Error 403 in member profile

Martin, there is a CHANGELOG forum in this group. The last staff entry was 2018

https://www.chess.com/clubs/forum/view/changelog?quote_id=38636044&page=2#comment-38636044

The level of communication to users about changes is appalling.

Thanks for the update but we finally arrived at that conclusion between ourselves.

I've learned something useful about the way Python handles function arguments because the one I was using for passing the 'headers' data has instead been used by Python requests as the 'params' argument but I'd never realised this because it worked correctly.

In any function it seems that once all expected positional arguments have been assigned to their respective parameters, any additional ones are assigned to any additional keyword parameters. So call the function test(username, email=None) with test('stephen_33', 'my_email') and 'my_email' is assigned to email.

For years I've assumed it had to be of the form email='my_email' and anything else would raise an error. Live and learn!

If this was a vote of confidence on the way the site informs members about changes, then I'd be happy to second it. But I sense that the staff members who supervise this developers' club are not being informed of changes themselves.

Martin, is that about it?

I can't speak to the the reason changes made aren't communicated in that forum anymore but in this particular case, it wasn't a change in the API

In this particular case, it was a systems load issue and blocking was done upstream of the API endpoints.

I was aware of an issue but when I saw that it hadn't been determined it was due to the API endpoints and I didn't see later comments with that identification and resolution until this morning in answer to my query about the API.

Thanks for the clarification Martin.

"it was a systems load issue and blocking was done upstream of the API endpoints"

That's intriguing but I assume it means this wasn't due to someone deliberately changing a setting in the site's software that required a personalised user-agent string to be supplied from now on?

Rather, that when the servers suffer greatest demand and certain requests have to be kicked back, those with missing/generic-default or defective user-agents, are the easiest to start with.

There were some external processes that were utilizing excessive resources. My understanding, being the weekend, the quickest way to get that back to normal was blocking the default User-Agent for Python in this case and will likely change to something more targeted later.

Don't know if the scripts in question had User-Agent strings with appropriate contact information or not. I think in this particular case, IP blocking might not have been an option either, even if contact information was available.

Well I've worked out why my requests were being rejected and I've fixed that although why so many others were having the same problem is an open question.

"There were some external processes that were utilizing excessive resources" - I suppose when a resource is made public it's not that easy knowing who's out there scraping the site's data.

Might making the API accessible to site members only help to avoid this kind of incident in the future?

The whole intention of the Public API is that it's data available to unauthenticated users. Requiring something like oAuth probably would make it easier to handle mis-behaving scripts. I would imagine that's not very likely, though I could be wrong.

To pass a user agent you need to make a header variable for it.

url = "https://api.chess.com/pub/player/erik/stats"

headers = {
'User-Agent': 'hello@bye.com'
}

response = requests.get(url, headers=headers)

data = response.json()

print(data)

This should solve 403 python troubles

Ah I've just read that everyone has already found solutions. Funny thing is you don't even need to use an email (although recommended). Even a user-agent like "hello" solves the 403. I wish things like this were communicated to us though so we don't go into panick mode when everything stops working

https://www.chess.com/announcements/view/breaking-change-user-agent-contact-info-required

You mean like that?

The problem is this change was inconsistent to what was working. You can see many people that encountered the issue last night. There needs to be consistency, especially if an announcement is made, there was no change applied. From what I can tell, many users in this thread were not getting 403s even when never passing a user-agent

I think most people are passing a User-Agent string, even if it's normally the default for the code their using. In this particular case, the default Python string had to be blocked emergently and when updating the code with settings per Python documentation, it started working correctly.

Martin, it would have looked so much better if you or another member of staff had been able to identify exactly what the problem was and been able to provide a solution much more quickly than you did.

By the time you'd managed to find out why we were being blocked from the API we'd already managed to work out our own solution and had fixed it, by ourselves!

It's this being left completely in the dark that frustrates many members.

Seriously Martin. The ONLY reason that was published, after the event, was because of the number of complaints from users who suddenly found there access was blocked. And the spec for the API still indicates it's optional and the changelog doesn't record the implementation.

You can not be telling us that communication about changes affecting users is good.

Sorry, I sleep sometimes so can't be in at all hours. I asked about it in the evening US time on the 27th and found out what the issue waa on the morning of the 28th.

There has been an issue on the 27th, earlier in the day, but I hadn't followed the whole discussion, and didn't see that it was related to the API at that time.

That said, staff that made the change, isn't involved with the club or API in general and staff that are, weren't aware until early in the 28th either. I replied here as soon as I was aware if what it was and I also let staff know about this touch and the resolution that was found by members here.

That was posted two months ago. 🤨

Yes, after the previous time the user agent functionality changed from optional to compulsory and it was only published because people complained that there had been no advanced notice.