Chess.com API returns 403, blocked by Cloudflare.

Hi, I'm trying to make a chess leaderboard of our school students and therefore trying to integrate the Chess.com public API from a backend running on a DigitalOcean droplet.

However, when I `curl -v` from my server I get the error `You are unable to access</span> chess.com` with a Cloudflare Ray ID of 952091e50a80fd7c.

I think the IP is getting blocked by Cloudflare, is there a way to prevent this happening?

are you using a user agent with your calls?

You can't use Digital Ocean. The provider is blocked

It's a pity that the response to an endpoint request doesn't contain more information, especially when it fails and the reason isn't at all obvious?

"403" usually indicates that access is forbidden but that may be for various reasons. Is it not possible to include additional information such as when a provider like Digital Ocean is blocked by the site?

As a matter of interest, why is Digital Ocean blocked at all? Are we allowed to know?

My understanding is too much malicious traffic from their hosting.

When the 403 is coming from Cloudflare, it's going to be because of something more problematic (such as malicious traffic). I'm not sure the site has any control on the messaging given by that.

That seems a good reason but is there no way of informing users of why they're receiving "403"?

Since we live in 'the information age', might we be given more information please? 😉

I'm not familiar with how Cloudflare does that or if it's possible to add additional information to the 403 return headers but my guess is that's not something that would be done, even if possible.

Hey! That definitely sounds like a Cloudflare block—Chess.com (like many large sites) uses Cloudflare to filter out bots and suspicious traffic, and DigitalOcean IPs can sometimes get flagged automatically, especially if the droplet’s IP was previously used for scraping or abuse.

Here are a few things you can try:

1. Set a custom User-Agent header in your requests (Cloudflare often blocks requests with missing or default user-agents).

   bash

   CopyEdit

   curl -A "MySchoolChessBot/1.0 Contact: your@email,com" https://api.chess.com/pub/player/{username}

2. Avoid using curl alone for repeated requests—use a proper HTTP client with retry/backoff and headers if you're doing anything at scale.

3. Consider using a proxy or rotating IPs if the block persists.

4. Contact Chess.com support via developers@chess.com and explain your educational project. They’ve been supportive of school/club use cases in the past and might be able to whitelist your droplet IP.

My understanding is that Digital Ocean is completely blocked at the Cloudflare level.

This is very sad. I'll try emailing chess.com support, thanks for the help!

hi guys, i tried some stuff.

sadly setting the user agent(to 'username: infochess1, email: infopcgood@') as given in the forums did not work.

In more detail, this is the TypeScript code snippet that I am using:

const response = await <ChessComGameList>(`https://api.chess.com/pub/player/${chessUser.chess_com_id}}/games/${new Date().getFullYear()}/${new Date().getMonth()}`, {headers: {"User-Agent": "username: infochess1, email: infopcgood@"}})

But are you still using Digital Ocean? If you want to access the API you need to use some other means.

Does anyone have experience with a reputable proxy he can use that is not blocked by Cloudflare?

@AlAlper, if a user is being hosted on Digital Ocean how would a proxy help to avoid the problem of blocked access? I use the site as an ordinary retail user/client so I'm not clear how access from another platform such as Digital Ocean works.

A proxy will change the IP so it will not have the Digital Ocean IP. But I do not know if Cloudflare will block the proxy IP. And, I am not sure it will work at all. It depends on how Cloudflare detects DigitalOcean.

✅ Step 1: Create Your DigitalOcean Droplet

1. Use Ubuntu (or any Linux distro).

2. Open ports: 22 (SSH), and a proxy port like 1080 (SOCKS5) or 3128 (HTTP).

✅ Step 2: Set Up the Proxy

🟦 Option A: Lightweight SOCKS5 Proxy via SSH

No need to install anything on the droplet.

On your local machine, run:

• -D 1080: Opens a SOCKS5 proxy on localhost:1080

• This masks your IP for any app that supports SOCKS5 (like Firefox, curl with proxychains, or Selenium with socks5://)

🟦 Option B: Install Squid Proxy (HTTP)

SSH into your droplet:

Edit the config file:

Change or add:

Then restart:

✅ Step 3: Use the Proxy Locally

🟨 Python Example

🟨 Browser (Firefox example)

In Firefox:

• Settings → Network Settings → Manual proxy config

• Set SOCKS5 proxy to 127.0.0.1 port 1080

✅ Optional: Use with Selenium

For SOCKS5 via SSH tunnel:

🔐 Pro Tips:

• Add UFW firewall rules on the droplet to limit access to your IP.

• Use htpasswd or SSH key auth to protect the proxy.

• Avoid open proxies — they’re abused and get blacklisted fast.

So similar to using a VPN to disguise the originator IP?

Yes, you are going through the proxy server so it uses the proxy servers IP address. It is not as robust as a tunnel. It is only for web browser port 80 traffic.

I've never been involved in that level of detail but let's hope it's been of some use to the OP?