403 errors from Avalara validating address

[LiteWait]

This code has been working for 2 years, but seems Avalara changed something in their APIs. Since the _request method (whether you are providing a GET or POST) always adds a request body (aka: 'data') this causes Avalara to throw a 403 error on GETs. Simple fix is to not provide 'data' on get.

def _request(self, http_method, stem, data={}, params={}):
      url = '%s/%s' % (self.url, stem)
      data = json.dumps(data)
      # getting rid of control characters
      # that JSON will error out on
      data = data.replace('\\r', ' ')
      data = data.replace('\\t', ' ')
      data = data.replace('\\n', ' ')
      kwargs = {
          'params': params,
          'data': data,    REMOVE THIS AND THE 403 GOES AWAY
          'headers': self.headers,
          'auth': (self.username, self.password),
          'proxies': self.proxies,
          'timeout': self.timeout
      }

Please advise.

[jobelenus]

LiteWait, generally HTTP 403 responses are because of bad permissions/lack of permissions at the URI. Can you share an actual request with params where its giving you a 403 so I can confirm the problem?

[LiteWait]

Simple example demonstrating the problem. I mimic'd the code from base.py _request() method that gets a 403 as well. This code should give you a 403, till you comment out the empty json object in the request body. import requests url = 'https://development.avalara.net/1.0/address/validate' kwargs = { 'headers': None, 'params': { 'PostalCode': '78746-5150', 'Region': 'TX', 'City': 'Austin', 'Line1': '700 Las Cimas Parkway', 'Country': 'US', 'Line2': ''}, 'data': '{}', # Remove this, it works. Avalara must be freaking on HTTP GET with request body now! 'auth': ('XXXXXXXXXX', 'XXXXXXXXXXXXXXXX'), 'timeout': 10.0, 'proxies': {} } resp = requests.get(url, **kwargs) print('RESPONSE {0}:\n{1}'.format(resp.status_code, resp.text))

…

On Wed, Sep 27, 2017 at 3:03 PM, John Obelenus ***@***.***> wrote: LiteWait, generally HTTP 403 responses are because of bad permissions/lack of permissions at the URI. Can you share an actual request with params where its giving you a 403 so I can confirm the problem? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#14 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA207Qk3Avbc9ghWIlqdXwjvMDoRX3-Cks5smpwOgaJpZM4Pl1G6> .

[jobelenus]

OK, I can confirm. Will put out a fix in a minute

[jobelenus]

New release and tag, 1.3.9.

[LiteWait]

Looks good. Thanks.

…

On Wed, Sep 27, 2017 at 3:39 PM, John Obelenus ***@***.***> wrote: Closed #14 <#14> via 70b05b2 <70b05b2> . — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#14 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA207aQHSZUYZ4UCg3Akh8mh6PHLOM9aks5smqR6gaJpZM4Pl1G6> .