User Agent string causes HTTP 403 Forbidden

[cei...@gmail.com]

I'm writing a script that accesses Imgur through its API using the TCL http library. I've had success for the most part, up until I started receiving HTTP/1.1 403 Forbidden responses from http://api.imgur.com/oauth2/ when doing simple authcode/token exchanges. The script that did this had no problem before, and didn't undergo any significant changes, but suddenly started getting refused along with a random chunk of javascript/http data in the response body.

Through testing I determined the issue was the user-agent string, that is, these header values are unacceptable to the API:

GET /oauth2/authorize?client_id=(my id)&response_type=code&state=test HTTP/1.1
Host: api.imgur.com
User-Agent: Tcl http client package 2.7.10

But these are acceptable:

GET /oauth2/authorize?client_id=(my id)&response_type=code&state=test HTTP/1.1
Host: api.imgur.com
User-Agent: Why are you filtering me by agent string

Specifically "Tcl http client" is causing the HTTP 403 response. Is this due to keyword checks in Imgur's nginx config to prevent header injections, or are there user-agent strings that are avoided for some reason?

[Alan Schaaf]

We use CloudFlare for some basic security on the site. It looks like that's what was causing your requests to fail. It should be fixed now. Are you still seeing this error?