Nkn-sdk-js 403 failure https://mainnet-rpc-node-0001.nkn.org/mainnet/api/wallet

nkn-sdk-js API calls failure due to cloudflare asking for a Captcha

It is API calls not visible to my users so no way to ask them to enter a captcha . Probably thousands clients will fail on this without knowing why it fails.

Is there alternative endpoints I can use that don’t have those Cloudflare restrictions?


Are you sure this is not client side? Cloudflare should not be involved here for those end points as far as I’m aware, that would be the opposite of decentralisation.


for me, mainnet-rpc-node-0001.nkn.org resolves to a Cloudflare IP

mainnet-rpc-node-0001.nkn.org is using CF to provide https certificate. We don’t set up any security challenge on CF, it’s just the default CF security mechanism. Basically CF thinks your IP address might be an attacker, that’s why you are seeing this challenge.

This is very rare, we didn’t see any single challenge on all client side or our server side. What IP address are you using the sdk, is it a VPS IP?

Basically if you are calling this from client side, the CF challenge should never show up unless CF is having a false alarm. If you are calling this from server side, you should not need https at all, in which case you can use http://seed.nkn.org:30003 as seed node so CF is not involved. The (probably only) reason to use mainnet-rpc-node-0001.nkn.org is to prevent browser blocking in https context.

Well, if Cloudflare is to consider even 1% of my customers as “attacker” it means I will get 100 messages in my helpdesk every day telling me that my app is not reliable.
I need to call it client-side JS with 100% reliability

Tested IP is Tor Exit Node. I think your API should support Tor Exit Nodes.

Can I expect a fix short-term? It’s blocking dev for us.


This should have been fixed now. Could you please try again and see if the problem persists?

problem still persists.

It still resolves to a CF IP, is it the desired behavior?

Yes, the IP should still be CF, but we have adjusted CF settings to turn off captcha on this domain.

It works now.

Did you find the solution or I’m temporarily lucky?

We changed the CF settings, so it should be a long term solution.

1 Like

job well done brother