API Requests Blocked by Cloudflare

lwd · 3 October 2025 09:46

Hi,

I’m developing a C# server-side application to integrate with the FreeAgent API.

My goal is to programmatically refresh an OAuth2 token by making a POST request to the /v2/token_endpoint. This was working for over a year and earlier this week it suddenly stopped working. This was my code I used previously:

    static void Authenticate()
    {
        try
        {
            var client = new RestClient(base_url);
            var request = new RestRequest("v2/token_endpoint", Method.Post);
            request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
            request.AddParameter("grant_type", "refresh_token");
            request.AddParameter("client_id", api_key);
            request.AddParameter("client_secret", api_secret);
            request.AddParameter("refresh_token", refresh_token);
            var response = client.Execute(request);
            if (response.IsSuccessful)
            {
                FreeAgentAuthResponse free_response = JsonConvert.DeserializeObject<FreeAgentAuthResponse>(response.Content);
                access_token = free_response.access_token;
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }
    }

However, all my requests are being blocked by a Cloudflare JavaScript challenge. Because my application is a backend service and not a browser, it cannot solve this challenge, so I never reach the API endpoint anymore.

I have already tried the standard workarounds, such as setting browser-like User-Agent and Accept headers, but the block persists. Using a browser automation tool like Selenium is not a stable solution for a production environment. Something has obviously changed that I need to address in my code, possibly around User-Agent headers etc??

Could you please advise on the correct and officially supported method for a server-side application to communicate with the API without being blocked by the Cloudflare firewall?

Thanks for your help.

lwd · 6 October 2025 09:36

Can anyone help me with this? It could have something to do with this https://support.freeagent.com/hc/en-gb/articles/360002125180-Preventing-fraud as this is part of the html redirect document I receive when trying to authenticate.

This is affecting our integrated application to a very large scale now and affecting operations within our business.

Could someone please kindly assist or point me in the right direction as we cannot do another business day without our application not working.

Carly_O · 6 October 2025 16:09

Hi there,

Thank you for the detailed post explaining the issue. While our Support team is the quickest route for urgent matters (we don’t recommend posting them here in the forum) I will escalate this in Engineering as I appreciate this is impacting your operations.

I will be in touch with our next steps/ plan of action tomorrow.

Thank you,

Carly

Engineer - FreeAgent

lwd · 7 October 2025 10:51

Thank you Carly. Hopefully I can get some assistance soon.

Carly_O · 7 October 2025 10:53

Hey there- sure thing, I have sent you a DM detailing our next steps/action taken this morning.

Thanks!

lwd · 9 October 2025 11:26

Hi Carly,

Is there any news from the Security Team? This is getting really difficult for us to operate and causing bottlenecks in our service delivery.

Please kindly let me know if they are processing this request at least.

Carly_O · 9 October 2025 11:39

Hey there, yes it should now be functioning as of this morning.

Looking at our request logs, you should no longer be being blocked.

Thank you!

lwd · 9 October 2025 11:46

Thank you so much Carly. You have been tremendous throughout.

I appreciate everything you have done.