sun
Reputation: 436
GET request works in browser but not in POSTMAN - Cloudfare denies it
- I am trying to access the following API and this is the behavior API = https://api.btcxindia.com/ticker/
While accessing this API from Postman , I get the output. However, if I leave my postman open and test after say 10 minutes - Getting output error
Error : <!DOCTYPE HTML> <html lang="en-US">
<head>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
<title>Just a moment...</title>
<style type="text/css">
html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}
h1 {font-size: 1.5em; color: #404040; text-align: center;}
p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}
#spinner {margin: 0 auto 30px auto; display: block;}
.attribution {margin-top: 20px;}
@-webkit-keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% {
-webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% { -webkit-transform: translateY(0); transform: translateY(0); } }
@keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% { -webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% {
-webkit-transform: translateY(0); transform: translateY(0); } }
.bubbles { background-color: #404040; width:15px; height: 15px; margin:2px; border-radius:100%; -webkit-animation:bubbles 0.6s 0.07s infinite ease-in-out; animation:bubbles 0.6s 0.07s infinite ease-in-out; -webkit-animation-fill-mode:both; animation-fill-mode:both; display:inline-block; } </style>
<script type="text/javascript"> //
<![CDATA[ (function(){
var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
var a = document.getElementById('cf-content');a.style.display = 'block';
setTimeout(function(){
var s,t,o,p,b,r,e,a,k,i,n,g,f, zHvFeWz={"vFQLFVZTSM":+((!+[]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))};
t = document.createElement('div');
t.innerHTML="<a href='/'>x</a>";
t = t.firstChild.href;r = t.match(/https?:\/\//)[0];
t = t.substr(r.length); t = t.substr(0,t.length-1);
a = document.getElementById('jschl-answer');
f = document.getElementById('challenge-form');
;zHvFeWz.vFQLFVZTSM+=+((+!![]+[])+(+!![]));zHvFeWz.vFQLFVZTSM-=+((!+[]+!![]+[])+(+!![]));zHvFeWz.vFQLFVZTSM*=+((!+[]+!![]+[])+(+!![]));zHvFeWz.vFQLFVZTSM+=+((!+[]+!![]+!![]+!![]+[])+(+!![]));zHvFeWz.vFQLFVZTSM*=+((!+[]+!![]+!![]+!![]+[])+(+[]));zHvFeWz.vFQLFVZTSM*=+((!+[]+!![]+!![]+!![]+[])+(+!![]));zHvFeWz.vFQLFVZTSM+=+((+!![]+[])+(!+[]+!![]));zHvFeWz.vFQLFVZTSM+=+((!+[]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]));a.value
= parseInt(zHvFeWz.vFQLFVZTSM, 10) + t.length; '; 121'
f.action += location.hash;
f.submit();
}, 4000);
}, false); })(); //]]>
</script>
</head>
<body>
<table width="100%" height="100%" cellpadding="20">
<tr>
<td align="center" valign="middle">
<div class="cf-browser-verification cf-im-under-attack">
<noscript>
<h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
</noscript>
<div id="cf-content" style="display:none">
<div>
<div class="bubbles"></div>
<div class="bubbles"></div>
<div class="bubbles"></div>
</div>
<h1>
<span data-translate="checking_browser">Checking your browser before accessing</span> btcxindia.com.
</h1>
<p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p>
<p data-translate="allow_5_secs">Please allow up to 5 seconds…</p>
</div>
<form id="challenge-form" action="/cdn-cgi/l/chk_jschl" method="get">
<input type="hidden" name="jschl_vc" value="dbc7ac6d545de8521a2a3f24574a78a4"/>
<input type="hidden" name="pass" value="1516515065.895-rdlkMQJ0RT"/>
<input type="hidden" id="jschl-answer" name="jschl_answer"/>
</form>
</div>
<div class="attribution">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
<br>
Ray ID: 3e081d20db788866
</div>
</td>
</tr>
</table>
</body> </html>
- However, if the same API when tested from Browser this doesn't fail even if I try multiple times.
EDIT-1
Thank you for the comments. I am trying to provide more details. Please find the attached picture from DEV tools
STEP 1: Executing the request in POSTMAN . Please find the result
Following were the auto populated header details I could find
alternate-protocol →443:spdy/3.1
cache-control →no-store, no-cache
cf-ray →3e19a7fc98652f11-DEL
content-encoding →gzip
content-type →application/json
date →Tue, 23 Jan 2018 09:16:48 GMT
expect-ct →max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires →0
pragma →no-cache
server →cloudflare
status →200
strict-transport-security →max-age=31536000
vary →Accept-Encoding
Cookie Details
STEP 2 : After 5 minutes, I am just clicking send on Postman - I get the following the error
<!DOCTYPE HTML> <html lang="en-US">
<head>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
<title>Just a moment...</title>
<style type="text/css">
html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}
h1 {font-size: 1.5em; color: #404040; text-align: center;}
p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}
#spinner {margin: 0 auto 30px auto; display: block;}
.attribution {margin-top: 20px;}
@-webkit-keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% {
-webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% { -webkit-transform: translateY(0); transform: translateY(0); } }
@keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% { -webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% {
-webkit-transform: translateY(0); transform: translateY(0); } }
.bubbles { background-color: #404040; width:15px; height: 15px; margin:2px; border-radius:100%; -webkit-animation:bubbles 0.6s 0.07s infinite ease-in-out; animation:bubbles 0.6s 0.07s infinite ease-in-out; -webkit-animation-fill-mode:both; animation-fill-mode:both; display:inline-block; } </style>
<script type="text/javascript"> //
<![CDATA[ (function(){
var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
var a = document.getElementById('cf-content');a.style.display = 'block';
setTimeout(function(){
var s,t,o,p,b,r,e,a,k,i,n,g,f, gabJCII={"Hoov":+((!+[]+!![]+!![]+[])+(!+[]+!![]))};
t = document.createElement('div');
t.innerHTML="<a href='/'>x</a>";
t = t.firstChild.href;r = t.match(/https?:\/\//)[0];
t = t.substr(r.length); t = t.substr(0,t.length-1);
a = document.getElementById('jschl-answer');
f = document.getElementById('challenge-form');
;gabJCII.Hoov-=+((!+[]+!![]+!![]+[])+(!+[]+!![]));a.value = parseInt(gabJCII.Hoov, 10) + t.length; '; 121'
f.action += location.hash;
f.submit();
}, 4000);
}, false); })(); //]]>
</script>
</head>
<body>
<table width="100%" height="100%" cellpadding="20">
<tr>
<td align="center" valign="middle">
<div class="cf-browser-verification cf-im-under-attack">
<noscript>
<h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
</noscript>
<div id="cf-content" style="display:none">
<div>
<div class="bubbles"></div>
<div class="bubbles"></div>
<div class="bubbles"></div>
</div>
<h1>
<span data-translate="checking_browser">Checking your browser before accessing</span> btcxindia.com.
</h1>
<p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p>
<p data-translate="allow_5_secs">Please allow up to 5 seconds…</p>
</div>
<form id="challenge-form" action="/cdn-cgi/l/chk_jschl" method="get">
<input type="hidden" name="jschl_vc" value="f4e119ff9275afc0a1dd291cd3ecf994"/>
<input type="hidden" name="pass" value="1516699334.127-JXvj0i+E1V"/>
<input type="hidden" id="jschl-answer" name="jschl_answer"/>
</form>
</div>
<div class="attribution">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
<br>
Ray ID: 3e19afdd4f322f11
</div>
</td>
</tr>
</table>
</body> </html>
Header details
cache-control →no-cache
cf-ray →3e19afdd4f322f11-DEL
content-type →text/html; charset=UTF-8
date →Tue, 23 Jan 2018 09:22:10 GMT
expect-ct →max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server →cloudflare
status →503
x-frame-options →SAMEORIGIN
Cookie details
Upvotes: 5
Views: 20296
Answers (2)
Kavya Goyal
Reputation: 184
I faced a similar problem with a URL using Cloudfare API. It worked fine on browser, but gave 503 in postman and even Android Retrofit Calls. Used a VPN while making calls on Android, worked for me. Try using a proxy server on Postman.
Upvotes: 0
dankilev
Reputation: 782
This might not be an exact solution for your situation but there is a Chrome extension called the Interceptor which would allow you to redirect Postman queries via Chrome. It might be a good alternative if you would need to use it often and you do not want to copy manually cookies etc.
Check if your Postman is able to interact with Interceptor, latest Linux snap v6.7.1 cannot!
Check: How do I access Chrome's cookies in Postman's Chrome App and: Interceptor extension
Upvotes: 0
Related Questions
- Request works from Postman but not from cURL
- GET request works in browser but not in POSTMAN or SOAPUI
- "Access denied | <url> used Cloudflare to restrict access" GET request Postman
- Postman getting response 400 Bad Request
- Postman Resolving "Invalid CORS request" for a POST Request
- Request working in curl but not in postman
- Works in curl (and Rested API Client) but not in Postman?
- http request work in postman but not in browser
- Forbidden error in post request when use postman, but not in curl
- Postman - 400 Bad Request