Blank User Agents to be blocked on Unified API

HI everyone,

We’ve decided to block requests with no user agent set in the request headers from the 4th September.

This is for security purposes and if a blank user agent is provided, a 403 will be returned to the requestor.

You will need to ensure your applications specify a user agent if you still require use of the API after this date.

Please let me know if you have any questions.

Thanks,
James

1 Like

Hi @jamesevans I think you should allow more time particularly for devs using the unified api in their apps. Apps users are slow to update specially on Android and I can foresee bad ratings coming from users whose app suddenly stopped working. So please consider at least a couple of months or three for this kind of critical changes. Thank you.

@nakkore We would love to give a longer lead time but there is some urgency to get this change in place. I’ve contacted all the main transport apps that use our data and they are happy with the timeframe we’ve given them. Apologies to anyone else who is inconvenienced. We try our hardest to avoid changes that could break third party apps as we know our customers rely on them but in this instance we had no choice.

@jamesevans

For those of us who use the API as back-end processes, is there any particular thing you would like as a the user-interface parameter?

I think my personal default is to use User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Does using file_get_contents() and/or curl in PHP generates a “User-Agent” automatically?

Hi @briantist

As long as it’s populated, you should be OK. Sometimes we block particular user agents if there’s malicious or suspicious activity associated with it, but that’s quite rare.

In terms of PHP curls, I’m not sure what’s set at default, but you can specify the user agent in your curl command

Thanks
James

@jamesevans

Thanks. If there is no default User-Agent created by PHP, then I guess I’m going to have to contact MTR Crossrail and tell them their customer app is going to stop working…

Brian

@jamesevans

Sorry, I know someone is going to ask… is there a staging API server that we can use to test software against this change?

I’m not sure what will happen to existing code as I’m not expecting a 403 back, so didn’t code for it.