BigCommerce API Connection Problems / Began as Intermittent, now more frequent

1
votes

I've been using the API to push orders into our client's BigCommerce store for quite some time, however, BigCommerce recently began rejecting connections and/or closing connections.

I have been unable to find the root of the problem and I'm hoping that someone has experienced and/or could help find the root of this problem.

The following is the response we are now getting on all Big Commerce API requests:

Message: The underlying connection was closed: An unexpected error occurred on a send.

InnerException: System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async)

    req = (HttpWebRequest)WebRequest.Create(baseURL);
    req.AllowAutoRedirect = true;
    req.ContentType = "application/json";
    req.Accept = "application/json";
    req.Method = "GET";

    req.Headers.Add("X-Auth-Client", clientID);
    req.Headers.Add("X-Auth-Token", AccessToken);
    req.Headers.Add("Authorization", authValue);

    using (WebResponse resp = req.GetResponse()) {
        if (req.HaveResponse && resp != null) {
            using (var reader = new StreamReader(resp.GetResponseStream())) {
                    jsonResponse = reader.ReadToEnd();
                }
            }
        }
    }
2
c#.netbigcommerce
seems SSL related. can you perhaps ignore certificate validation? or show ssl related code?user6438501

2 Answers

1
votes

Is it happening consistently every time now? If not, what's the frequency? And when you say "rejecting connections and/or closing connections", are you seeing two different error responses for each of those situations?

I've seen similar messages before from BC, but only from malformed requests, which doesn't sound like your case since the code was working fine before. I'll run some tests when I get home to see if I'm seeing similar issues, and I'll compare code to see if there are differences.

EDIT: It may be more helpful to just post a very simplified version of the code I'm using. I have a worker method, BigCommerceGet, that's called from multiple places in my code:

private string BigCommerceGet(string URL)
{
    System.Net.HttpWebRequest req = (HttpWebRequest)WebRequest.Create(baseUrl + URL);
    req.Credentials = new NetworkCredential(_username, _api_key);
    req.AllowAutoRedirect = true;
    req.ContentType = "application/json";
    req.Accept = "application/json";
    req.Method = "GET";

    string jsonResponse = null;
    using (HttpWebResponse resp = req.GetResponse() as HttpWebResponse)
    {
        if (req.HaveResponse && resp != null)
        {
            using (var reader = new StreamReader(resp.GetResponseStream()))
            {
                jsonResponse = reader.ReadToEnd();
            }
        }
    }

    return jsonResponse;
}

Here's a loop I use to retrieve all orders from my site and write them to a file:

public Order[] GetAllOrders()
{
    Order[] result = null;
    string orderString = "";

    try
    {
        StringBuilder orders = new StringBuilder("[");
        String jsonResponse = BigCommerceGet("orders?limit=50&page=1");
        int page = 1;
        string prePend = "";

        while (jsonResponse != "")
        {
            // Remove the leading and trailing brackets, and prepend a comma
            // beyond page 1.
            orders.Append(prePend + jsonResponse.Substring(1, jsonResponse.Length - 2));
            prePend = ",";
            page++;
            jsonResponse = BigCommerceGet("orders?limit=50&page=" + page.ToString());
        }

        orders.Append("]");

        System.IO.FileStream wFile;
        byte[] byteData = null;
        byteData = Encoding.ASCII.GetBytes(orders.ToString());
        using (wFile = new FileStream(@"Z:\ThisIsYourFile.txt", FileMode.Create))
        {
            wFile.Write(byteData, 0, byteData.Length);
            wFile.Close();
        }

        orderString = orders.ToString();
        result = JsonConvert.DeserializeObject<Order[]>(orderString);
    }
    catch (Exception e)
    {
        Console.WriteLine("*** Exception encountered while retrieving store information: {0}", e.ToString());
    }

    return result;
}

You should be able to modify this to verify that you can consistently retrieve orders from your site.

1
votes

After corresponding with BC, it seems that TLS 1.0 had been disabled on the BC API servers, causing the problem with requests coming from my Windows 2008 R2 Server running IIS.

SSL 3.0 had previously been disabled by BC, which did not throw errors for me on IIS because SSL 3.0 had been disabled on my server as well.

To those encountering similar problems, it is recommended to disable SSL as well as TLS 1.0 (the TLS 1.0 protocol will be deprecated by BC in the near future), leaving only newer protocols in place.

Further notes from BC:

*Just to update you - we were able to reproduce these same problems on a Windows Server 2008 machine. It does look like TLS/SSL negotiation, and specifically because 2k8 only supports SSLv3 (disabled for a long time) and TLS 1.0. We disabled TLS 1.0 [removed] as part of our migration to our newer load balancers and our understanding was that we should be worried about Windows Vista and below. 2k8 shares the same cipher configuration, unfortunately.

[removed]

I'm going to be working with our team to aggressively deprecate TLSv1.0 and insecure ciphers for API traffic over the next month or so. This is a really small amount of our traffic today. We'll get proper communications out surrounding this, but it will force you to move to a newer operating system. *