Hi!
So I’m trying to call the URL https://a.klaviyo.com/api/metrics in the API, and since yesterday, I’m getting blocked by Klaviyo and I receive these errors:
Is there a way I could authenticate my calls so that I’m not blocked by Klaviyo? I’ve been calling the API for a few years now without problems, it all began yesterday.
Thank you!
--Marie
To prevent this issue, I recommend implementing rate limiting in accordance with the guidelines outlined here:
https://developers.klaviyo.com/en/docs/rate_limits_and_error_handling#rate-limits
In the meantime contact support as outlined here to get yourself unblocked.
Hi
I can see that your team has submitted a support ticket - which is what I was going to suggest so they could take a deeper look at this!
If you are provided a solution, please don’t hesitate to share that here so others that experience this in the future can reference this post! :)
Ok, so we found the problem!
Our request server is on Azure and we use a reverse proxy as our rate limiting system. The request between Azure and our rate limiting system contains the header X-Original-URL, which is violating this CVE (this bit of information was given to us by Klaviyo’s support team). This header was also transferred to our request to Klaviyo’s API. However, Klaviyo’s API Cloudflare layer blocks calls which contains the header X-Original-URL, so all our calls were blocked.
To solve the problem, we removed this header in our request to Klaviyo’s API and it looks like it’s working!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.