API 403 Forbidden


Let me start with a little background. I have 3 web servers, one localhost, one public for development, and one public for production. On my localhost I am able to access the api with my hapikey and retrieve the correct data. This is also the case on my production server.

However, on my development server, when I try to access the API I get the following message

You don't have permission to access "http://api.hubapi.com/forms/v2/forms?" on this server.<P>
Reference #18.5f0ad717.1512669680.1e758e7b

This occurs inside PHP, as well as when I try to CURL the API endpoint. This error is only occuring on my development server and works fine on my other servers.

Java Api 403 Forbidden

Hi @santana1053,

Those type of 403 errors come from our CDN provider’s automatic anti-abuse blocks. These blocks due to our CDN aren’t permanent, and should resolve on their own. I believe that in this case the errors might actually the result of a recent CDN transition being made internally, which should be completed soon. Over the next few days, you should see these 403 error rates being reduce or eliminated completely. Can you monitor the rate of these errors over the next few days? If you’re still seeing high 403 error rates later in the week, reach back out on this thread and I can take a closer look.


Hi Derek,

We’re having the same issue. We have 4 different servers (localhost, staging, production1 and production2).

So far, it’s happening on production1 server. The rest are fine.

Thanks for the explanation. Hopefully will be resolved soon.



Hi @lesaff,

The internal changes being made should have completed by now. You might have seen an increase in these errors, but going forward they should be eliminated. It might take some time for your DNS to fully update, which might be why you’ve continued to see these errors.


I get the same issue. My local dev machine can connect to the API though a dev API server at a hosting company can’t.

Real bind here, Thanks.


Hi @tburger,

Are you seeing the same errors (403 with a long reference number) and is this still happening now (last 2 days)? The underlying network changes that lead to an increase in these errors should be resolved by now.


Yes, the CDN has detected activity from our app calling the API as suspect and are doing this based on how it is configured by you guys or out of the box.

Below is more info on this, why, happening to others, etc. The challenege is that I can’t get passed it on our API is not working at all. It seems like you guys (not them) need to white list my IP to allow it to work. We are re-working our Webhook as I think that might be contributing to why they thinks our calls were suspect. It was calling the API more than it should, not to mention, failures as trying to do too much in that process. That said, we are unable to do anything whatsoever now till you guys configure our IP to start working again.

Why do I see a captcha or challenge page (Attention Required) trying to visit a site protected by Cloudflare as a site visitor?
Note: Cloudflare employees can not remove the captcha. The captcha is showing specifically because of security settings the site owner has turned on.

Why do I see an Access Restricted Cloudflare Challenge Page?


Created a different post with more info to include a screen capture of the response “from” Cloudflare that is helpful to understand my response above.



Hi @tburger,

Thank you for creating a new topic. The errors you’ve listed are separate from the previous errors, and I’ll address them in your new post.