WAVE API TEAM THREAD - Authorization issues (403 returned at Cloudflare)

PaulCPaulC Member Posts: 184 ✭✭✭

Issue:

A number of Wave integration users have been reporting issues receiving an Authorization token, being blocked instead with a 403 response from Cloudflare.

Cause:

All Wave systems are protected by multiple layers of security, and one of these is filtering at Cloudflare.

Beginning this week, we have been seeing elevated levels of “false positives”, with legitimate integration users being flagged/blocked as potentially malicious bot traffic. Not all integrations are impacted, and as yet we have not determined what is causing some to be blocked and not others.

Wave Actions:

Our API engineering and information security teams are currently pursuing two avenues to seek a resolution:

  1. Tuning and optimization of our protections at Cloudflare to reduce false positives while retaining the necessary security benefits, and
  2. Investigating alternative and additional security layers that would provide equivalent or greater protections if we greatly reduce or eliminate our Cloudflare filtering.

Time Horizon:

Our API systems team is working on this issue as a priority, however due to the discovery-led nature of the work, we do not currently have a projected resolution date.

Progress / Status Updates

We do understand the challenges and inconvenience that this issue is calling, and apologize if your integration is one that is being impacted.

We will post regular progress / status updates to this thread. Please bookmark and check back regularly.

Comments

  • VOICEOVERVIEWVOICEOVERVIEW Member Posts: 5

    Thank you. I've alerted my team to this new thread.

  • Ottawa_MikeOttawa_Mike Member Posts: 3

    This is promising. Thank you for the transparency. Our domains use Cloudflare, should we move them off CF? Will that help?

  • PaulCPaulC Member Posts: 184 ✭✭✭

    There is no indication that using Cloudflare contributes to triggering a false-positive @Ottawa_Mike. I would not suggest making such changes.

  • VOICEOVERVIEWVOICEOVERVIEW Member Posts: 5

    @PaulC would you be willing to give a twice weekly update? I have more than 100 platform subscribers who are affected by this outage and I would like to provide them with updates so that they know we are working on it.

    @samyak, please feel free to add comments here if needed.

  • samyaksamyak Member Posts: 5

    hi @PaulC, 4 days ago i forwarded issue that you are having while connecting waveapps with our application. i am yet to receive response about it. i know you said that your team is working, if in case waveapps api changes. we would like to receive an update about it as well.

  • PaulCPaulC Member Posts: 184 ✭✭✭

    @samyak Please review your DMs, and please let me know if you are continuing to see issues. Thanks.

  • VOICEOVERVIEWVOICEOVERVIEW Member Posts: 5

    @PaulC - Thank you for your assistance! We are back up and running with our Waveapps integration. We appreciate your attention to this issue.

  • jakekohjakekoh Member Posts: 1
    My site is still experiencing the issue.
Sign In or Register to comment.