403 posting to contacts createOrUpdate by email



We have an integration that had been running fine for some weeks now.

Last night at around 5:44 PM we started getting 403 errors with a message:

You don't have permission to access "http://api.hubapi.com/contacts/v1/contact/createOrUpdate/email/<user email>?" on this server.
Reference #18.23111cb8.1491425924.10f706c

Nothing seems to have changed on our end and the access token we’re using to post can read the existing contacts. We’re also able to create new contacts through hubspot forms and via the hubspot web UI.

It sure seems like something has been disabled with our token, so we contacted our Hubspot CSM but they were unable to help and suggested we post here.


Is there are respons / update to this threat from HubSpot side?

We are experiencing the same behaviour with this endpoint, but using HAPIKEY.

We have two servers as failovers, they write to two different HubSpot portals.
The test portal is still working fine, althrough the production portal is experiencing errors.

What is worse, not all “tries” are forbidden, some of them went in and there is no rule
to determine, which one goes in and why.

We have checked several of ours servers log messages, and we have discovered that today 3 new servers registered same issue. At this moment we are facing this issue on 4 environments, which are independent on each other and are connecting to different HubSpot portals.


I’m a coworker of H3xas.

We’re experiencing this issue now with 3 production portals. The 403 is issued by Cloudflare. Message is: “The owner of this website (api.hubapi.com) has banned your access based on your browser’s signature”. This explains maybe the seemingly erratic behavior.
But guys, if you offer an API, you have to accept that people are actually using it, so please correct the cloudflare setup ASAP.


The status code 403 errors have gone over the weekend. Even for the servers where we didn’t try any changes on the HTTP headers. All seems fine again now!