Forums/Community/Community questions & answers

Answered

Forbidden error when submitting new tickets using API

Richard Urwin
asked this on July 30, 2010 08:36

We're using the Zendesk API to submit support requests directly from our site (psonar.com).

The problem is that approximately 50% of the time, a 'Forbidden' error is returned and the request isn't submitted.

Does anyone know if there any reason for this?

It's causing us major headaches because not only do we have to check Zendesk for support tickets, we also have to manually trawl our database and create tickets for the ones that get rejected.

I've asked Zendesk support, but was told by Mike Warren that I'm not paying for a high enough level of support for them to offer coding support, even though it's almost certainly not a fault with the code, given that it works some of the time.

Here's what little information is returned:

 

Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The remote server returned an error: (403) Forbidden.
Source : System
Help link :
Status : ProtocolError
Response : System.Net.HttpWebResponse
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetResponse()
Stack Trace :    at System.Net.HttpWebRequest.GetResponse()
   at ZenDeskManager.cs:line 72

Incidentally I'm more than happy to give anyone our C# code to do the submission, to save others writing it. It's pretty straightforward and I can't see that it's our fault the requests work on a random basis. Just give me a shout and i'll send it across.

 

Thanks,

Richard

 

Comments

User photo
Mike Warren
Zendesk

Hi Richard,

For the issue, you mentioned in your ticket the following...

"if I'm log in and somebody submits a request using the API, I get logged out with an error message that someone else has logged into the site with the same credentials.  I'm not entirely sure this is exactly why, but the evidence points to it."

I think your theory on this is relevant -- since you have a solo account, you can only be accessing the data with your credentials per login and it could possibly present a problem with user concurrency (us limiting access to one session per agent).  The question on this is if the issue occurs also if you do not login?  After that you provided C# code and I'm not familiar at all with that.

Are there any particular circumstances that trigger the issue or are occurring around the same time?  Things like # of requests (or API calls) in a time period, where the API calls are coming from?

Sorry about the miscommunication on this.  To clarify my feedback; our support does not provide coding level support because we are not programmers ourselves.  Thats unrelated to your plan type or how much you are paying.  I advised that posting the issue with your code to our forums might get you a good answer from someone in our community that was familiar with coding and could better advise -- and if not to let us know.  I looked at your C# code but was lost.  Regarding your plan type -- solo accounts are normally limited to forum based support for anything. Thats always been our policy and a difference in our plans, but unrelated to our ability to review custom code.

Regards,

-Mike

August 03, 2010 16:31
User photo
Richard Urwin

Hi Mike,

Thanks for the rapid response.

The session issue may be relevant, but I notice the last problem occurred at 20:45 yesterday. I was working but definitely not logged in to the support site. Can you check to see if the session is cleared when logging out?

The API calls are relatively infrequent, so I doubt this is an issue.

I appreciate why you don't offer coding-level supprt, but surely you should offer support for things that are actually broken with your site to everyone?

Regards,

Richard

 

August 04, 2010 00:03
User photo
Skip Moore
Zendesk

Hi Richard, 

Are you trying to update a ticket using /tickets/####.xml ?  as a end user?

Skip

August 04, 2010 09:28
User photo
Richard Urwin

Hi Skip,

I am indeed - I'm actually posting using my account credentials and supplying the

X-On-Behalf-Of

 

 

header.

Want to see any code or the XML of a ticket submission?

'Cheers,

Rich

August 05, 2010 04:26
User photo
Skip Moore
Zendesk

HI Richard 

The XML would be great along with the URL that you are using?

Skip

August 05, 2010 10:16
User photo
Richard Urwin

Hi Skip,

The URL is:

http://psonar.zendesk.com/tickets.xml

Anbd the XML is:

<ticket>
 <status-id>0</status-id>
 <priority-id>0</priority-id>
 <requester-name>richard</requester-name>
 <requester-email>richard@psonar.com</requester-email>
 <subject>test subject</subject>
 <description>test message</description>
 <fields>
  <98180>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)</98180>
  <98181>richard</98181>
  <98183>103</98183>
 </fields>
</ticket>

 

Thanks,

Richard

 

August 08, 2010 04:45
User photo
Richard Urwin

Hi Mike / Skip,

Do you have any further news on this? It still isn't working and if this continues to be the case, we're going to have to look elsewhere for our support. It's getting to be very infuriating and we're missing support requests because of this.

Regards,

Richard

August 31, 2010 04:21
User photo
Skip Moore
Zendesk

Hi RIchard,

After reviewing your code, you can't set <requester-name> or <requester-email>  when using the API to submit a ticket. You have to use <requester-id type="integer">9454785</requester-id> or in the header set "X-On-behalf-Of: joe@email.com" to set the requester on a ticket. 

Skip

August 31, 2010 10:48
User photo
Richard Urwin

Hi Skip,

As mentioned earlier up the thread, I'm already using the:

X-On-Behalf-Of

header. What's more, it works intermittently, and I can't see that including these additional fields would cause these intermittent failures.

I'll remove them and let you know how I get on though.

Do you have any other suggestions as to what might be causing this?

Regards,

Richard

 

August 31, 2010 13:20
User photo
Skip Moore
Zendesk

Not right now, lets get a bare bones ticket created and see what the results are

Skip

August 31, 2010 13:25
User photo
Kevin

How long has this been in place??? We just came across the fact that we've been getting the following errors on our contact form integration with ZenDesk:

 

HTTP/1.1 403 Forbidden
Server: nginx/0.6.35
Date: Mon, 25 Oct 2010 20:14:37 GMT
Content-Type: application/xml; charset=utf-8
Connection: keep-alive
Status: 403 Forbidden
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 21
Content-Length: 175
Set-Cookie: _zendesk_session=BAh7CzoNYXV0aF92aWEiEkJhc2ljU3RyYXRlZ3kiHHdhcmRlbi51c2VyLmRlZmF1bHQua2V5aQMHCQc6DGFjY291bnRpAtweOg9zZXNzaW9uX2lkIiU4MDQ2MmM0ZDc4NDQ5M2QwYWUwYjI0NDhlMTc5NGU2MCITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFWMzcGxiNnk1Yi0xYjY0Yno%3D--ee94651ebed0734f43ce047b2d69d824ca4b49ff; path=/; HttpOnly
Set-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/
Cache-Control: no-cache

HTTP/1.1 403 ForbiddenServer: nginx/0.6.35Date: Mon, 25 Oct 2010 20:14:37 GMTContent-Type: application/xml; charset=utf-8Connection: keep-aliveStatus: 403 ForbiddenP3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"X-Runtime: 21Content-Length: 175Set-Cookie: _zendesk_session=BAh7CzoNYXV0aF92aWEiEkJhc2ljU3RyYXRlZ3kiHHdhcmRlbi51c2VyLmRlZmF1bHQua2V5aQMHCQc6DGFjY291bnRpAtweOg9zZXNzaW9uX2lkIiU4MDQ2MmM0ZDc4NDQ5M2QwYWUwYjI0NDhlMTc5NGU2MCITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFWMzcGxiNnk1Yi0xYjY0Yno%3D--ee94651ebed0734f43ce047b2d69d824ca4b49ff; path=/; HttpOnlySet-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/Cache-Control: no-cache

This is unacceptable.  We've been using your system for 2+ years and now we've found out that we've had a broken zendesk inbound system since this backward incompatible change was made. That's about 20-30 customers a day we've not been servicing since about Sept 8?

<pre>

<ticket><subject>question: test test</subject><description>test testtest testtest testtest testtest testtest test</description><priority-id>0</priority-id><group-id>9632</group-id><set-tags></set-tags><ticket-type-id>1</ticket-type-id><uploads>fguoewnsay85zxu</uploads><ticket-field-entries type="array"><ticket-field-entry><ticket-field-id>56012</ticket-field-id><value></value></ticket-field-entry><ticket-field-entry><ticket-field-id>56297</ticket-field-id><value>blackberry</value></ticket-field-entry></ticket-field-entries></ticket>

</pre>

I get these errors when I do the X-On-Behalf-Of: joe.enduser@theendusers.com or the requestor-name, requestor-email

How can I fix this? Neither work...

 

<body><ticket><subject>question: test test</subject><description>test testtest testtest testtest testtest testtest test</description><priority-id>0</priority-id><group-id>9632</group-id><set-tags></set-tags><ticket-type-id>1</ticket-type-id><requester-name>Kevin c</requester-name><requester-email>kcallahan@gmail.com</requester-email><uploads>loh4gjlbsnytepi</uploads><ticket-field-entries type="array"><ticket-field-entry><ticket-field-id>56012</ticket-field-id><value></value></ticket-field-entry><ticket-field-entry><ticket-field-id>56297</ticket-field-id><value>blackberry</value></ticket-field-entry></ticket-field-entries></ticket>HTTP/1.1 403 Forbidden

Server: nginx/0.6.35

Date: Mon, 25 Oct 2010 20:26:11 GMT

Content-Type: application/xml; charset=utf-8

Connection: keep-alive

Status: 403 Forbidden

P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"

X-Runtime: 70

Content-Length: 175

Set-Cookie: _zendesk_session=BAh7CyIcd2FyZGVuLnVzZXIuZGVmYXVsdC5rZXlpAwcJBzoMYWNjb3VudGkC3B46D3Nlc3Npb25faWQiJTgxMTU2MmU2MjZiMzcyZDU0NzdiYzU2M2UyZmYxYmQyOg1hdXRoX3ZpYSISQmFzaWNTdHJhdGVneSITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFDRsamxiMDRsb3hpdHlydg%3D%3D--40906f1712969fe084d6a2aa524189a5d586c2ab; path=/; HttpOnly

Set-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/

Cache-Control: no-cache

 

<error>

  <title>Access denied</title>

  <message>You do not have access to this page. Please contact the account owner of this help desk for further help.</message>

</error>

Resource id #62</body>

 

 

October 25, 2010 13:38
User photo
Kevin

Here's my test code:

 

<!-- p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Monaco; color: #479075} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Monaco} p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Monaco; min-height: 15.0px} p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Monaco; color: #492df6} span.s1 {color: #000000} span.s2 {color: #492df6} span.s3 {color: #971365} span.Apple-tab-span {white-space:pre} -->

// ========================================

// ZenDesk Tick

// ========================================

$strZenSubject = "";

$intZenPriority = 0;

$strZenPremium = "";

$strZenPremiumTag = "";

if ($BUG_DESCRIPTION != "") {

$strZenSubject = "$ABOUT: $BUG_DESCRIPTION";

} else {

$strZenSubject = $ABOUT;

}

$strZenSubject = $strZenSubject . $strPremiumFlag;

 

if ($ABOUT == "small problem"){

$intZenPriority = "3";

$intZenTicketType = "3";

} elseif ($ABOUT == "critical problem") {

$intZenPriority = "4";

$intZenTicketType = "3";

} elseif ($ABOUT == "question") {

$intZenTicketType = "1";

}

if ($SYSTEM_PREMIUM_FLAG == 1) {

$strZenPremium = "true";

$strZenPremiumTag = "premium";

}

if ($ABOUT == "critical problem") {

$strZenPremiumTag .= " critical";

}

if ($ABOUT == "event results") {

    $strZenPremiumTag .= " tdf2010";

}

$xmlTicket .= "<ticket>";

$xmlTicket .= "<subject>".htmlentities($strZenSubject)."</subject>";

$xmlTicket .= "<description>".htmlentities($MESSAGE)."</description>";

$xmlTicket .= "<priority-id>$intZenPriority</priority-id>";

  $xmlTicket .=   "<group-id>9632</group-id>";

$xmlTicket .= "<set-tags>$strZenPremiumTag</set-tags>";

$xmlTicket .= "<ticket-type-id>$intZenTicketType</ticket-type-id>";

//$xmlTicket .= "<requester-name>$NAME</requester-name>";

//$xmlTicket .= "<requester-email>$EMAIL</requester-email>";

$xmlTicket .= "<uploads>$strZenFileToken</uploads>";

$xmlTicket .= "<ticket-field-entries type=\"array\">";

$xmlTicket .= "<ticket-field-entry>";

$xmlTicket .= "<ticket-field-id>56012</ticket-field-id>";

$xmlTicket .= "<value>$strZenPremium</value>";

$xmlTicket .= "</ticket-field-entry>";

$xmlTicket .= "<ticket-field-entry>";

$xmlTicket .= "<ticket-field-id>56297</ticket-field-id>";

$xmlTicket .= "<value>$PRODUCT</value>";

$xmlTicket .= "</ticket-field-entry>";

$xmlTicket .= "</ticket-field-entries>";

$xmlTicket .= "</ticket>";

$ch = curl_init();

            $arrZenHeader = array("Content-Type: application/xml", "Content-Length: " . strlen($xmlTicket), "X-On-Behalf-Of: $EMAIL");

 

curl_setopt($ch, CURLOPT_URL, "http://mmf.zendesk.com/tickets.xml");

curl_setopt($ch, CURLOPT_POST, true);

            curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 

curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlTicket);

curl_setopt($ch, CURLOPT_USERPWD, "user:pass");

curl_setopt($ch, CURLOPT_HTTPHEADER, $arrZenHeader);

curl_setopt($ch, CURLOPT_HEADER, true);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$http_result = curl_exec($ch);

$error = curl_error($ch);

$headers = curl_getinfo($ch);

 

        print "<h1>arrZenHeader</h1><hr/>";

        print_r($arrZenHeader);

        print "<h1>xmlTicket</h1><hr/>";

        print($xmlTicket);

        print "<h1>headers</h1><hr/>";

        print_r($headers);

        print "<h1>http_result</h1><hr/>";

        print_r($http_result);

        print_r($ch);

        die();

 

 

curl_close($ch);

October 25, 2010 18:39
User photo
Kevin

sorry, that's the production code with the test output

October 25, 2010 18:40
User photo
Jake Holman
Product Manager

@Kevin: Going to need a little more detail, I've outlined below:

  1. We need to see the headers you're sending to Zendesk (not just what you receive), don't include your login credentials, but do tell me what type of user you're logging in as (End-User, Agent or Admin?).
  2. Is the XML you posted a real example of something you've POSTed to Zendesk? 
  3. What URL are you POSTing to in order to create these tickets? 

I edited your comment to remove those login details.

October 25, 2010 18:45
User photo
Kevin

Hi Jake,

Thanks for such the quick response -- 

Headers: Array ( [0] => Content-Type: application/xml [1] => Content-Length: 538 [2] => X-On-Behalf-Of: kcallahan@gmail.com )

URL:http://mmf.zendesk.com/tickets.xml

XML: yes, this is an example XML output of our contact form that had been working prior.

Also I just changed the credentials as I realized not the smartest move to post them to web.  Can you edit the message and XXXX anyways?

Thanks!

October 25, 2010 18:47
User photo
Kevin

and kcallahan@g..com is a unverified user.  ie., the user provide's their email address in the contact form and they may or may not be an existing user in ZenDesk.

Thanks Jake!

-Kevin

October 25, 2010 18:49
User photo
Jake Holman
Product Manager

I shall take a look at the code later this evening, and if that's PHP it should make life a little easier for me. 

Will let you know if I have any questions about the various variables in there. 

October 25, 2010 18:50
User photo
Jake Holman
Product Manager

@Kevin: Was that info@ email address I saw earlier what you're using to authenticate into the Zendesk API in order to create tickets?

October 25, 2010 18:53
User photo
Kevin

 <!--StartFragment-->info@ is the user that we're using for the authentication:

ie.,
curl_setopt($ch, CURLOPT_USERPWD, "info@mapmyfitness.com:XXXX");

-Kevin
 

October 26, 2010 05:54
User photo
Kevin

we've identified the problem -- the info@* was an end-user and not an agent.  Was this always validated? It now works once I changed the account type.

 

-Kevin

October 26, 2010 08:34
User photo
Jake Holman
Product Manager
Check Answer

@Kevin: It's been that way for as long as I can remember at least, the authenticating user can only do things with the API that they would normally have permission to do. An End-User wouldn't normally be able to create a ticket on behalf of someone else, but an Agent or Admin certainly can. 

This is why I asked if you were authenticating under an End-User, Agent or Admin. Glad you got it sorted out though. 

October 26, 2010 09:11
User photo
Nick Mossie

I was having this problem too.. I had my headers set like this:

curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'Content-length: '.strlen($payload)), 'X-On-Behalf-Of: shelly@somewhere.com' );

and I just changed this

curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'X-On-Behalf-Of: shelly@somewhere.com', 'Content-length: '.strlen($payload)) );

and now it works fine

July 07, 2011 11:11
User photo
Jake Holman
Product Manager

@Nick: That's because that first line was invalid - you'll notice you terminate array() too early with .strlen($payload))

July 07, 2011 11:55
User photo
Nick Mossie

lol... oops!  I'm glad that it was a silly mistake and not that header order matters ;)

July 07, 2011 14:49
User photo
Criss Moldovan

Hi,

Any updates on this? i'm experiencing the same problem. If i remove the X-On-Behalf-Of header works fine. Otherwise 403

Please share if you have any ideas.

Thanks,

Criss 

September 15, 2011 22:23
User photo
Francesco Triti
aspera

Hello


I do have the same problem trying to add a comment via API (works of course when i assume the indentity)


1) curl -v -u me@me.com:mypassowrd -H "X-On-Behalf-Of: CCUSER@example.com" \
-H "Content-Type: application/xml" \
-d "<comment><is-public>true</is-public><value> this is public behalf </value></comment>" \
-X PUT https://HOST.zendesk.com/api/v1/tickets/5073.xml

 

2)

curl -v -u me@me.com:mypassowrd -H "X-On-Behalf-Of: REQUESTER@example.com" \
-H "Content-Type: application/xml" \
-d "<comment><is-public>true</is-public><value> this is public behalf </value></comment>" \
-X PUT https://HOST.zendesk.com/api/v1/tickets/5073.xml

Where

* me@me.com is administrator of HOST.zendesk.com

* CCUSER@example.com is a CC user in the ticket CC (case1)

* REQUESTER@example.com is the requestor of the same ticket (case 2)

while

* removing behalf works (comments is added)

Any idea?

Thanks


Cheers
Fra

June 01, 2012 18:11
User photo
Sean Kinney
Zendesk
Check Answer

Hi Francesco,

There are a couple of things to keep in mind when making these API calls:

  1. You've added a flag to make the comments public, but you're trying to act on behalf of an end-user who has no choice but to make their comments public. Only agents can restrict the visibility of comments, so you should omit '<is-public>true</is-public>' from your API calls.
  2. You are using the agent API interface (e.g. /api/v1/tickets/) rather than the end-user interface (e.g. /api/v1/requests/) despite trying to update these tickets as end-users
Putting that all together, your API calls should look something like this:

curl -u email@site.com:password -H "X-On-Behalf-Of: requester@example.org" -H "Content-Type: application/xml" -d "<comment><value>This is a test comment</value></comment>" -X PUT https://yoursite.zendesk.com/api/v1/requests/5073.xml -v

Please give that a try and let us know if it doesn't work.

June 09, 2012 13:03
User photo
Francesco Triti
aspera

HI Sean 

thanks a lot for your answer, yes the command works - i did not get the point of the user/agent interface.

do not agree so much on 1 ;)  it would be not correct  if i set false not if i set something that is "correct" (also if redundant).

 

Anyway: I am suspecting this not work with v2 API or the same interface requests (with redirection) is available?

 

cheers.

Francesco

 

June 15, 2012 16:53
User photo
Sean Kinney
Zendesk

Hi Francesco,

Because the agent and end-user API interfaces are separate in v1, including an agent-only command (e.g. the is-public flag) is generally not encouraged. In the case of the is-public flag, it looks like we just ignore that flag in the end-user interface (/api/v1/requests) so you're probably safe to include it but since it doesn't do anything there's no reason to include it.

As for v2 of the API, we're planning to add similar functionality as confirmed in https://support.zendesk.com/entries/21377351-api-v2-ticket-creation but as of this moment we haven't added support for something like x-on-behalf-of in v2 of the API. For now, I'd recommend using v1 of the API for this.

Take care,

Sean

June 16, 2012 08:02
User photo
rasmi roy

Hi Sean,

I have created a ticket for the end-user  in the Zendesk . Then i tried to respond to the ticket as end-user , but i'm getting the below error:

object(stdClass)#213 (1) { ["error"]=> object(stdClass)#214 (2) { ["title"]=> string(9) "Forbidden" ["message"]=> string(105) "You do not have access to this page. Please contact the account owner of this help desk for further help." } }

Then updated the access rights of that particular user in Zendesk. But i'm still getting the forbidden error.  Can you please tell me why is this happening?

Thanks!

November 13, 2012 11:21
User photo
rasmi roy

Hi Sean,

Any updates on the above comment? thanks!

November 13, 2012 15:41
User photo
Jennifer Rowe
Zendesk

Hi Rasmi Roy, I'm going to create a ticket for you so you can get help from our Support team.

November 15, 2012 14:15
User photo
rasmi roy

Hi Jennifer,

I haven't heard anything back from the Support Team yet.

November 26, 2012 11:02
User photo
Justin Seymour
Zendesk

Hey Rasmi: 

An agent replied with additional questions on November 16th. I'll go ahead and add a response to queue off an email notification so you can follow-up. 

November 26, 2012 11:12