Cfhttp and 403 Forbidden

Hi,

I’m trying to call an api for a payment processor (PayFacto) with cfhttp and I get the error 403 Forbidden. At first I thought it was a certificate problem, so I installed the certificate with the server admin. Same error after a Lucee restart. Then I tried to install it in the keystore directly with the keytool. Same error after a Lucee restart. Note that I’m able to call this url with a browser on the server.

The code is simple

<cfhttp url="https://test.api.payfacto.com/v1/purchase" method="get" result="myresult">
<cfdump var="#myresult#">

After, I thought it was coming from the tls support. I tested their domain on ssllabs.com and they support tls from 1.1 to 1.3.

Any idea? Is someone able to call this url with cfhttp? It should return a 405 error (method not allowed).

Thank you!


Lucee 5.3.8.159-SNAPSHOT
Apache Tomcat/8.5.33
Java 1.8.0_181 (Oracle Corporation) 64bit

1 Like

I found the solution here : https://lucee.daemonite.io/t/url-that-cfhttp-gives-403-but-loads-fine-on-browser/4887/9

This header is required.

<cfhttpparam name="accept" type="header" value="*/*">

It’s a bit awkward to ask a question and find the answer literally two minutes later …

I leave the subject there. It might be helpful to others.

4 Likes

Glad my post helped you!!! Thanks for posting :smiley:

3 Likes