That’s a Cloudflare CAPTCHA challenge page. It’s…really not useful on an API endpoint. Perhaps that’s configurable with your Cloudflare setup?

/@JeremyCherfas

Edit: Or not. Cloudflare sometimes challenges or blocks before consulting the site-level config:

Requests containing certain attack patterns in the User-Agent field are checked before being processed by the general firewall pipeline. Therefore, such requests are blocked before any whitelisting logic takes place. Firewall events downloaded from the API show ruleid as securitylevel and action as drop when this behavior occurs.

https://support.cloudflare.com/hc/en-us/articles/217074967-Configuring-IP-Access-Rules

😞

matigo.ca.