I am trying to call the api from a Flutter app but getting 403 error response. However the same url when called through a testing tool works fine and returns 200 response code.
https://reqbin.com/wh2atkav is the online tool request.
As for the app, I am showing the headers below.
Then the one I sent in the app which I got from Flutter dev tools.
Request Headers
user-agent: [Dart/3.8 (dart:io)]
accept-encoding: [gzip]
content-length: [0]
host: [photon.komoot.io]
Which api? Are you tring to use Komoot geocoding server?
You should podobały check Komoot usage policy and whether they allow random apps to use their Photon server. I bet that answer is no.
Well how is iti allowing to call api through the site? Is it trusted somehow? You can check the url in link.
Also, if I can’t call it with a under development app then how to test it and built the app based on the api?
From GitHub - komoot/photon: an open source geocoder for openstreetmap data
Maybe the calls from your app did count as “Extensive usage” and your app was banned because of that.
Set up your own photon server.
Edit: Another important point.
Maybe you’re trying a structured query, see GitHub - komoot/photon: an open source geocoder for openstreetmap data
Emphasis by me.
First of all, before you even consider using the Photon demo API, check your code and make a calculation how often the API is called from a single client and how many installations of your app you anticipate. Multiply the two values. If you end up with more than 1 request/s, you will need to run your own instance of Photon instead of using the demo server.
With that out of the way: please use a user agent that identifies your application clearly. The user agent is well chosen if one can paste it into google and end up at the website of your app (which should then describe a means to get in touch with you). Once you do that, you should be able to use the API.
Is it also fine if user agent itself includes contact info like an email?
I only call it once and print the url everytime it gets called.
I also checked now, the api call works when I call it while the app is running in a web browser as a site. It only gives me 403 error when the app is deployed on my phone.
I don’t think I have anything setup to define those things for the app yet. I can later but just when the development has started and checking the app api connection is also hindered.
Reading @lonvia’s post you should do this now, not later.
Just checked, the http package inn Flutter prepares these headers and the below headers were in my request and there is user agent present too.
Request Headers
user-agent: [Dart/3.8 (dart:io)]
accept-encoding: [gzip]
content-length: [0]
host: [photon.komoot.io]
this user agent fails to identify your specific app
please fix it before anything else
But did anything change few days ago? It used to work a few days ago on android too.
if you are not willing to do bare minimum of following quite clear guidelines and setting user agent that identifies you, and you are not paying for support, why you expect others to provide support for you?
We do not give guarantees for availability and reserve the right to implement changes without notice.
note: I am not maintainer of support or having any role in Photon or Komoot. Maybe once I made a PR with a typo fix.
Yes, if it is an email which actually gets a response. You wouldn’t believe how many user agents have an email that starts with example@…
To be fair here: the chance that clients gets contacted before they are blocked is very, very low. For one thing that is because the number of apps bombarding the geocoding APIs carelessly with lots of requests is just to high to make that scalable. For another thing, the success rate in getting a response when actually trying to make contact has been so disappointingly low that it is really not worth the time.
A well customized user agent mostly helps against becoming collateral damage when other apps need to be blocked. Which is exactly the issue of the original poster here.
oh, I am aware, and it is what I accept if I use public free server (that also typically explicitly notes that there is no promise whatsoever of uptime, continued service or anything else)
in case of OSM services I have faint hope of getting recognized and getting notified if I bungle retry attempts or made something similarly silly
but I rely primarily on occasionally checking logs whether my code did 1500 identical queries in row for some reason - and sometimes you may even get other benefits like how posting How to distinguish Nominatim failing in general and Nominatim failing to process queries with Japanese/Chinese characters? resulted in a bugfix (thanks!)