Tried to use several different API endpoints as described in the link, but they all return 403 with a cloudflare “Just a moment…” html reply. Even tried copying an existing jwt token from a working logged-in browser but the same thing still happens.
Any idea what I could be doing wrong?
curl -v --request POST \
--url https://programming.dev/api/v3/user/login \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{"username_or_email": "redacted", "password": "redacted"}'
...
< HTTP/2 403
...
<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>
...
I have no knowledge of this specific issue but 403 means unauthorized and the “Just a moment” response is usually because the server sends a JavaScript challenge to verify that you are a ‘real’ browser/user. It’s an anti bot verification and you’re not passing.
yes but this defeats the whole point of allowing bots on lemmy in the first place.
If you want to run a bot against our api I’m able to whitelist ips to bypass the bot check. Feel free to reach out on matrix
You’re not passing cloudflares anti bot challenge. This is known to be a hard problem, as obviously CF is highly motivated to stop bots
then what is the point of allowing bots on lemmy if they can’t work?
Bots on Lemmy are allowed, that’s why the API exists.
Bots on programming.dev seems are not allowed since all endpoints require to pass CF.