Access to resource is forbidden errorCode:1014 when send Customer service review

Hi everyone,

I'm using cron to send Customer service reviews for each Magento order. Cron will run 1000 - 2000 requests and send them to Trustpilot. Sometimes a request will fail, Trustpilot response : {"message":"Access to resource is forbidden","errorCode":1014,"correlationId":"6b7a8853-8fc5-47e5-87e1-0db6eb183425"}

It doesn't seem like Trustpilot has limited requests because I've tried sending about 1300 request on the dev site, and everything was working fine. Has anyone encountered this issue before?

Was this post helpful?

8 comments

Sort by
  • Avatar

    Jeremy Robinson Trustpilot

    Hello! 

    Thank you for your inquiry. 

    That response is usually indicative of a mismatched business-unit-id, or oAuth2 combination occurring with your authentication request. 

    Can you confirm if you are using the Magento v1 or v2 integration as a business customer? OR - are you synching directly with our REST API?

    If you are a partner, I would encourage you refer to this guide.

     

    All the best--

    2
  • Avatar

    Thựn

    Thanks for your response
    Yes, I'm using REST API(https://invitations-api.trustpilot.com/v1/private/business-units/{businessUnitId}/email-invitations).
    Cron runs for many orders. For instance, request number 20 is sent successfully, request number 21 failed, but request number 22 is sent successfully again. All these requests used the same access_token
    If you have any ideas for the issue I'm facing, please let me know

    1
  • Avatar

    Jeremy Robinson Trustpilot

    Thank you very much for providing the additional detail. I'm happy to take a deeper look.

    Can you confirm the business-unit-id you are using? I can then dig a bit more specifically. 

    "Access to resource is forbidden" could be coming from a series of reasons. 

    Are you by any chance calling more than one business-unit-id with these invitation requests?

    If you can provide one example of a specific instance of the endpoint, including the access token that failed - or just an example of a request that failed with the associated access token, that would help me. 

    Since that access token is already expired, there is no security issue and this would just help us debug. Also, the business-unit-id's are part of our open platform, and you can share them openly. Just keep your API and Secret keys under wraps. ;)

    Cheers
     


    1
  • Avatar

    Thựn

    We're using only one business-unit-id: 4bdca382000064000505e290

    This is endpoint we're using: https://invitations-api.trustpilot.com/v1/private/business-units/4bdca382000064000505e290/email-invitations


    This is the failed access token: AIAexnfprkBE0GViGXlchJ19FsGN and MoqYijZyQW1KnASrHkmG0QYEQiCP and fWuFQrzmvhyD2DgjKHboejzF31PA
    When the cron runs, we will get a new token and send many requests.

    Thank you very much.

    0
  • Avatar

    Thựn

    Hi all,

    We're in a bit of an urgent now. Have you got anything new for this issue?

    Thank you




    0
  • Avatar

    Jeremy Robinson Trustpilot

    Hi Thựn,

    FYI - notes below. I recommend you take this up in your existing support ticket, given the PII at hand. 

    I did have a chance to inspect your logs and our API stability as a whole. In everything I've seen, I can confirm the issue at hand is not isolated in Trustpilot's API - but somewhere in your client-side code. 

    The 403 Forbidden issue is 99% of the time tied to your access token refreshing procedures. However, to cover all our bases - if you cannot debug this from your client code, you will need to provide the entire payload, including the fully executed endpoint, Header and Body & timing of the request - - that resulted in the forbidden issue. We currently cannott reproduce your error without blatantly malforming the access token.  So, we need all of the details in an attempt to replicate your error. This means your payload, access token, timing of request, header details - the whole thing. 

    Because this requires sharing what may be sensitive PII, I encourage you followup on your support ticket that is currently in progress. This business community is public and is not intended to manage requests that may expose PII of any kind. 

    -Jeremy

    0
  • Avatar

    Thựn

    Morning Jeremy Robinson

    I think it's not caused by access token because there were successful requests before and after the failed request and they were sent by the same access token. I've sent detailed information in my support ticket. Please help check it.

    Thank you

    1
  • Avatar

    Kdanikowski1

    I too am experiencing the same, any fix for this? Although, for mine, it's happening every time, added an issue on node-trustpilot: https://github.com/trustpilot/node-trustpilot/issues/104

    0
Please sign in to leave a comment.