We are getting random 403s when running GetOrganizations in some of our API apps. The 403s are coming from an org that we recently got access to that has IP restrictions on it. We can not change that orgs settings. I've found a few posts in the past about similar issues when one org had license issues.
I'm presuming I'm going to have to open a support case, but curious if anyone else has seen this.
Hi,
Hope you are having a good day!
Is the application's IP within the Organization's allowed IPs? You stated you have access to the organization, but you cannot change those settings. Is that an administrative barrier or do you not have organization access to change the IP restrictions?
Read only administrators will only be allowed to make GET requests. Any other requests will result in 403: Forbidden
I restricted access from my IP to my organization and ran getOrganizationNetworks and getOrganizations, it does return a 403 Forbidden. However it also returns an error message stating the following:
getOrganizations:
Yes it's an org we do not manage so the ip restriction can not be changed by us. We have RO access for troubleshooting purposes only.
Yes that's the exact error we get when in the 403 status.
The only solution is to request a full admin of the organisation in question to add the source IP(s) of your API calls to the allowed Login IP ranges in Organization > Settings >Allow Dashboard API access to these IP ranges
Otherwise you won't be able to interact with this org via API.
I'm not trying to interact with this org. I just should be able to run GetOrganizations and get all my other orgs returned in the reply without a 403 error. Sometimes it works, sometimes we get the error.
The error indicates the source IP you are running the call from is blocked on the destination organization. Unfortunately the API call is terminated by 403 from that organization preventing the other organizations from populating.
The IP restriction needs to be lifted.
However, if it is intermittent as you suggested then more investigation needs to be done to determine while IP the API call is coming from when it succeeds and fails.