node-toogoodtogo-watcher: Error 403 on POST https://apptoogoodtogo.com/api/auth/v3/token/refresh

I am experiencing the following 403 error:

Error during request:
POST https://apptoogoodtogo.com/api/auth/v3/token/refresh
{
    "refresh_token": "[removed]"
}

HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> (/usr/lib/node_modules/toogoodtogo-watcher/node_modules/got/dist/source/as-promise/index.js:118:42)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

No known fix yet.

Will update this post if I find a solution.

About this issue

Original URL
State: closed
Created a year ago
Comments: 35 (10 by maintainers)

Commits related to this issue

Fix for 403 errors on refresh When I started getting 403 errors on refresh requests, around the end of January, I made this change based on ahivert/tgtg-python@eec42aa84f686aaa3c19146f1bdd5271e5fa1d7... — committed to PileOfJunkMail/node-toogoodtogo-watcher by PileOfJunkMail a year ago

Most upvoted comments

I am experiencing the following 403 error:
Error during request:
POST https://apptoogoodtogo.com/api/auth/v3/token/refresh
{
    "refresh_token": "[removed]"
}

HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> (/usr/lib/node_modules/toogoodtogo-watcher/node_modules/got/dist/source/as-promise/index.js:118:42)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
No known fix yet. Will update this post if I find a solution.
This should be the datadome cookie issue, as far as I can see, since it is the same error message also in here #201 Since adding this fix, I don’t get this error anymore.
Check, me too.
Have you been able to fix it? https://apptoogoodtogo.com/api/auth/v3/token/refresh always gives me 405 no matter if I try it over VPN.

The 405 response code indicates that the http method you used is not allowed by this endpoint. If you paste the given URL into your browser and open it, it will send a GET request which get’s denied, because the endpoint only supports POST requests. This shouldn’t be an issue though, the datadome cookie still gets set.

Edit: in Chromium based browsers you can find it in the dev tools (F12) under application > cookies

basti1499 on Feb 15, 2023

Few points:

Be sure to remove the custom Cookie header, if you configured any.

Do not run the application in the cloud. Cloud are blocked.

It is always possible that your personal IP gets blocked (usually temporarily).

Do not run multiple instances of the application, or make the polling interval more frequent (only possible by actually adjusting the code), because you will get blocked.

Updated to version 4.0.3 and removed Cookie header from config but still getting 403 error due to datadome cookie. Does this mean my personal IP address got blocked by TGTG?

AndreaVida on Mar 27, 2023

Few points:

Be sure to remove the custom Cookie header, if you configured any.
Do not run the application in the cloud. Cloud are blocked.
It is always possible that your personal IP gets blocked (usually temporarily).
Do not run multiple instances of the application, or make the polling interval more frequent (only possible by actually adjusting the code), because you will get blocked.

marklagendijk on Mar 15, 2023

Used last version, removed headers (cookie), starting new login (via telegram and node):

Something went wrong “HTTPError: Response code 403 (Forbidden) at Request.<anonymous> (file:///home/node/app/node_modules/got/dist/source/as-promise/index.js:86:42)\n at Object.onceWrapper (node:events:628:26)\n at Request.emit (node:events:525:35)\n at Request._onResponseBase (file:///home/node/app/node_modules/got/dist/source/core/index.js:726:22)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async Request._onResponse (file:///home/node/app/node_modules/got/dist/source/core/index.js:765:13)”

Is the body correct (email is not displayed) in output: body: ‘{“device_type”:“IOS”,“email”:“Email of your TooGoodToGo account.”}’,

TobiasCurth on Mar 1, 2023

I released a new version 3.10.0 that hopefully fixes this issue. Based on the above it seems that the following happens:

The request gets denied because of a missing cookie, but this cookie is set via the error response.

By manually adding the cookie subsequent requests actually work.

Now we already have support for cookies via a cookieJar, so the only thing missing should be retrying a request after a failure, because the next request should have the cookie.

I did this by configuring retries, and it seems to work. Please let me know whether this works for you.

I updated to 3.10.0 and I don’t get any error message anymore, but I also don’t get any other message. Will try again this evening.

I started with a fresh installation, anything else to do than regular installation (and adding the cookie to the header)? It feels like the bot isn’t sending any API calls, atleast I couldn’t find it in the network traffic. Is it possible to enable some more verbose output for debugging?

basti1499 on Feb 19, 2023

I am experiencing the following 403 error:

Error during request:
POST https://apptoogoodtogo.com/api/auth/v3/token/refresh
{
    "refresh_token": "[removed]"
}

HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> (/usr/lib/node_modules/toogoodtogo-watcher/node_modules/got/dist/source/as-promise/index.js:118:42)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

No known fix yet.

Will update this post if I find a solution.

This should be the datadome cookie issue, as far as I can see, since it is the same error message also in here

https://github.com/marklagendijk/node-toogoodtogo-watcher/issues/201

Since adding this fix, I don’t get this error anymore.

c0lumb0 on Feb 14, 2023