Hi: wondering if an AWS technical support could look into this to determine why the request is coming back FORBIDDEN ... two requestId's below to compare ...
Request Header (identical for both requests)
OPTIONS https://api.flybreeze.com/production/nav/api/nsk/v1/token HTTP/1.1
Host: api.flybreeze.com
Connection: keep-alive
Accept: /
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.flybreeze.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.51
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.flybreeze.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
FORBIDDEN Response Header
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Date: Thu, 30 Mar 2023 18:51:50 GMT
x-amzn-RequestId: 7bb21b87-6ecd-4dc1-8e07-bef8e7172d71
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Platform
x-amzn-ErrorType: ForbiddenException
x-amz-apigw-id: Cm8LHG-koAMFlBA=
Access-Control-Allow-Methods: OPTIONS,POST
X-Cache: Error from cloudfront
Via: 1.1 9a63a58e298bfb2c58157beda1f6de12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DEN52-P1
X-Amz-Cf-Id: Wixm-reIOJukfeov0CcZmEfAy7e1ASejSVj6kmCbqe-BRZyqnUNoYQ==
Response Message
{"message":"Forbidden"}
Below is a successful Response Header. Only difference is the ISP. The forbidden call was using fiber.net (host-145.arcadia-srv-216-83-134.fiber.net). The successful call was from the same web browser on the same machine, but tethered to T-Mobile hotspot.
Why would AWS block one request but not the other based on the ISP?
SUCCESSFUL Response Header
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Date: Thu, 30 Mar 2023 16:54:08 GMT
x-amzn-RequestId: e1e7b624-dc5b-43d1-bfcd-434ee36bd580
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: Cmq7qH32IAMFodw=
Access-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
X-Cache: Miss from cloudfront
Via: 1.1 0c32860274691581031a51698ea82be8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX53-P4
X-Amz-Cf-Id: UlBl6kMeG-q_hD9J_9u9tqeWJOywEwNrtYcPSuQSQKJs3RiuRXApPA==
Response Message:
{null}