you are wonderful Barry as I see you all over these forums constantly being helpful). I will be discontinuing my application. Thank you for your assistance.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.