Keep getting 503 error when calling my server

I have a route that is using the owlbot-js package to get a definition from their API.

The route works when I call it from localhost, but when I try to call the same route from glitch I get a 503.

Sending requests to that route without calling owlbot seems to work
Route works on local host

Here’s the error:

“Error: Request failed with status code 503\n at createError (/app/node_modules/axios/lib/core/createError.js:16:15)\n at settle (/app/node_modules/axios/lib/core/settle.js:17:12)\n at IncomingMessage.handleStreamEnd (/app/node_modules/axios/lib/adapters/http.js:260:11)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)”

and the project:

I have some information. The idea of adding such functionality to my bot seemed interesting so I tried it. At the moment I get approximately the same results. It is working on localhost running from my PC but not on the Glitch-hosted version.

I don’t get a 503 but I get a parsing error. I was finally able to determine that I am not getting a JSON response but rather an entire web page. It may be related to node fetch, possibly CORS and may be solved using AXIOS. How’s that for a solution? In any case I’d rather not use AXIOS if I can find a solution. Are you using that owlbot.js helper? I’m not.

I suspect it may be something that Cloudflare is doing, part of their DDOS protection.

Yea, that could be it because cloudflare would recgonize the request is coming from an AWS server and present a challenge to verify you’re a human. This should not be happening because apis are meant to be usable without any actual user interaction. The ideal solution would be to always allow traffic on the api but this effectively degrades the ddos protection. Another idea would be some way to detect the captcha and somehow forward the captcha challenge to your own page for solving.
Maybe glitch has a bad reputation with cloudflare after the various discord ip bans.

I’ve mentioned the problem in the source repo. Cloudflare is going to intercept things early of course but the API requires a token so letting the call through would be a good thing. The site isn’t going to be the subject of a DDoS attack

Given that it is an API intent upon returning the definition of words in a library I don’t think making it a two part request “for certain servers” would work very well. And if the point is to find out if something is a bot the answer is “yes” that’s how it is used.

Good news… There are alternatives and at least the one I just tested works.

There are API lists but they include:

https://www.wordsapi.com
https://dictionaryapi.dev

I tried dicitonaryapi which doesn’t require registration or a token. A bit harder to parse because it returns so much data but manageable. I will no doubt switch over to one of these after I check them out.