403 access denied error with Node.js fetch on external API

Question

I've deployed my Node.js Koa API app on Heroku. I'm making a call to a USAJOB.gov API and it works on my localhost. However, on Heroku I get this error:

You don't have permission to access "http://data.usajobs.gov/$(SERVE_403)/api/search?" on this server.

Here is my Koa router snippet:

router.get('/jobs', async (ctx) => {
  const { keyword, location } = ctx.query;
  const url = `https://data.usajobs.gov/api/search? 
    Keyword=${keyword}&LocationName=${location}`;
  const host = 'data.usajobs.gov';
  const userAgent = '<redacted>';
  const authKey = '<redacted>';
  const headers = {
    Host: host,
    'User-Agent': userAgent,
    'Authorization-Key': authKey,
  };

  await fetch(url, {
  headers,
  method: 'GET',
  });
}

Uy Hoang · Answer 1 · 2020-02-27T04:42:52.803

2

So it turns out that whether or not cross-site Access-Control requests should be made using credentials was what was the issue. I wasn't able to figure out how to configure that with node-fetch but once I read the the solution (link below), switched to axios, configured withCredentials: true, and added headers: { 'X-Requested-With': 'XMLHttpRequest' }, then it all worked.

Source: axios delete method gives 403

edited Feb 27 '20 at 04:42

answered Jan 22 '20 at 03:25

Uy Hoang

191
1
3
8

On node-fetch you need `credentials: 'include' ` instead of `withCredentials: true` – Álvaro Oct 13 '20 at 15:29

403 access denied error with Node.js fetch on external API

1 Answers1