CAPTCHA request from Cloudflare is blocking API calls

nigelk

Upon being notified of an order creation (via webhook), I'm updating the order to insert a memo. This has been working for months until lately where the response my code is getting is a CAPTCHA request from Cloudflare.

My assumption is that Cloudflare is seeing repeated requests from the same IP and has decided to intercede with a CAPTCHA to prevent bots. APIs are not meant to be accessed by humans, so obviously this is a problem.

LucienVersendaal

Hi @nigelk,

I talked to one of our devops guys and he was telling me that the security Level uses the IP reputation of a visitor to decide whether to present a Captcha challenge page. Once the visitor enters the correct Captcha, they receive the appropriate website resources. IP Reputation is collected from Project Honeypot.

Also check https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level if the IP of your server changed recently, it might the reason.

Petr Vosecký

The solution is easy: Stop using CloudFlare. They brag about number of "malicious" requests blocked where in reality they are blocking a lot of legitimate users. Just because someone makes a bit more requests than they think is "normal". They also block most of Tor traffic. Useless service and people even pay for it, sad.