I’m receiving a 403 Forbidden Error
A 403 error may occur for various reasons.
If you experience a 403 error while using our API endpoints, you may be in violation of the Web Application Firewall (WAF) rules.
ZeroBounce introduced a new set of WAF rules to enhance security measures in June 2023.
These rules meticulously examine all API requests based on a predefined schema that aligns with our API usage guidelines. Consequently, any request that does not adhere to this schema will be blocked by the WAF, resulting in a 403 error.
If you encounter a 403 error, we recommend investigating the syntax of your API requests. With these new WAF rules, minor errors previously tolerated by our API endpoints may now be rejected as non-compliant.
Common examples of such errors include:
- Additional “/” symbols in the path - For example, using /v2//validate instead of the correct format: /v2/validate.
- Missing key request attributes - Be sure to include all mandatory attributes, such as email, in your /v2/validate request.
- Using the wrong request method - Be sure to use the appropriate request method, such as GET instead of POST.
- Incorrect capitalization - Pay attention to the correct capitalization of the API endpoints. For example, /v2/getFile instead of /v2/getfile.
- Including spaces in the query string
To avoid the 403 Forbidden Error, carefully review your API requests and verify that they conform to our API's specified syntax and guidelines. Should you require further assistance or have any questions, please don't hesitate to contact our support team - available 24/7. We are always here to help ensure a seamless API integration experience for you.
HOW DO I THREAD THE API OR CALL THE API ASYNCHRONOUSLY?
Threads or threading - Is a way for a program to split itself into two or more simultaneously (or pseudo- simultaneously) running tasks. Multiple threads can be executed in parallel on many computer systems.
Asynchronous - allows multiple things to happen at the same time. When you start an action, your program continues to run.
When calling an API, it's usually considered an outgoing HTTP Requests. Most languages and operating systems have default limits in place that restrict the number of out-going request. So if you're experiecing slowness, you might need to increase these limits.
.NET C#, VB - You are limited to 2 outgoing HTTP Requests, in order to increase this you need to adjust the ServicePointManger.DefaultConnection Limit Property. https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.defaultconnectionlimit?view=netcore-2.2 to find more details about URL
WHY ARE WE ONLY SUPPORTING TLS 1.2 AND ABOVE?
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
Almost every website has stopped supporting TLS 1.0 and 1.1, this is done to help safeguard your information.
ARE YOU AFFECTED?
If you don't use our API's then it's un-likely you will be affected unless you're using a really old browser and or operating system. To check to see if your computer/browser supports TLS 1.2 or higher please visit this link: https://www.ssllabs.com/ssltest/viewMyClient.html to find more details about URL
API LIBRARY SUPPORT
If you have code that connects with the ZeroBounce API, you must ensure that it will continue to work after June 1, 2018. Each language and library is different, below are the more popular languages.
THESE LANGUAGES WILL NEED SIGNIFICANT CHANGES/UPGRADES IN ORDER TO WORK:
- Java 6u45 / 7u45
- .NET before 4.5 (does not support TLS 1.2)
- .NET 4.5 (must have settings changed to explicitly enable TLS 1.2)
- OpenSSL 0.9.8
- Most dynamic languages such as Ruby, PHP, & Python rely on the underlying operating system’s OpenSSL version. You can check it by running OpenSSL version. 1.0.1 in the minimum required.
- PHP 5.5.19 and up has support for TLS 1.2
You can test your connection with various tools and documentation found on the internet. Please keep in mind that we are not experts in every language or framework and so we aren’t able to test or fix your code for you.
LANGUAGE SPECIFIC INSTRUCTIONS
- .NET 4.6: TLS 1.2 is used automatically. No changes are necessary.
- .NET 4.5: The SecurityProtocolType needs to be changed to Tls12 (using the SecurityProtocol Setter)
- .NET 4.0: TLS 1.2 is supported, but there’s no named SecurityProtocolType enumeration. Use (SecurityProtocolType)3072.
- .NET 3 and below: Must be upgraded to 4.5
Most browsers have supported TLS 1.2 for several years.
The following browsers DO NOT support TLS 1.2 and will no longer work.
- Google Chrome 29
- Firefox 26
- Internet Explorer 10
- Safari 8
- iOS 4
- Android 4