After moving a platform from an on premises development environment to a cloud staging area we are seeing “Sorry, your request was blocked by our automated security systems” (403) messages from the TFL APIs. This happens regardless of providing the authentication key or not.
Is anyone able to provide some information about what factors can lead to the TFL APIs providing 403 responses? I found a post about blank user-agent strings, but that is not the cause in this case.
Other than potentially the “not in the UK” part I can’t see that those will be the cause. The UA is already set (as mentioned); the app_id no longer applies and setting the key (or not) makes no difference.
In this case the resource is running in an Azure UK region; so unless TFL are blocking Azure resources (or are miscategorising the Azure IPs) I can’t see why this would be the cause.
Same error from my iPad using a Chrome browser and from my android phone using the app. I’m currently in the US and assume the TFL servers don’t like my IP’s origin, but will I be able to log in when I’m in London this week? Would like to check balances on our oyster cards.