3

Forbidden error when submitting new tickets using API

We're using the Zendesk API to submit support requests directly from our site (psonar.com).

The problem is that approximately 50% of the time, a 'Forbidden' error is returned and the request isn't submitted.

Does anyone know if there any reason for this?

It's causing us major headaches because not only do we have to check Zendesk for support tickets, we also have to manually trawl our database and create tickets for the ones that get rejected.

I've asked Zendesk support, but was told by Mike Warren that I'm not paying for a high enough level of support for them to offer coding support, even though it's almost certainly not a fault with the code, given that it works some of the time.

Here's what little information is returned:

 

Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : The remote server returned an error: (403) Forbidden.
Source : System
Help link :
Status : ProtocolError
Response : System.Net.HttpWebResponse
Data : System.Collections.ListDictionaryInternal
TargetSite : System.Net.WebResponse GetResponse()
Stack Trace :    at System.Net.HttpWebRequest.GetResponse()
   at ZenDeskManager.cs:line 72

Incidentally I'm more than happy to give anyone our C# code to do the submission, to save others writing it. It's pretty straightforward and I can't see that it's our fault the requests work on a random basis. Just give me a shout and i'll send it across.

 

Thanks,

Richard

36 comments

  • 0

    Hi Richard,

    For the issue, you mentioned in your ticket the following...

    "if I'm log in and somebody submits a request using the API, I get logged out with an error message that someone else has logged into the site with the same credentials.  I'm not entirely sure this is exactly why, but the evidence points to it."

    I think your theory on this is relevant -- since you have a solo account, you can only be accessing the data with your credentials per login and it could possibly present a problem with user concurrency (us limiting access to one session per agent).  The question on this is if the issue occurs also if you do not login?  After that you provided C# code and I'm not familiar at all with that.

    Are there any particular circumstances that trigger the issue or are occurring around the same time?  Things like # of requests (or API calls) in a time period, where the API calls are coming from?

    Sorry about the miscommunication on this.  To clarify my feedback; our support does not provide coding level support because we are not programmers ourselves.  Thats unrelated to your plan type or how much you are paying.  I advised that posting the issue with your code to our forums might get you a good answer from someone in our community that was familiar with coding and could better advise -- and if not to let us know.  I looked at your C# code but was lost.  Regarding your plan type -- solo accounts are normally limited to forum based support for anything. Thats always been our policy and a difference in our plans, but unrelated to our ability to review custom code.

    Regards,

    -Mike

  • 0

    Hi Mike,

    Thanks for the rapid response.

    The session issue may be relevant, but I notice the last problem occurred at 20:45 yesterday. I was working but definitely not logged in to the support site. Can you check to see if the session is cleared when logging out?

    The API calls are relatively infrequent, so I doubt this is an issue.

    I appreciate why you don't offer coding-level supprt, but surely you should offer support for things that are actually broken with your site to everyone?

    Regards,

    Richard

     

  • 0

    Hi Richard, 

    Are you trying to update a ticket using /tickets/####.xml ?  as a end user?

    Skip

  • 0

    Hi Skip,

    I am indeed - I'm actually posting using my account credentials and supplying the

    X-On-Behalf-Of

     

     

    header.

    Want to see any code or the XML of a ticket submission?

    'Cheers,

    Rich

  • 0

    HI Richard 

    The XML would be great along with the URL that you are using?

    Skip

  • 0

    Hi Skip,

    The URL is:

    http://psonar.zendesk.com/tickets.xml

    Anbd the XML is:

    <ticket>
     <status-id>0</status-id>
     <priority-id>0</priority-id>
     <requester-name>richard</requester-name>
     <requester-email>richard@psonar.com</requester-email>
     <subject>test subject</subject>
     <description>test message</description>
     <fields>
      <98180>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)</98180>
      <98181>richard</98181>
      <98183>103</98183>
     </fields>
    </ticket>

     

    Thanks,

    Richard

     

  • 0

    Hi Mike / Skip,

    Do you have any further news on this? It still isn't working and if this continues to be the case, we're going to have to look elsewhere for our support. It's getting to be very infuriating and we're missing support requests because of this.

    Regards,

    Richard

  • 0

    Hi RIchard,

    After reviewing your code, you can't set <requester-name> or <requester-email>  when using the API to submit a ticket. You have to use <requester-id type="integer">9454785</requester-id> or in the header set "X-On-behalf-Of: joe@email.com" to set the requester on a ticket. 

    Skip

  • 0

    Hi Skip,

    As mentioned earlier up the thread, I'm already using the:

    X-On-Behalf-Of

    header. What's more, it works intermittently, and I can't see that including these additional fields would cause these intermittent failures.

    I'll remove them and let you know how I get on though.

    Do you have any other suggestions as to what might be causing this?

    Regards,

    Richard

     

  • 0

    Not right now, lets get a bare bones ticket created and see what the results are

    Skip

  • 0

    How long has this been in place??? We just came across the fact that we've been getting the following errors on our contact form integration with ZenDesk:

     

    HTTP/1.1 403 Forbidden

    Server: nginx/0.6.35

    Date: Mon, 25 Oct 2010 20:14:37 GMT

    Content-Type: application/xml; charset=utf-8

    Connection: keep-alive

    Status: 403 Forbidden

    P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"

    X-Runtime: 21

    Content-Length: 175

    Set-Cookie: _zendesk_session=BAh7CzoNYXV0aF92aWEiEkJhc2ljU3RyYXRlZ3kiHHdhcmRlbi51c2VyLmRlZmF1bHQua2V5aQMHCQc6DGFjY291bnRpAtweOg9zZXNzaW9uX2lkIiU4MDQ2MmM0ZDc4NDQ5M2QwYWUwYjI0NDhlMTc5NGU2MCITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFWMzcGxiNnk1Yi0xYjY0Yno%3D--ee94651ebed0734f43ce047b2d69d824ca4b49ff; path=/; HttpOnly

    Set-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/

    Cache-Control: no-cache

    HTTP/1.1 403 ForbiddenServer: nginx/0.6.35Date: Mon, 25 Oct 2010 20:14:37 GMTContent-Type: application/xml; charset=utf-8Connection: keep-aliveStatus: 403 ForbiddenP3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"X-Runtime: 21Content-Length: 175Set-Cookie: _zendesk_session=BAh7CzoNYXV0aF92aWEiEkJhc2ljU3RyYXRlZ3kiHHdhcmRlbi51c2VyLmRlZmF1bHQua2V5aQMHCQc6DGFjY291bnRpAtweOg9zZXNzaW9uX2lkIiU4MDQ2MmM0ZDc4NDQ5M2QwYWUwYjI0NDhlMTc5NGU2MCITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFWMzcGxiNnk1Yi0xYjY0Yno%3D--ee94651ebed0734f43ce047b2d69d824ca4b49ff; path=/; HttpOnlySet-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/Cache-Control: no-cache

    This is unacceptable.  We've been using your system for 2+ years and now we've found out that we've had a broken zendesk inbound system since this backward incompatible change was made. That's about 20-30 customers a day we've not been servicing since about Sept 8?

    <pre>

    <ticket><subject>question: test test</subject><description>test testtest testtest testtest testtest testtest test</description><priority-id>0</priority-id><group-id>9632</group-id><set-tags></set-tags><ticket-type-id>1</ticket-type-id><uploads>fguoewnsay85zxu</uploads><ticket-field-entries type="array"><ticket-field-entry><ticket-field-id>56012</ticket-field-id><value></value></ticket-field-entry><ticket-field-entry><ticket-field-id>56297</ticket-field-id><value>blackberry</value></ticket-field-entry></ticket-field-entries></ticket>

    </pre>

    I get these errors when I do the X-On-Behalf-Of: joe.enduser@theendusers.com or the requestor-name, requestor-email

    How can I fix this? Neither work...

     

    <body><ticket><subject>question: test test</subject><description>test testtest testtest testtest testtest testtest test</description><priority-id>0</priority-id><group-id>9632</group-id><set-tags></set-tags><ticket-type-id>1</ticket-type-id><requester-name>Kevin c</requester-name><requester-email>kcallahan@gmail.com</requester-email><uploads>loh4gjlbsnytepi</uploads><ticket-field-entries type="array"><ticket-field-entry><ticket-field-id>56012</ticket-field-id><value></value></ticket-field-entry><ticket-field-entry><ticket-field-id>56297</ticket-field-id><value>blackberry</value></ticket-field-entry></ticket-field-entries></ticket>HTTP/1.1 403 Forbidden

    Server: nginx/0.6.35

    Date: Mon, 25 Oct 2010 20:26:11 GMT

    Content-Type: application/xml; charset=utf-8

    Connection: keep-alive

    Status: 403 Forbidden

    P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"

    X-Runtime: 70

    Content-Length: 175

    Set-Cookie: _zendesk_session=BAh7CyIcd2FyZGVuLnVzZXIuZGVmYXVsdC5rZXlpAwcJBzoMYWNjb3VudGkC3B46D3Nlc3Npb25faWQiJTgxMTU2MmU2MjZiMzcyZDU0NzdiYzU2M2UyZmYxYmQyOg1hdXRoX3ZpYSISQmFzaWNTdHJhdGVneSITd2FyZGVuLm1lc3NhZ2V7ADoHaWQiFDRsamxiMDRsb3hpdHlydg%3D%3D--40906f1712969fe084d6a2aa524189a5d586c2ab; path=/; HttpOnly

    Set-Cookie: zendesk_user_version=users%2F461063-20100908195636; path=/

    Cache-Control: no-cache

     

    <error>

      <title>Access denied</title>

      <message>You do not have access to this page. Please contact the account owner of this help desk for further help.</message>

    </error>

    Resource id #62</body>

     

     

  • 0

    Here's my test code:

     

    // ========================================

    // ZenDesk Tick

    // ========================================

    $strZenSubject = "";

    $intZenPriority = 0;

    $strZenPremium = "";

    $strZenPremiumTag = "";

    if ($BUG_DESCRIPTION != "") {

    $strZenSubject = "$ABOUT: $BUG_DESCRIPTION";

    } else {

    $strZenSubject = $ABOUT;

    }

    $strZenSubject = $strZenSubject . $strPremiumFlag;

     

    if ($ABOUT == "small problem"){

    $intZenPriority = "3";

    $intZenTicketType = "3";

    } elseif ($ABOUT == "critical problem") {

    $intZenPriority = "4";

    $intZenTicketType = "3";

    } elseif ($ABOUT == "question") {

    $intZenTicketType = "1";

    }

    if ($SYSTEM_PREMIUM_FLAG == 1) {

    $strZenPremium = "true";

    $strZenPremiumTag = "premium";

    }

    if ($ABOUT == "critical problem") {

    $strZenPremiumTag .= " critical";

    }

    if ($ABOUT == "event results") {

        $strZenPremiumTag .= " tdf2010";

    }

    $xmlTicket .= "<ticket>";

    $xmlTicket .= "<subject>".htmlentities($strZenSubject)."</subject>";

    $xmlTicket .= "<description>".htmlentities($MESSAGE)."</description>";

    $xmlTicket .= "<priority-id>$intZenPriority</priority-id>";

      $xmlTicket .=   "<group-id>9632</group-id>";

    $xmlTicket .= "<set-tags>$strZenPremiumTag</set-tags>";

    $xmlTicket .= "<ticket-type-id>$intZenTicketType</ticket-type-id>";

    //$xmlTicket .= "<requester-name>$NAME</requester-name>";

    //$xmlTicket .= "<requester-email>$EMAIL</requester-email>";

    $xmlTicket .= "<uploads>$strZenFileToken</uploads>";

    $xmlTicket .= "<ticket-field-entries type=\"array\">";

    $xmlTicket .= "<ticket-field-entry>";

    $xmlTicket .= "<ticket-field-id>56012</ticket-field-id>";

    $xmlTicket .= "<value>$strZenPremium</value>";

    $xmlTicket .= "</ticket-field-entry>";

    $xmlTicket .= "<ticket-field-entry>";

    $xmlTicket .= "<ticket-field-id>56297</ticket-field-id>";

    $xmlTicket .= "<value>$PRODUCT</value>";

    $xmlTicket .= "</ticket-field-entry>";

    $xmlTicket .= "</ticket-field-entries>";

    $xmlTicket .= "</ticket>";

    $ch = curl_init();

                $arrZenHeader = array("Content-Type: application/xml", "Content-Length: " . strlen($xmlTicket), "X-On-Behalf-Of: $EMAIL");

     

    curl_setopt($ch, CURLOPT_URL, "http://mmf.zendesk.com/tickets.xml");

    curl_setopt($ch, CURLOPT_POST, true);

                curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 

    curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlTicket);

    curl_setopt($ch, CURLOPT_USERPWD, "user:pass");

    curl_setopt($ch, CURLOPT_HTTPHEADER, $arrZenHeader);

    curl_setopt($ch, CURLOPT_HEADER, true);

    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $http_result = curl_exec($ch);

    $error = curl_error($ch);

    $headers = curl_getinfo($ch);

     

            print "<h1>arrZenHeader</h1><hr/>";

            print_r($arrZenHeader);

            print "<h1>xmlTicket</h1><hr/>";

            print($xmlTicket);

            print "<h1>headers</h1><hr/>";

            print_r($headers);

            print "<h1>http_result</h1><hr/>";

            print_r($http_result);

            print_r($ch);

            die();

     

     

    curl_close($ch);

  • 0

    sorry, that's the production code with the test output

  • 0

    @Kevin: Going to need a little more detail, I've outlined below:

    1. We need to see the headers you're sending to Zendesk (not just what you receive), don't include your login credentials, but do tell me what type of user you're logging in as (End-User, Agent or Admin?).
    2. Is the XML you posted a real example of something you've POSTed to Zendesk? 
    3. What URL are you POSTing to in order to create these tickets? 

    I edited your comment to remove those login details.

  • 0

    Hi Jake,

    Thanks for such the quick response -- 

    Headers: Array ( [0] => Content-Type: application/xml [1] => Content-Length: 538 [2] => X-On-Behalf-Of: kcallahan@gmail.com )

    URL:http://mmf.zendesk.com/tickets.xml

    XML: yes, this is an example XML output of our contact form that had been working prior.

    Also I just changed the credentials as I realized not the smartest move to post them to web.  Can you edit the message and XXXX anyways?

    Thanks!

  • 0

    and kcallahan@g..com is a unverified user.  ie., the user provide's their email address in the contact form and they may or may not be an existing user in ZenDesk.

    Thanks Jake!

    -Kevin

  • 0

    I shall take a look at the code later this evening, and if that's PHP it should make life a little easier for me. 

    Will let you know if I have any questions about the various variables in there. 

  • 0

    @Kevin: Was that info@ email address I saw earlier what you're using to authenticate into the Zendesk API in order to create tickets?

  • 0

     info@ is the user that we're using for the authentication:

    ie.,
    curl_setopt($ch, CURLOPT_USERPWD, "info@mapmyfitness.com:XXXX");

    -Kevin 

  • 0

    we've identified the problem -- the info@* was an end-user and not an agent.  Was this always validated? It now works once I changed the account type.

     

    -Kevin

  • 0

    @Kevin: It's been that way for as long as I can remember at least, the authenticating user can only do things with the API that they would normally have permission to do. An End-User wouldn't normally be able to create a ticket on behalf of someone else, but an Agent or Admin certainly can. 

    This is why I asked if you were authenticating under an End-User, Agent or Admin. Glad you got it sorted out though. 

  • 0

    I was having this problem too.. I had my headers set like this:

    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'Content-length: '.strlen($payload)), 'X-On-Behalf-Of: shelly@somewhere.com' );

    and I just changed this

    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'X-On-Behalf-Of: shelly@somewhere.com', 'Content-length: '.strlen($payload)) );

    and now it works fine

  • 0

    @Nick: That's because that first line was invalid - you'll notice you terminate array()  too early with .strlen($payload))

  • 0

    lol... oops!  I'm glad that it was a silly mistake and not that header order matters ;)

  • 0

    Hi,

    Any updates on this? i'm experiencing the same problem. If i remove the X-On-Behalf-Of header works fine. Otherwise 403

    Please share if you have any ideas.

    Thanks,

    Criss 

  • 0

    Hello

    I do have the same problem trying to add a comment via API (works of course when i assume the indentity)

    1) curl -v -u me@me.com:mypassowrd -H "X-On-Behalf-Of: CCUSER@example.com" \
    -H "Content-Type: application/xml" \
    -d "<comment><is-public>true</is-public><value> this is public behalf </value></comment>" \
    -X PUT https://HOST.zendesk.com/api/v1/tickets/5073.xml

     

    2)

    curl -v -u me@me.com:mypassowrd -H "X-On-Behalf-Of: REQUESTER@example.com" \
    -H "Content-Type: application/xml" \
    -d "<comment><is-public>true</is-public><value> this is public behalf </value></comment>" \
    -X PUT https://HOST.zendesk.com/api/v1/tickets/5073.xml

    Where

    * me@me.com is administrator of HOST.zendesk.com

    * CCUSER@example.com is a CC user in the ticket CC (case1)

    * REQUESTER@example.com is the requestor of the same ticket (case 2)

    while

    * removing behalf works (comments is added)

    Any idea?

    Thanks

    Cheers
    Fra

  • 0

    Hi Francesco,

    There are a couple of things to keep in mind when making these API calls:

    1. You've added a flag to make the comments public, but you're trying to act on behalf of an end-user who has no choice but to make their comments public. Only agents can restrict the visibility of comments, so you should omit '<is-public>true</is-public>' from your API calls.
    2. You are using the agent API interface (e.g. /api/v1/tickets/) rather than the end-user interface (e.g. /api/v1/requests/) despite trying to update these tickets as end-users

    Putting that all together, your API calls should look something like this:

    curl -u email@site.com:password -H "X-On-Behalf-Of: requester@example.org" -H "Content-Type: application/xml" -d "<comment><value>This is a test comment</value></comment>" -X PUT https://yoursite.zendesk.com/api/v1/requests/5073.xml -v

    Please give that a try and let us know if it doesn't work.

  • 0

    HI Sean 

    thanks a lot for your answer, yes the command works - i did not get the point of the user/agent interface.

    do not agree so much on 1 ;)  it would be not correct  if i set false not if i set something that is "correct" (also if redundant).

     

    Anyway: I am suspecting this not work with v2 API or the same interface requests (with redirection) is available?

     

    cheers.

    Francesco

     

  • 0

    Hi Francesco,

    Because the agent and end-user API interfaces are separate in v1, including an agent-only command (e.g. the is-public flag) is generally not encouraged. In the case of the is-public flag, it looks like we just ignore that flag in the end-user interface (/api/v1/requests) so you're probably safe to include it but since it doesn't do anything there's no reason to include it.

    As for v2 of the API, we're planning to add similar functionality as confirmed in https://support.zendesk.com/entries/21377351-api-v2-ticket-creation but as of this moment we haven't added support for something like x-on-behalf-of in v2 of the API. For now, I'd recommend using v1 of the API for this.

    Take care,

    Sean

  • 0

    Hi Sean,

    I have created a ticket for the end-user  in the Zendesk . Then i tried to respond to the ticket as end-user , but i'm getting the below error:

    object(stdClass)#213 (1) { ["error"]=> object(stdClass)#214 (2) { ["title"]=> string(9) "Forbidden" ["message"]=> string(105) "You do not have access to this page. Please contact the account owner of this help desk for further help." } }

    Then updated the access rights of that particular user in Zendesk. But i'm still getting the forbidden error.  Can you please tell me why is this happening?

    Thanks!

Please sign in to leave a comment.