Tried to use several different API endpoints as described in the link, but they all return 403 with a cloudflare “Just a moment…” html reply. Even tried copying an existing jwt token from a working logged-in browser but the same thing still happens.

Any idea what I could be doing wrong?

curl -v --request POST \
     --url https://programming.dev/api/v3/user/login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{"username_or_email": "redacted", "password": "redacted"}'
...
< HTTP/2 403
...
<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>
...
  • themoonisacheese@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    6 months ago

    You’re not passing cloudflares anti bot challenge. This is known to be a hard problem, as obviously CF is highly motivated to stop bots

    • refaloOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      6 months ago

      then what is the point of allowing bots on lemmy if they can’t work?

      • pe1uca@lemmy.pe1uca.dev
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        6 months ago

        Bots on Lemmy are allowed, that’s why the API exists.
        Bots on programming.dev seems are not allowed since all endpoints require to pass CF.

  • CrolishGrandma@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    6 months ago

    I have no knowledge of this specific issue but 403 means unauthorized and the “Just a moment” response is usually because the server sends a JavaScript challenge to verify that you are a ‘real’ browser/user. It’s an anti bot verification and you’re not passing.

    • refaloOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      6 months ago

      yes but this defeats the whole point of allowing bots on lemmy in the first place.

  • AtegonMA
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    6 months ago

    If you want to run a bot against our api I’m able to whitelist ips to bypass the bot check. Feel free to reach out on matrix