403 Forbidden from invalid tokens should not cascade to valid tokens
Case: We recently ran into an issue where the usage of an invalid token (causing 401 Unauthorized errors) cascaded into 403 Forbidden across all Zendesk APIs used on our network - even where valid tokens were used.
Request: only block requests from the offending token, instead of blocking all requests from the IP of the invalid token.
Additional information: Based on our experience, the blocking cycle works as follows - 5 x 401 Unauthorized errors cascade into 403 Forbidden errors across the network for a period of 5 minutes. This cycle keeps repeating until the 401 Unauthorized errors are corrected.
Please sign in to leave a comment.
0 Comments