Random 403s on GetOrganizations from IP Restricted Org

Mloraditch
Building a reputation

Random 403s on GetOrganizations from IP Restricted Org

We are getting random 403s when running GetOrganizations in some of our API apps. The 403s are coming from an org that we recently got access to that has IP restrictions on it. We can not change that orgs settings. I've found a few posts in the past about similar issues when one org had license issues.

 

I'm presuming I'm going to have to open a support case, but curious if anyone else has seen this.

5 Replies 5
MariaP8
Meraki Employee
Meraki Employee

Hi, 

 

Hope you are having a good day!

 

Is the application's IP within the Organization's allowed IPs? You stated you have access to the organization, but you cannot change those settings. Is that an administrative barrier or do you not have organization access to change the IP restrictions?

  • 403: Forbidden - You don't have permission to do that
  • Read only administrators will only be allowed to make GET requests. Any other requests will result in 403: Forbidden 

     

I restricted access from my IP to my organization and ran getOrganizationNetworks and getOrganizations, it does return a 403 Forbidden. However it also returns an error message stating the following: 

 

getOrganizations:

"errors": [
"Your client IP address <IP> is not within an approved subnet for organization <org_name> - <org_id>"
]
 
getOrganizationNetworks: 
"errors": [
"Your client IP address <IP> is not within an approved subnet for organization <org_name> - <org_id>"
]
Are you receiving an error message at all? 
Maria P | Network Support Engineer, Cisco Meraki
Mloraditch
Building a reputation

Yes it's an org we do not manage so the ip restriction can not be changed by us. We have RO access for troubleshooting purposes only.

Yes that's the exact error we get when in the 403 status.

ShaunB93
Conversationalist

The only solution is to request a full admin of the organisation in question to add the source IP(s) of your API calls to the allowed Login IP ranges in Organization > Settings >Allow Dashboard API access to these IP ranges

Otherwise you won't be able to interact with this org via API. 

Mloraditch
Building a reputation

I'm not trying to interact with this org. I just should be able to run GetOrganizations and get all my other orgs returned in the reply without a 403 error. Sometimes it works, sometimes we get the error.

The error indicates the source IP you are running the call from is blocked on the destination organization. Unfortunately the API call is terminated by 403 from that organization preventing the other organizations from populating. 

The IP restriction needs to be lifted. 

 

However, if it is intermittent as you suggested then more investigation needs to be done to determine while IP the API call is coming from when it succeeds and fails. 

Maria P | Network Support Engineer, Cisco Meraki
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.