Tried to use several different API endpoints as described in the link, but they all return 403 with a cloudflare “Just a moment…” html reply. Even tried copying an existing jwt token from a working logged-in browser but the same thing still happens.

Any idea what I could be doing wrong?

curl -v --request POST \
     --url https://programming.dev/api/v3/user/login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{"username_or_email": "redacted", "password": "redacted"}'
...
< HTTP/2 403
...
<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>
...
  • @[email protected]
    link
    fedilink
    51 month ago

    You’re not passing cloudflares anti bot challenge. This is known to be a hard problem, as obviously CF is highly motivated to stop bots

    • @refaloOP
      link
      31 month ago

      then what is the point of allowing bots on lemmy if they can’t work?

      • @[email protected]
        link
        fedilink
        11 month ago

        Bots on Lemmy are allowed, that’s why the API exists.
        Bots on programming.dev seems are not allowed since all endpoints require to pass CF.

  • AtegonMA
    link
    4
    edit-2
    1 month ago

    If you want to run a bot against our api I’m able to whitelist ips to bypass the bot check. Feel free to reach out on matrix

  • @[email protected]
    link
    fedilink
    31 month ago

    I have no knowledge of this specific issue but 403 means unauthorized and the “Just a moment” response is usually because the server sends a JavaScript challenge to verify that you are a ‘real’ browser/user. It’s an anti bot verification and you’re not passing.

    • @refaloOP
      link
      31 month ago

      yes but this defeats the whole point of allowing bots on lemmy in the first place.