[Fixed, Please upgrade via pip and delete any saved sessions] get_transactions failure with HTTP 403

[codemonkey-design]

just started happening this morning. i'm on the latest package from today.

During handling of the above exception, another exception occurred:

File "C:\Python310\Lib\site-packages\gql\transport\aiohttp.py", line 319, in raise_response_error
resp.raise_for_status()
File "C:\Python310\Lib\site-packages\aiohttp\client_reqrep.py", line 1161, in raise_for_status
raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 403, message='Forbidden', url='https://api.monarchmoney.com/graphql'

The above exception was the direct cause of the following exception:

File "C:\Python310\Lib\site-packages\gql\transport\aiohttp.py", line 321, in raise_response_error
raise TransportServerError(str(e), e.status) from e
File "C:\Python310\Lib\site-packages\gql\transport\aiohttp.py", line 338, in execute
await raise_response_error(resp, "Not a JSON answer")
File "C:\Python310\Lib\site-packages\gql\client.py", line 1537, in _execute
result = await self.transport.execute(
File "C:\Python310\Lib\site-packages\gql\client.py", line 1628, in execute
result = await self._execute(
File "C:\Python310\Lib\site-packages\gql\client.py", line 367, in execute_async
return await session.execute(
File "C:\Python310\Lib\site-packages\monarchmoney\monarchmoney.py", line 2766, in gql_call
return await self._get_graphql_client().execute_async(
File "C:\Python310\Lib\site-packages\monarchmoney\monarchmoney.py", line 1553, in get_transactions
return await self.gql_call(
File "D:\Budget\monarch-api\monarch-api.py", line 33, in get_transaction_data
monarch_data = await monarch.get_transactions(start_date=start_date, end_date=end_date, limit=TRANSACTION_LIMIT)

[91raadkins]

I'm having the same issue, but not just with get_transactions - seems like any request to the API is failing with the same HTTP response

[hammem]

Thanks for reporting this! Was able to reproduce as well. There are, from what I can tell, two things happening simultaneously that cause the errors to happen.

The Causes and Fixes

Monarch may have invalidated old tokens
If you've saved your session using the API and are using an older one, you may need to delete it and create a new one.

You can remove the old session via a simple rm -fR .mm from wherever you run the Monarch API. Or, you can call the delete_session() method.

Then, on your next use of the API, perform a login and save the new session.

New HTTP headers are needed
After some guess and test, it looks like Accept, Content-Type and User-Agent headers are required and, as a hunch, the default UA from the Python GraphQL library wasn't making Monarch happy. I updated the User-Agent to MonarchMoney (https://github.com/hammem/monarchmoney/) to be transparent with them, should they decide to go hunting for traffic they find less than suitable in the future.

To get your install working again

• Update the package via pip to at least 0.1.15
• Delete any existing saved sessions via delete_session() or rm -fR .mm
• Make sure to login on the next usage (and save_session() if you like)

[hammem]

Leaving this open for a bit, while folks pick up the upgraded package.

[codemonkey-design]

I tried the steps listed and when forcing a new login, i get the following. Anyone else seeing this?

File "C:\Python310\lib\site-packages\monarchmoney\monarchmoney.py", line 123, in login
await self._login_user(email, password, mfa_secret_key)
File "C:\Python310\lib\site-packages\monarchmoney\monarchmoney.py", line 2831, in _login_user
raise LoginFailedException(
monarchmoney.monarchmoney.LoginFailedException: HTTP Code 404: Not Found

[rcdilorenzo]

@codemonkey-design You'll need to post more of the HTTP error. I was able to resolve following @hammem's recommendation.

[zacrevermann]

I am getting a similar issue when trying to use the interactive login. I have updated to the latest version.

LoginFailedException                      Traceback (most recent call last)
[<ipython-input-16-cffef5bc07ff>](https://localhost:8080/#) in <cell line: 1>()
      2 
      3 mm = MonarchMoney()
----> 4 await mm.interactive_login()
      5 
      6 # Save it for later, no more need to login!

2 frames
[/usr/local/lib/python3.11/dist-packages/monarchmoney/monarchmoney.py](https://localhost:8080/#) in _login_user(self, email, password, mfa_secret_key)
   2829                     raise RequireMFAException("Multi-Factor Auth Required")
   2830                 elif resp.status != 200:
-> 2831                     raise LoginFailedException(
   2832                         f"HTTP Code {resp.status}: {resp.reason}"
   2833                     )

LoginFailedException: HTTP Code 404: Not Found

[hammem]

Thanks, @zacrevermann ! Please also confirm you've deleted any saved sessions, as interactive_login() will use them by default. Either call delete_session() in the line immediately above or use the argument use_saved_session=False when calling interactive_login().

[zacrevermann]

Hi @hammem yes, confirming I called delete_session() immediately above.

[hammem]

Thanks again, @zacrevermann ! Are you running this in a Jupyter notebook environment by chance? I just did a repro in Google Colab and get the same error. But, when I run in a brand new venv locally, no errors. I suspect there's something off / different.

[zacrevermann]

@hammem I am running in a Google Colab on a hosted runtime.

[kwargonaut]

@hammem I'm getting a similar result. Works from python command line, but not from Jupyterlab. I can login from either, but graphql calls are rejected when run from Jupyterlab. Details:

I'm running Jupyterlab locally on a laptop (not on any cloud virtual machine or data center machine). I installed monarchmoney version 0.1.15 and I have no previous sessions. To confirm, I just used monarchmoney for the first time today so definitely have no previous sessions. From Jupyterlab I was able to login using mm.login() where I supplied email, password and mfa_secret_key. The login seems to have worked because no errors were thrown and 'mm.token' had a value. However, when I call any graphql function, such as mm.get_accounts(), I get an authentication error such as:
TransportServerError: 401, message='Unauthorized', url='https://api.monarchmoney.com/graphql'

When I run from the python command line via Windows cmd.exe, everything works fine. I logged in and made a successful call to get_accounts() from the python command line.

[codemonkey-design]

@zacrevermann can you verify on the monarch website that you have MFA enabled?

@hammem if i remove this from the header, i'm able to get past the 404 error but now I'm stuck at the 403 error. This is running it from the command line with interactive login.

removed:
"User-Agent": "MonarchMoneyAPI (https://github.com/hammem/monarchmoney)",

[zacrevermann]

@codemonkey-design confirming I have MFA enabled on my monarch account.

[goldan]

Hi @hammem, thanks for an amazing repo, it's super useful. I started getting the 403 error as well. After upgrading to 0.1.15, it started working. However, after a day or so, I started getting RuntimeError: Fatal error fetching url: 401, message='Unauthorized', url=URL('https://api.monarchmoney.com/graphql'). After manually deleting the saved session and logging in again, it started working again. So it looks like maybe sessions are now invalidated every 24 hours or so?

[hammem]

I suspect you might be right, @goldan a bit of a bummer, but can probably validate by looking at the Web UX more closely for a token refresh call?

[codemonkey-design]

ok, i finally tracked this down. i don't think monarch likes me trying to make those calls thru my vpn. they are blocking it now. i reran the script from a clean dev environment and was able to get logged in successfully.

[atkaiser]

Just wanted to add that I had the same issue where I would get a "HTTP 404" if I was trying to login when on a VPN (specifically I was using Mullvad VPN) and things worked fine when I was off of the VPN. I'll also note that after I logged in and saved my session I was able to do everything else while on the VPN, so it seems only the login isn't allowed on a VPN.

[codemonkey-design]

I just submitted a support ticket with monarch. Let's see what they have to say.

[skylatian]

@codemonkey-design Any word from Monarch? How supportive/not supportive were they? I'd expect them to basically say "don't try that" but would love to hear your experience.

[codemonkey-design]

Yes, this is the response I got. It looks like it's being blocked due to security, on their end:

"web application firewall (WAF) may be blocking your GraphQL API requests when you're using a VPN. "