Receiving 403 Forbidden response when creating orders

This is very similar issue to these two:

• Seemingly random 403 Forbidden - #9 by jndrdlx
• createOrder - 403 Forbideen response - #2 by sh-agent

We’ve started receiving 403 suddenly today and despite retrying the order creation they still seem to fail. On the other hand, when I tried to create test order via Postman it worked just fine (using the same bearer token etc.).

The ApolloError we receive is (timestamp: 2025-03-19T12:36:31.346417Z).

"error": {
  "name": "ApolloError",
  "message": "Response not successful: Received status code 403",
  "graphQLErrors": [],
  "clientErrors": [],
  "protocolErrors": [],
  "networkError": {
    "statusCode": 403,
    "result": "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n</body>\r\n</html>\r\n",
    "response": {
      "url": "https://public-api.shiphero.com/graphql",
      "status": 403,
      "bodyUsed": true,
      "type": "basic",
      "redirected": false,
      "body": {
        "locked": true
      },
      "headers": {},
      "ok": false,
      "statusText": "Forbidden"
    },
    "name": "ServerError"
  }
}

We received about 10 more errors like this in the next 30 min.

The mutation we use:

mutation CreateOrderInShipHero(
    $order_number: String!
    $partner_order_id: String!
    $first_name: String!
    $last_name: String!
    $address1: String!
    $address2: String!
    $city: String!
    $zip: String!
    $country: String!
    $state: String!
    $email: String!
    $sku: String!
    $quantity: Int!
    $partner_line_item_id: String!
    $price: String!
  ) {
    order_create(
      data: {
        order_number: $order_number
        partner_order_id: $partner_order_id
        shipping_address: {
          first_name: $first_name
          last_name: $last_name
          address1: $address1
          address2: $address2
          city: $city
          zip: $zip
          country: $country
          state: $state
          email: $email
        }
        line_items: {
          sku: $sku
          quantity: $quantity
          partner_line_item_id: $partner_line_item_id
          price: $price
        }
        shipping_lines: {
          carrier: "cheapest"
          method: "Economy Domestic"
          title: "Manual Order Shipping Method"
          price: "0.00"
        }
      }
    ) {
      request_id
      complexity
      order {
        id
        legacy_id
        order_number
        partner_order_id
        shop_name
        fulfillment_status
        order_date
        created_at
        line_items {
          total_count
          edges {
            node {
              id
              legacy_id
              sku
              partner_line_item_id
              product_id
              product_name
              fulfillment_status
              warehouse
              quantity_allocated
              warehouse_id
              locked_to_warehouse_id
              created_at
              updated_at
              order_id
            }
            cursor
          }
        }
        shipping_address {
          first_name
          last_name
          company
          address1
          address2
          city
          state
          state_code
          zip
          country
          country_code
          email
          phone
        }
      }
    }
  }

User:486349
Account:84583
shop-name: ship-hero-api

Hi Dominik,

We are looking into this and will let you know soon what we find.

Thank you.

Hi Dominik,

Please Private message me the following so i can escalate to engineering.

The full Request body with the variables input, The Headders on the request, as well as the full response from our api.

Thank you

I think I need to gain more trust levels on discourse to be able to send DM.

On March 19 we observed several more cases of 403 error:

[
  "2025-03-19T22:03:40.729619Z",
  "2025-03-19T22:03:03.364857Z",
  "2025-03-19T22:02:51.337183Z",
  "2025-03-19T22:02:02.716069Z",
  "2025-03-19T22:01:52.093165Z",
  "2025-03-19T22:01:25.571880Z",
  "2025-03-19T21:57:51.458998Z",
  "2025-03-19T21:55:50.813876Z",
  "2025-03-19T21:55:40.205292Z",
  "2025-03-19T21:54:50.689492Z",
  "2025-03-19T21:54:40.152188Z",
  "2025-03-19T21:54:09.573276Z",
  "2025-03-19T21:51:39.512159Z",
  "2025-03-19T21:50:49.515594Z",
  "2025-03-19T21:49:38.908102Z",
  "2025-03-19T21:48:48.903114Z",
  "2025-03-19T21:48:38.303225Z",
  "2025-03-19T21:48:07.592912Z",
  "2025-03-19T21:47:41.384852Z",
  "2025-03-19T21:47:10.815603Z",
  "2025-03-19T13:41:20.374976Z",
  "2025-03-19T13:40:06.280923Z",
  "2025-03-19T13:09:19.701537Z",
  "2025-03-19T13:08:05.646096Z",
  "2025-03-19T12:53:19.051999Z",
  "2025-03-19T12:52:04.939279Z",
  "2025-03-19T12:45:18.119709Z",
  "2025-03-19T12:44:04.339326Z",
  "2025-03-19T12:41:17.465056Z",
  "2025-03-19T12:40:03.603071Z",
  "2025-03-19T12:39:16.832582Z",
  "2025-03-19T12:38:16.209775Z",
  "2025-03-19T12:38:02.997530Z",
  "2025-03-19T12:37:45.657444Z",
  "2025-03-19T12:37:02.416939Z",
  "2025-03-19T12:36:31.346417Z",
  "2025-03-17T15:06:21.385410Z",
  "2025-03-17T15:06:13.394792Z",
  "2025-03-17T15:06:04.580008Z",
  "2025-03-17T14:38:54.891868Z"
]

This is the payload of the last reuqest passed to ApolloClient using the mutation above

{
  "city": "redacted",
  "country": "US",
  "state": "CA",
  "email": "redacted@redacted.com",
  "address1": "P.o. Box redacted",
  "price": "0.00",
  "zip": "redacted",
  "partner_order_id": "f6c3ffc5-1e85-491f-8868-57d7e98aa619",
  "address2": "",
  "first_name": "redacted redacted",
  "sku": "redacted",
  "partner_line_item_id": "qGrMKufHtv4UWZa7H5oliANOcwQVC64GNITcVidqYAKbB",
  "quantity": 1,
  "order_number": "383546202",
  "last_name": ""
}

{
  "jsonPayload": {
    "error": {
      "networkError": {
        "statusCode": 403,
        "name": "ServerError",
        "result": "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n</body>\r\n</html>\r\n",
        "response": {
          "type": "basic",
          "body": {
            "locked": true
          },
          "status": 403,
          "bodyUsed": true,
          "statusText": "Forbidden",
          "ok": false,
          "redirected": false,
          "url": "https://public-api.shiphero.com/graphql",
          "headers": {}
        }
      },
      "cause": "[Circular]",
      "name": "ApolloError",
      "message": "Response not successful: Received status code 403",
      "protocolErrors": [],
      "clientErrors": [],
      "graphQLErrors": []
    },
    "message": "Error: Failed to create order"
  },

  "timestamp": "2025-03-19T22:03:40.729619Z",
  "severity": "ERROR"
}

I made a change to our logging to start tracking more details than just response. Will update my message once I see this again.

Thank you,

you should also be able to send the details to Support@shiphero.com

We haven’t seen this issue in few days now, I’ll share details if it happens again

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.