Access to resource is forbidden errorCode:1014 when send Customer service review
Hi everyone,
I'm using cron to send Customer service reviews for each Magento order. Cron will run 1000 - 2000 requests and send them to Trustpilot. Sometimes a request will fail, Trustpilot response : {"message":"Access to resource is forbidden","errorCode":1014,"correlationId":"6b7a8853-8fc5-47e5-87e1-0db6eb183425"}
It doesn't seem like Trustpilot has limited requests because I've tried sending about 1300 request on the dev site, and everything was working fine. Has anyone encountered this issue before?
8 comments
Sort by Date VotesJeremy Robinson Trustpilot
Hello!
Thank you for your inquiry.
That response is usually indicative of a mismatched business-unit-id, or oAuth2 combination occurring with your authentication request.
Can you confirm if you are using the Magento v1 or v2 integration as a business customer? OR - are you synching directly with our REST API?
If you are a partner, I would encourage you refer to this guide.
All the best--
Thựn
Thanks for your response
Yes, I'm using REST API(https://invitations-api.trustpilot.com/v1/private/business-units/{businessUnitId}/email-invitations).
Cron runs for many orders. For instance, request number 20 is sent successfully, request number 21 failed, but request number 22 is sent successfully again. All these requests used the same access_token
If you have any ideas for the issue I'm facing, please let me know
Jeremy Robinson Trustpilot
Thank you very much for providing the additional detail. I'm happy to take a deeper look.
Can you confirm the business-unit-id you are using? I can then dig a bit more specifically.
"Access to resource is forbidden" could be coming from a series of reasons.
Are you by any chance calling more than one business-unit-id with these invitation requests?
If you can provide one example of a specific instance of the endpoint, including the access token that failed - or just an example of a request that failed with the associated access token, that would help me.
Since that access token is already expired, there is no security issue and this would just help us debug. Also, the business-unit-id's are part of our open platform, and you can share them openly. Just keep your API and Secret keys under wraps. ;)
Cheers
Thựn
We're using only one business-unit-id: 4bdca382000064000505e290
This is endpoint we're using: https://invitations-api.trustpilot.com/v1/private/business-units/4bdca382000064000505e290/email-invitations
This is the failed access token: AIAexnfprkBE0GViGXlchJ19FsGN and MoqYijZyQW1KnASrHkmG0QYEQiCP and fWuFQrzmvhyD2DgjKHboejzF31PA
When the cron runs, we will get a new token and send many requests.
Thank you very much.
Thựn
Hi all,
We're in a bit of an urgent now. Have you got anything new for this issue?
Thank you
Jeremy Robinson Trustpilot
Hi Thựn,
FYI - notes below. I recommend you take this up in your existing support ticket, given the PII at hand.
I did have a chance to inspect your logs and our API stability as a whole. In everything I've seen, I can confirm the issue at hand is not isolated in Trustpilot's API - but somewhere in your client-side code.
The 403 Forbidden issue is 99% of the time tied to your access token refreshing procedures. However, to cover all our bases - if you cannot debug this from your client code, you will need to provide the entire payload, including the fully executed endpoint, Header and Body & timing of the request - - that resulted in the forbidden issue. We currently cannott reproduce your error without blatantly malforming the access token. So, we need all of the details in an attempt to replicate your error. This means your payload, access token, timing of request, header details - the whole thing.
Because this requires sharing what may be sensitive PII, I encourage you followup on your support ticket that is currently in progress. This business community is public and is not intended to manage requests that may expose PII of any kind.
-Jeremy
Thựn
Morning Jeremy Robinson
I think it's not caused by access token because there were successful requests before and after the failed request and they were sent by the same access token. I've sent detailed information in my support ticket. Please help check it.
Thank you
Kdanikowski1
I too am experiencing the same, any fix for this? Although, for mine, it's happening every time, added an issue on node-trustpilot: https://github.com/trustpilot/node-trustpilot/issues/104