PHP API v 2.0 Issue


I’ve been using PHP to interact with the Patreon API for a while now, however my scripts appear to have stopped working as of yesterday(-ish).

Upon investigating, I noticed that a newer version of the project had been committed (going from version 1.0 to 2.0). However updating didn’t solve the issue.

I dug into it a bit and I’ve noticed that I’m no longer getting a token reply. I investigated into the curl calls being executed by OAuth.php, and the response consists of an HTML block which says:

"One more step

Please complete the security check to access"

I’m not sure what to make of it, since I’d expect the API to return some sort of json block if there was a problem.

Could this be a hiccup with the updated API itself or am I simply missing something? I’m still learning my way through here, so it might just be me. The relevant section of code after returning from the Patreon Login page with the appropriate single-use code is effectively the same as the example on the documentation:

$client_id      = 'x';
$client_secret  = 'y';
$creator_id     = 'z';
$redirect_uri   = "a;
   //(All substituted by their appropriate values, of course)

$oauth_client   = new Patreon\OAuth($client_id, $client_secret);

$tokens = $oauth_client->get_tokens($_GET['code'], $redirect_uri);
$access_token = $tokens['access_token']; 
$refresh_token = $tokens['refresh_token'];

Both tokens return NULL, and following the get_tokens() function leads to the aforementioned HTML.

Any ideas?

Here, and just read this. Let me check with the person who would be most knowledgeable on our team, and get their attention on this.

Great writeup. Thank you.

Hey just following up, it seems the tokens are back now; thank you!

1 Like

Thanks for following up on this. I’m going to try to figure out what happened here :-/

Hi there!

This is most likely an issue with cloudflare’s bot detection. If you’re able to give us more information we should be able to work to make sure it won’t happen again.

We don’t have those kind of restrictions and I’m very certain “Please complete the security check to access” comes from Cloudflare.

Any additional information you have will help us make this issue a thing of the past both for you and other API consumers.

1 Like

Yeah that indeed seems to be cloudflare.

In similar cases one can also easily suspect any server-level interference from things like mod_security filtering and modifying urls, redirects, post & get operation. I encountered such a situation with a user who had his WP website at Bluehost. They seem to have a rather over-configured mod_security that filters many things. Even the oauth redirect that comes back to WP after authorization at patreon.

Hey guys, sorry to bring this up again but I’ve got more info:

-The problem came back last night, same issue.
-My host is Hostgator. I contacted their support team to look into the mod_security points from above, but the technician didn’t find any violations coming from my site in their security logs.

Is there any other information I could provide that would help? I checked the curl_exec($ch) response in OAuth.php and I’m pretty sure that the text is the generic Cloudfare protection text as Lira suggested; that “Please enable cookies” that’s included with it seems kind of suspect though. Could that be related? Possibly some setting I need to flip on my end?

Instead of using, can you try using instead?

Tested; it gave me the same result unfortunately.

I’m having the same problem with PHP API v1.0

Bumping this as I have the issue too. Your API is using cloudflare protection which is actually returning a captcha instead of JSON data (which breaks all your parsing code) I really don’t understand why you’re using a captcha on an API instead of some other method of rate control. As I assume my servers IP is somehow blacklisted by cloudflare, how am I supposed to access the API? (Which was working fine until 2 weeks ago)

Hello there!

I’m seeing the same things on my end (about the captcha, when the curl_exec occurs)… Would be great to have an update from the Patreon devs or if someone find a trick…

Have a nice day.

Hi there! We are aware of this issue and actively trying to figure out how to solve this issue.