back to phpList.org

Problem with api: 403 forbidden

Hi!!
I’m new user with phplist. I have installed software successfully, but I can’t use api interface. I have installed in a server phplist, but I need create and delete subscribers from another server with api interface. In the another server I execute the example “RESTAPIphpListClient.php”, I obtain the session key, but the next call, fails:

Session key is: 609a16b3db746568add450589adf10a8

Fatal error : Uncaught exception ‘GuzzleHttp\Exception\ClientException’ with message 'Client error: GET http://tiendaperu.es/lists/api/v2/lists/3 resulted in a 403 Forbidden response: {“code”:403,“message”:“Forbidden”} ’ in /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Middleware.php(66): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response)) #1 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp{closure}(Object(GuzzleHttp\Psr7\Response)) #2 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/Promise.php(156): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), Array) #3 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\Promise::GuzzleHttp\ in /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113

What can happen?? If the key is generated, the credentials are ok, right?

Thanks for all! =)

Best regards,
Albert

@akrsoft From what I can see a 403 return happens in only one place, in file base/vendor/phplist/core/src/Core/Bootstrap.php

public function ensureDevelopmentOrTestingEnvironment()
{
    $usesProxy = isset($_SERVER['HTTP_CLIENT_IP']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']);
    $isOnCli = PHP_SAPI === 'cli' || PHP_SAPI === 'cli-server';
    $isLocalRequest = isset($_SERVER['REMOTE_ADDR'])
        && in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'], true);
    if ($usesProxy || (!$isOnCli && !$isLocalRequest)) {
        header('HTTP/1.0 403 Forbidden');
        exit('You are not allowed to access this file.');
    }

    return $this;
}

Does this shed any light on the problem? I have tried the REST API client and it works without this problem.

Thanks for youy reply, duncanc!! =)

Really my system is fpm-fcgi, but to test, I add in “$isOnCli = PHP_SAPI === ‘cli’ || PHP_SAPI === ‘cli-server’;” also "|| PHP_SAP === ’ fpm-fcgi’, for $isOnCli be true, and finally “($usesProxy || (!$isOnCli && !$isLocalRequest))” false to not exit, but I get the same error … =(

Fatal error : Uncaught exception ‘GuzzleHttp\Exception\ClientException’ with message 'Client error: GET http://tiendaperu.es/lists/api/v2/lists/3 resulted in a 403 Forbidden response: {“code”:403,“message”:“Forbidden”} ’ in /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Middleware.php(66): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response)) #1 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp{closure}(Object(GuzzleHttp\Psr7\Response)) #2 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/Promise.php(156): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), Array) #3 /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\Promise::GuzzleHttp\ in /home/perustocks/public_html/test_phplist/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113

@xheni Xheni, do you have any idea what is causing this problem?

I am also having similar issue using the facility. I have tried to resolve this issue, but I have not succeeded yet! Any help will be appreciated.

@Thoma1s You can check the phplist_admintoken table that will have been created. There should be a row for each time that you ran the client. Does the timestamp look correct?