Why Am I Receiving a 403 Forbidden Error?
A 403 forbidden error can occur for a variety of reasons when using the ZeroBounce email service API. However, the most likely reason is that you're in violation of the Web Application Firewall (WAF) rules when using ZeroBounce API endpoints.
What is a 403 Forbidden error?
A 403 Forbidden error is an HTTP status response code that indicates that you do not have permission to access the website, platform, or tool in question. The server successfully receives the quest but denies it for various reasons.
What causes the 403 Forbidden Error in ZeroBounce?
ZeroBounce introduced a new set of WAF rules to enhance its platform security measures in June 2023. These rules meticulously examine all incoming API requests based on a predefined schema that aligns with the ZeroBounce API usage guidelines.
Consequently, if your API request does not adhere to this schema, you will be blocked by the WAF, which results in a 403 Forbidden error.
If you encounter a 403 error, it's recommended to investigate the syntax used for your email service API requests. With the new WAF rules, even minor errors previously tolerated by the API endpoints may now be rejected as non-compliant.
Common examples of such API syntax errors include the following:
- Additional "/" symbols in the path - For example, using "/v2//validate" instead of the correct format, "/v2/validate".
- Missing key request attributes - Be sure to include all mandatory attributes, such as email, in your /v2/validate request.
- Using the wrong request method - Be sure to use the appropriate request method, such as GET instead of POST.
- Incorrect capitalization - Pay attention to the correct capitalization of the API endpoints. For example, "/v2/getFile" instead of "/v2/getfile".
- Including spaces in the query string
To avoid encountering the 403 Forbidden error, carefully review your API requests and verify that they conform to the ZeroBounce API's specified syntax guidelines.
I'm still experiencing a 403 Forbidden error
If you've ensured that your API requests meet the new WAF guidelines and are still experiencing a 403 error, don't hesitate to contact ZeroBounce support.
You can contact ZeroBounce via email at support@zerobounce.net or reach out via live chat - available 24/7. The team can help investigate your requests as well as other potential causes for your 403 error. ZeroBounce support is always there to ensure a seamless API integration experience for you.
Related Articles
How do I thread the API or call the API asynchronously?
Why does ZeroBounce only support TLS 1.2 and above?
How Do I Thread the API or Call the API Asynchronously?
When using .NET, C#, or Visual Basic with the ZeroBounce email service API, you are limited to 2 outgoing Hypertext Transfer Protocol (HTTP) requests. In order to increase this to allow for threading or asynchronous API calls, you'll need to adjust the 'ServicePointManager.DefaultConnectionLimit' property. This property sets the maximum number of concurrent requests allowed by a ServicePoint object.
You can find documentation regarding this property via Microsoft's .NET and API browser documentation.
What is API threading?
Threading is a way for a program to split itself into two or more running tasks simultaneously (or pseudo-simultaneously). Multiple threads can be executed in parallel on many computer systems.
API threading can assist in improving the processing speed and performance of the ZeroBounce API from your device.
What does asynchronous mean in terms of the API?
Asynchronous means that multiple things will happen or process simultaneously. If you start a new action while running a program, the new action will take place without interrupting the other program.
Why would I need to thread the API or call asynchronously?
In a majority of cases, calling any API is considered an outgoing HTTP request. The potential issue with this is that most programming languages, as well as operating systems, have default limits in place that restrict the number of outgoing HTTP requests you may attempt. With these restrictions, you may face a slowdown when attempting to make multiple requests in a short period.
By threading the API, you can increase the limits so that you process a higher number of API requests asynchronously.
How do I get help with threading the ZeroBounce API?
If you're struggling with API threading using the documentation provided, please contact ZeroBounce support at support or via live chat.
The team can assist with all aspects of the email service API, including examining your API configuration and HTTP request limits. ZeroBounce's goal is for you to enjoy a seamless API experience with satisfactory results.
Related Articles
Why Am I Receiving a 403 Forbidden Error?
Why does ZeroBounce only support TLS 1.2 and above?
Why Does ZeroBounce Only Support TLS 1.2 and Above?
The PCI Security Council is the body responsible for creating and enforcing rules on which technologies are acceptable for use in transmitting cardholder payment data. As such, they've explicitly identified that TLS 1.0 is no longer an adequate form of data encryption as it is vulnerable to many known attack methods. Due to this, ZeroBounce no longer supports TLS 1.0 and 1.1.
ZeroBounce joins the company of most company websites in adapting to the latest versions of TLS for better customer security and privacy.
Am I affected by the TLS change?
If you are not a ZeroBounce API user, it's doubtful that the change will affect you. There may be a few outlying scenarios if you operate on an old, outdated browser or operating system.
To determine if your current operating system or browser supports TLS 1.2 or higher, test your system for free courtesy of Qualys SSL Labs.
If you are a ZeroBounce API user and have any code that connects with any API endpoint, you'll need to ensure that it will continue to work. Every programming language and API library is different, so your mileage may vary.
Which programming languages are impacted by TLS changes?
The languages listed below will require significant changes or upgrades to support TLS 1.2 or higher:
- Java 6u45/7u45
- .NET before 4.5 (does not support TLS 1.2)
- .NET 4.5 (must update settings to enable TLS 1.2)
- OpenSSL 0.9.8
- Most dynamic languages, including Ruby, PHP, and Python - All of these rely on the underlying operating system's OpenSSL version. Check it by running OpenSSL (version 1.0.1 minimum required)
- Anything older than PHP 5.5.19 is outdated - Upgrade to 5.5.19 or higher for TLS 1.2 support)
Please be advised - ZeroBounce doesn't have experts for every programming language or framework. You'll need to test and update your code as needed to support the ZeroBounce API.
Other language-specific instructions
Below, you can find some additional instructions for various versions of .NET:
- .NET 4.6 - TLS 1.2 is automatic. No changes are necessary.
- .NET 4.5 - Update the 'SecurityProtocolType' to Tls12 using the SecurityProtocol Setter.
- .NET 4.0 - TLS 1.2 is supported, but there's no named 'SecurityProtocolType' enumeration for it. Instead, use (SecurityProtocolType)3072.
- .NET 3 and older - Please upgrade to .NET 4.5 or higher
Please refer to Microsoft's developer guidance for more support for TLS System Default Versions included in .NET.
Which browsers support TLS 1.2 and higher?
All modern browsers now support TLS 1.2 and higher. You will only experience an impact if you're using an outdated version of a web browser.
The following web browsers do not support TLS 1.2:
- Google Chrome 29
- Firefox 26
- Internet Explorer 10
- Safari 8
- iOS 4
- Android 4
If you're using one of these browsers or older versions, consider upgrading as soon as possible to support TLS 1.2 and higher for better payment security.