How to allow programmatic API access to deployed Replit apps?

Deployments
1

Hi everyone,

I’m running into an issue with my deployed Replit app that I’m hoping someone can help with.

The situation:
I have a REST API deployed on Replit. I want to call this API programmatically from another Replit project (also a deployed app). Both projects are mine.

The problem:
All external API requests are being blocked with errors like:

  • “Expected X-Requested-With header”

  • “Invalid referrer”

These errors are NOT coming from my application code. My Express server has CORS configured with origin: '*' and I have no referrer validation. The requests are being blocked before they reach my code.

What I’ve tried (with help from Replit Agent):

  1. Added CORS middleware allowing all origins - didn’t help

  2. Switched from Autoscale to Reserved VM deployment - same issue

  3. Added browser-like headers (X-Requested-With, User-Agent, Referer) - didn’t help

  4. Tried different Referer header values - didn’t help

The development URL works fine when the Repl is running. The issue only happens with the production deployment URL.

My questions:

  1. Has anyone successfully set up a Replit deployment as a public API that accepts programmatic requests?

  2. Is there a way to disable the bot/referrer protection on deployed apps?

  3. Is there a specific configuration or header combination that works?

Any help would be greatly appreciated!

2
  • I imagine this was important though, to ensure the API endpoint is always instantly available.
  • Is this just happening on your own domain name (setup outside of Replit)? Or on the replit sub-domain name as well?

@realfunnyeric - I recall you saying you do quite a bit of API integration between apps, any ideas on this one?

2 Likes
3

aaawww, I just fixed that myself - the deployment should be PUBLIC, not private. Agent could not know that :wink:

I am leaving the post - maybe it will help someone in the future :slight_smile:

3 Likes
4

Dohhh! Always the obvious solutions :joy:

2 Likes
5

ah yes the chasing fantom issues because its not working in dev mode, issue. I have been plagued by this one too many times and it has cost me hunrdreds of dollars, i’m sure of it. Glad you got it figured out, I am having this issue right now getting shipstation back up and working before my launch :smile:

6

Happens to the best of us!