GetOrganizations: 403 when getting all organisations after X requests

bclemmey
Comes here often

GetOrganizations: 403 when getting all organisations after X requests

I am working on something that will run periodically to pull info from the dashboard API. I am using the AIO portion of the official python library to do this.

 

When querying for all organisations:

 

await meraki_client.organizations.getOrganizations()

 

 this will work perfectly the first few times, but then at some point after the client starts up (and it's never the same, I can't reproduce this the same each time), it switches from successful to returning a 403 error and fails with a licence error. Once it does this it is unable to return a successful result until the client is restarted no matter how long it is left to run.

 

There is a single organisation with an expired licence, which is known about, and I was quite happy to leave it there so as to ensure I had something to test against that I knew wouldn't work (until now). Surely this endpoint should always return the list, providing perhaps at least one organisation has a valid licence? There are another 40 odd fully licenced orgs in the list.

 

I've tried lots of different wait times here too, ultimately this will run ~ once per day, right now for testing I've tried once a minute, every ten minutes and every hour. Always the same, but different, result.

 

Feels like a bug, anyone have any insight?

 

Edit: Forgot to mention I did find this post, but there's no answers there. Shows I am not the only one to experience this however.

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

This is apparently a known issue and by design.

 

I don't agree with Meraki on this one.

bclemmey
Comes here often

Perhaps what I need to do then is spin collect orgs off as a separate script so that it doesn't break the client for the rest of the application. I won't be trying to query any of the inactive orgs, that was basically the point of this step, to weed them out. This is at an MSP so chances are we're going to have expired licences here and there when someone doesn't reply to an invoice... Don't really want the entire monitoring setup to die just because someone didn't check their email...

John_on_API
Meraki Employee
Meraki Employee

Imho your best bet is to put the orgs with expired licenses under a different user, so your API key doesn't run into licensing issues.

PhilipDAth
Kind of a big deal
Kind of a big deal

This is not a workable solution John.

 

Let's say you are a SaaS provider.  Because you are successful you have a bazillion customers.  You have a standard account api@company.com that you give to customers to provide the use of your amazing app.

You don't want to generate a bazillion unique Merai accounts.  Especially with the whole email verification requirement.

 

One of your customer's licence expires.

 

Your entire business is now screwed.

Get notified when there are additional replies to this discussion.