API calls are getting rejected intermittently with a "reason #18" error



We are using the Contact API and have intermittently been getting a “reason #18” , “You don’t have permission to access” message. Sometimes the calls work and it seems to be related to the server we are using to make the calls as I can make the API call using Postman no problems so it’s not a credentials issue (+ we are using a HAPI key so pretty straight forward).

Has anyone got any ideas as to what this could be? I’m leaning towards some form of blacklisting or IP blocking.

The API we have been using that is http://api.hubapi.com/contacts/v1/contact/utk from our application hosted on the Heroku platform.

The full error returned was,

Faraday::ParsingError: 784: unexpected token at '<HTML><HEAD>
<TITLE>Access Denied</TITLE>
<H1>Access Denied</H1>

You don't have permission to access "http://api.hubapi.com/contacts/v1/contact/utk/xxxxx/profile?" on this server.<P>
Reference #18.cc6533b8.1511947987.46174d69

Suggestions welcome!


Hi @Markl,

You’re correct, that’s an error from our firewall service. These errors occur when the service detects calls and believes them to be malicious. Given the endpoint, it sounds like you might be calling this on every page load? This almost always looks like an attack to the firewall. If you reduce the quantity/frequency of calls made to that endpoint, you should see these errors go away.


Derek, yes you are correct, we are doing this every page load. We will look at ways to reduce the quantity of calls.

Thanks for you advice!


Derek, after investigating a bit more we should have received a response header code and JSON payload upon hitting the API rate limit.

See, https://developers.hubspot.com/docs/faq/working-within-the-hubspot-api-rate-limits

Instead we got an HTML response! Any idea why we received this instead of the predefined 429 code and JSON response?

    <TITLE>Access Denied</TITLE>
    <H1>Access Denied</H1>

    You don't have permission to access \"http://api.hubapi.com/contacts/v1/contact/utk/xxx/profile?\" on this server.<P>
    Reference #18.be6533b8.1511984511.ba5d187


Hi @Markl,

The error you’re seeing isn’t related to the API rate limits details here. The firewall service is separate from the normal rate limits, and kick in when traffic appears malicious (not necessarily based on a specific rate/quantity). Relatively high, sustained volume can sometimes trigger the firewall even if it remains within the rate limits details above.