WAVE API TEAM THREAD - Authorization issues (403 returned at Cloudflare)
UPDATE - MARCH 4th, 2022:
Wave's engineering team has validated alternative security layers and is implementing changes that will shortly allow us to remove the Cloudflare protections that have been the source of 403 responses experienced by many API users.
We expect that these changes will be implemented no later than Monday, March 14th, and will restore normal service for all API users.
We apologize for the sustained interruption that many have experienced.
**ORIGINAL POST **
A number of Wave integration users have been reporting issues receiving an Authorization token, being blocked instead with a 403 response from Cloudflare.
All Wave systems are protected by multiple layers of security, and one of these is filtering at Cloudflare.
Beginning this week, we have been seeing elevated levels of “false positives”, with legitimate integration users being flagged/blocked as potentially malicious bot traffic. Not all integrations are impacted, and as yet we have not determined what is causing some to be blocked and not others.
Our API engineering and information security teams are currently pursuing two avenues to seek a resolution:
- Tuning and optimization of our protections at Cloudflare to reduce false positives while retaining the necessary security benefits, and
- Investigating alternative and additional security layers that would provide equivalent or greater protections if we greatly reduce or eliminate our Cloudflare filtering.
Our API systems team is working on this issue as a priority, however due to the discovery-led nature of the work, we do not currently have a projected resolution date.
Progress / Status Updates
We do understand the challenges and inconvenience that this issue is calling, and apologize if your integration is one that is being impacted.
We will post regular progress / status updates to this thread. Please bookmark and check back regularly.