Yelp/yelp-fusion

Very strange 403 error

Zy19 opened this issue · 10 comments

Zy19 commented

Overview

  • Client ID: Li0opvV3txyPQjHzDQR8Sw
  • Issue type: 403 Forbidden
  • Summary: The request works on office computers (PC/Mac), but does not work on servers (Windows Server 2022 Datacenter)
  • Platform: Windows Server 2022 Datacenter

Description

The request works on office computers, but does not work on servers. The application - Java/Spring boot/ NGINX. We used all Java frameworks, Yelp offers + Spring RestTemplate, everything is fine on office computers and don't work on servers.

We run PowerShell on local - fine, on servers - error:

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
                           $headers=@{}

$headers.Add("accept", "application/json")s and improvements! https://aka.ms/PSWindows
$headers.Add("Authorization", "Bearer oToWwvJEijK9U0CXIPPgkeVD ")
$response = Invoke-WebRequest -Uri 'https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20&offset=0' -Method GET -Headers $headers
Invoke-WebRequest : The remote server returned an error: (403) Forbidden.
At line:4 char:13

  • $response = Invoke-WebRequest -Uri 'https://api.yelp.com/v3/businesse ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

As far as we understand the problem is TLS_1_3, Yelp needs TLS_1_2, fixed, also just in case set http/1.1 (locally by default is was http/1.2 on servers).

Nope.

More information

We compare response objects from local and from server.

Endpoint

https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20)

Parameters or Sample Request

Parameters are above, GET call.

Response

Local, 200:
 
 result = {Response@1930} "Response{protocol=http/1.1, code=200, message=OK, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 request = {Request@1929} "Request{method=GET, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20, tags={}}"
 protocol = {Protocol@2014} "http/1.1"
 code = 200
 message = "OK"
 handshake = {Handshake@2016} "Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 peerCertificates=[CN=[yelp.com](http://yelp.com/), O=Yelp Inc., L=San Francisco, ST=California, C=US, CN=zs_ssl_intermediate_ca1, O=<>, C=US, CN=<>, OU=Enterprise PKI, O=<>, C=US] localCertificates=[]}"
 headers = {Headers@2017} "Connection: keep-alive\ncontent-type: application/json\nratelimit-resettime: 2024-05-15T00:00:00+00:00\nratelimit-remaining: 4969\nserver: envoy\nx-tracing-auth: 1PR2h6hCyGX9pM5jbsvoNBiEBxBJiG4LiBYqB94yqMs\nratelimit-dailylimit: 5000\nx-routing-service: routing-main--useast1-6c59645886-8mbqn; site=public_api_v3\nx-zipkin-id: 964fb0afe32b1cc3\nx-b3-sampled: 0\nx-mode: ro\nx-proxied: 10-65-137-148-useast1bprod\nx-extlb: 10-65-137-148-useast1bprod\ncache-control: max-age=0, no-store, private, no-transform\nAccept-Ranges: bytes\nDate: Tue, 14 May 2024 10:57:01 GMT\nVia: 1.1 varnish\nX-Served-By: cache-lga21951-LGA\nX-Cache: MISS\nX-Cache-Hits: 0\nVary: Accept-Encoding\nalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400\ntransfer-encoding: chunked\n"
 body = {RealResponseBody@2018} 
 networkResponse = {Response@2019} "Response{protocol=http/1.1, code=200, message=OK, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 cacheResponse = null
 priorResponse = null
 sentRequestAtMillis = 1715684221597
 receivedResponseAtMillis = 1715684222159
 exchange = {Exchange@2020} 
 cacheControl = null

Server, 403:

result = {Response@2420} "Response{protocol=http/1.1, code=403, message=Forbidden, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 request = {Request@1688} "Request{method=GET, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20, tags={}}"
 protocol = {Protocol@2424} "http/1.1"
 code = 403
 message = "Forbidden"
 handshake = {Handshake@2426} "Handshake{tlsVersion=TLS_1_2 cipherSuite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 peerCertificates=[CN=[yelp.com](http://yelp.com/), O=Yelp Inc., L=San Francisco, ST=California, C=US, CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US] localCertificates=[]}"
 headers = {Headers@2427} "Connection: close\nContent-Length: 0\nServer: Varnish\nRetry-After: 0\nAccept-Ranges: bytes\nDate: Tue, 14 May 2024 10:56:13 GMT\nVia: 1.1 varnish\nX-Served-By: cache-fra-etou8220037-FRA\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1715684173.391716,VS0,VE0\nalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400\n"
 body = {RealResponseBody@2428} 
 networkResponse = {Response@2429} "Response{protocol=http/1.1, code=403, message=Forbidden, url=https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20}"
 cacheResponse = null
 priorResponse = null
 sentRequestAtMillis = 1715684173379
 receivedResponseAtMillis = 1715684173389
 exchange = {Exchange@2430} 
 cacheControl = null```

## Extra information
Sample code (Java, we coded the key but byte array just in case - probably push/pull to GitHub changed something):

import java.io.IOException;
import java.util.Arrays;

import com.example.geo.providers.yelp.model.GeoYelpFusionIntroResponse;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;


public class GeoYelpFusionIntroService2
{

private GeoYelpFusionIntroResponse searchPoiOneShot() throws IOException
{

byte[] keyBytes = {111, 84, 111, 87, 119, 118, 74, 69, 105, 106, 75, 57, <....>};

String key = new String(keyBytes);

ConnectionSpec requireTls12 = new ConnectionSpec.Builder(ConnectionSpec.RESTRICTED_TLS)
 .build();

OkHttpClient client = new OkHttpClient.Builder().protocols(Arrays.asList(Protocol.HTTP_1_1))
 .connectionSpecs(Arrays.asList(requireTls12))
 .build();

new OkHttpClient.Builder().protocols(Arrays.asList(Protocol.HTTP_1_1)).build();

okhttp3.Request request = new okhttp3.Request.Builder()
 .url("https://api.yelp.com/v3/businesses/search?latitude=37.4&longitude=-122.1&radius=20000&categories=restaurants&sort_by=distance&limit=20")
 .get()
 .addHeader("accept", "application/json")
 .addHeader("Authorization", "Bearer " + key)
 .build();

okhttp3.Response response = client.newCall(request).execute();

if (response.isSuccessful())
{
System.out.println();
}
else
{
System.out.println();
}

return null;
}


public static void main(String[] a) throws IOException
{

GeoYelpFusionIntroService2 geoYelpService = new GeoYelpFusionIntroService2();
geoYelpService.searchPoiOneShot();
}
}

=====================================================

We spent a working day trying to figure out what was going on, but we were running out of ideas.

We will be very grateful for any tips.

Regards,
Ian

Hi @Zy19,

in our logs I can't find any 403's for the client_id you are providing. I see successful (response code 200) respones except for 1 request returning a 400 because of missing location/lat+lng on the business search endpoint.

Zy19 commented

Thank you for the answer, RockDog,

We don't understand anything as well..

This is the log an hour ago.

So as far as I understand "Authorization: Bearer oToWwvJEijK.." that the server receives comes as if distorted, the server does not understand it and refuses to complete the command, and you do not see our requests, right?

Regards,
Ian


Connected to the target VM, address: '127.0.0.1:51893', transport: 'socket'
17:59:19.063 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
17:59:19.085 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
17:59:19.087 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 0 of 20; total allocated: 0 of 200]
17:59:19.111 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 1 of 20; total allocated: 1 of 200]
17:59:19.115 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://api.yelp.com:443
17:59:19.138 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to api.yelp.com/146.75.120.116:443
17:59:19.139 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to api.yelp.com/146.75.120.116:443 with timeout 10000
17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
17:59:19.209 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.3
17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_AES_128_GCM_SHA256
17:59:19.509 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=yelp.com, O=Yelp Inc., L=San Francisco, ST=California, C=US
17:59:19.510 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [yelp.com, *.admin.yelp.com, *.biz.yelp.com, *.m.yelp.com, *.yelp.com, admin.yelp.com]
17:59:19.510 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
17:59:19.516 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 161.97.64.238:51898<->146.75.120.116:443
17:59:19.516 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 60000
17:59:19.516 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1
17:59:19.516 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1
17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> accept: application/json
17:59:19.521 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: Bearer oToWwvJEijK...
17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> user-agent: unirest-java/3.1.00
17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> accept-encoding: gzip
17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: api.yelp.com
17:59:19.522 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "GET /v3/businesses/search?latitude=37.4&locale=en_US&longitude=-122.1&categories=restaurants&radius=20000&sort_by=distance&limit=50&offset=0 HTTP/1.1[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "accept: application/json[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Authorization: Bearer oToWwvJEijK..[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "user-agent: unirest-java/3.1.00[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "accept-encoding: gzip[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.yelp.com[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
17:59:19.522 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 403 Forbidden[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: close[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Varnish[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Retry-After: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Accept-Ranges: bytes[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Tue, 14 May 2024 15:59:19 GMT[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Via: 1.1 varnish[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Served-By: cache-fra-etou8220042-FRA[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache: MISS[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache-Hits: 0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Timer: S1715702360.532148,VS0,VE0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 403 Forbidden
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Varnish
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Retry-After: 0
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Accept-Ranges: bytes
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Tue, 14 May 2024 15:59:19 GMT
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Via: 1.1 varnish
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Served-By: cache-fra-etou8220042-FRA
17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Cache: MISS
17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Cache-Hits: 0
17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Timer: S1715702360.532148,VS0,VE0
17:59:19.536 [main] DEBUG org.apache.http.headers - http-outgoing-0 << alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
17:59:19.541 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
17:59:19.544 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
17:59:19.544 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://api.yelp.com:443][total available: 0; route allocated: 0 of 20; total allocated: 0 of 200]
17:59:19.562 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Cancelling request execution

Hi @Zy19, are you sure you are using the correct API key? It should be 128 characters long.

If the API key would be malformed but everything else would be correct (hostname, parameters, etc) we would be seeing the request in our logs. However we don't see any 403's coming from your client.

Also: if these 403's would come from our API the response should be json and the reponse body should contain an error object with an error code. If you are seeing that, it would be helpful for debugging.

17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 403 Forbidden[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: close[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Varnish[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Retry-After: 0[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Accept-Ranges: bytes[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Tue, 14 May 2024 15:59:19 GMT[\r][\n]"
17:59:19.530 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Via: 1.1 varnish[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Served-By: cache-fra-etou8220042-FRA[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache: MISS[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Cache-Hits: 0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Timer: S1715702360.532148,VS0,VE0[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400[\r][\n]"
17:59:19.531 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
17:59:19.535 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 403 Forbidden

Most likely you have a Varnish instance configured as a WAF in your organisation dropping these types of requests. Investigate internally

Zy19 commented

RockDog, BizMate - thank you very much.

BizMate - When you say “these types of requests” what do you mean?

It's just a hosting company, we need to tell them something and we call a dozen services, never had a problem.

Regards,
Ian

@Zy19 I cannot give you a deterministic answer, also your logs are application specific and not actual HTTP packets and it is all a troubloshooting exercise of your solution rather than a problem on the Yelp api. I suggest you look up what a WAF is. Also I have not suggested you consult the hosting company, but to "Investigate Internally" ... it could be your own code but it is totally up to you to establish.

Do you get the same error If you run the same request from an external client like Postman?

Zy19 commented

Hello @bizmate,

OK, I see, but seems to us - it's not a problem of our code: I attached 2 requests, server and local, these are 100% the same, but results are different. Ot's not Postman, but SoapUI.

local
server

Regards,
Ian

UPD: Also (I forgot so say) SoapUI shows us 2 certificates of Yelp, so it means our request reached your server, but requests were rejected:

Peer Certificate 1:
[
[
Version: V3
Subject: CN=yelp.com, O=Yelp Inc., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits
params: null
modulus: 23314...817
public exponent: 65537
Validity: [From: Wed Nov 22 01:00:00 CET 2023,
To: Fri Dec 06 00:59:59 CET 2024]
Issuer: CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
SerialNumber: [ 0ef12baa d3b98176 645150d4 34a3701a]
......

Zy19 commented

Hello,

Reproducing the problem is even easier than we thought, you just need to paste this URL into your browser

https://api.yelp.com/v3/businesses/VcRgzCMcY7QXMEAcAnljtg

You should get:
{"error": {"code": "VALIDATION_ERROR", "description": "Authorization is a required parameter.", "field": "Authorization", "instance": null}}

From our servers we get a 403 error.

We contacted our hosting company, maybe they can tell us something.

Many thanks for the help.

Regards,
Ian

Zy19 commented

Hello @bizmate,

You were right - we connected by VPN (not each fits) and it works, so it means it's our hoster network settings as you said.

Thank you again.

Regards,
Ian

@Zy19 taking from your last comment that it’s not a problem on Yelp’s side. Closing this issue.