BG96 fails on API Gateway HTTPS GET Request - 403 Forbidden

I wish to hit some API Gateway HTTPS end points using a BG96 for an IoT project. I have set up a GET method using AWS API Gateway that retrieves an entry from a DynamoDB table given the entry ID and a Lambda function to process the request. The end point does not require an API key nor AWS IAM role for authorization, it is open.

API URL: htttps://...amazonaws.com/dev/data/{id}

I can perform a GET request on the end point successfully using Postman however if I use the Quectel BG96 I receive a 403 Forbidden error and there’s no log of the Lambda function ever being called which makes me thing the request is being blocked before reaching the Lambda Function. If I request a different HTTPS endpoint (not the one I created on API Gateway, e.g. https://www.alipay.com/) using the BG96 I am successful.

Success - Example output below is for an HTTP endpoint but it does work for HTTPS end points as well.

[2022-02-03 15:25:19:468_R:] +QHTTPGET: 0,200,260
[2022-02-03 15:25:19:727_S:] AT+QHTTPREAD=80
[2022-02-03 15:25:19:780_R:] AT+QHTTPREAD=80
[2022-02-03 15:25:19:780_R:] CONNECT
[2022-02-03 15:25:19:780_R:] HTTP/1.1 200 OK
[2022-02-03 15:25:19:780_R:] Date: Thu, 03 Feb 2022 04:25:19 GMT
[2022-02-03 15:25:19:780_R:] Content-Type: application/json
[2022-02-03 15:25:19:780_R:] Content-Length: 260
[2022-02-03 15:25:19:780_R:] Connection: keep-alive
[2022-02-03 15:25:19:780_R:] Server: gunicorn/19.9.0
[2022-02-03 15:25:19:780_R:] Access-Control-Allow-Origin: *
[2022-02-03 15:25:19:780_R:] Access-Control-Allow-Credentials: true

[2022-02-03 15:25:19:780_R:] {
[2022-02-03 15:25:19:780_R:]   "args": {}, 
[2022-02-03 15:25:19:780_R:]   "headers": {
[2022-02-03 15:25:19:780_R:]     "Accept": "*/*", 
[2022-02-03 15:25:19:780_R:]     "Host": "httpbin.org", 
[2022-02-03 15:25:19:780_R:]     "User-Agent": "QUECTEL_MODULE", 
[2022-02-03 15:25:19:780_R:]     "X-Amzn-Trace-Id": "Root=1-61fb592f-4fd419b62b1b51ff0b9acb08"
[2022-02-03 15:25:19:780_R:]   }, 
[2022-02-03 15:25:19:780_R:]   "origin": "115.187.131.157", 
[2022-02-03 15:25:19:780_R:]   "url": "https://httpbin.org/get"
[2022-02-03 15:25:19:780_R:] }

[2022-02-03 15:25:19:780_R:] OK

[2022-02-03 15:25:19:780_R:] +QHTTPREAD: 0

Failure

[2022-02-03 15:01:10:606_R:] +QHTTPGET: 0,403,23
[2022-02-03 15:01:13:912_S:] AT+QHTTPREAD=80
[2022-02-03 15:01:13:964_R:] AT+QHTTPREAD=80
[2022-02-03 15:01:13:964_R:] CONNECT
[2022-02-03 15:01:13:964_R:] HTTP/1.1 403 Forbidden
[2022-02-03 15:01:13:964_R:] Date: Thu, 03 Feb 2022 04:01:10 GMT
[2022-02-03 15:01:13:964_R:] Content-Type: application/json
[2022-02-03 15:01:13:964_R:] Content-Length: 23
[2022-02-03 15:01:13:964_R:] Connection: keep-alive
[2022-02-03 15:01:13:964_R:] x-amzn-RequestId: 92420321-1e22-4967-8b9e-22988aee1046
[2022-02-03 15:01:13:964_R:] x-amzn-ErrorType: ForbiddenException
[2022-02-03 15:01:13:964_R:] x-amz-apigw-id: M8n9FGhfSwMFdRA=

[2022-02-03 15:01:13:964_R:] {"message":"Forbidden"}
[2022-02-03 15:01:13:964_R:] OK

[2022-02-03 15:01:13:964_R:] +QHTTPREAD: 0

The following is the complete interaction with the BG96 using QNavigator following the example 3.2.1 from Quectel_BG96_HTTP(S)_AT_Commands_Manual_V1.0:

[2022-02-04 11:15:43:406_S:] AT+QHTTPCFG="contextid",1
[2022-02-04 11:15:43:459_R:] AT+QHTTPCFG="contextid",1
[2022-02-04 11:15:43:459_R:] OK
[2022-02-04 11:15:50:267_S:] AT+QHTTPCFG ="responseheader",1
[2022-02-04 11:15:50:319_R:] AT+QHTTPCFG ="responseheader",1
[2022-02-04 11:15:50:319_R:] OK
[2022-02-04 11:15:54:876_S:] AT+QIACT?
[2022-02-04 11:15:54:928_R:] AT+QIACT?
[2022-02-04 11:15:54:928_R:] OK
[2022-02-04 11:15:59:572_S:] AT+QICSGP=1,1,"iot.truphone.com","","",1
[2022-02-04 11:15:59:623_R:] AT+QICSGP=1,1,"iot.truphone.com","","",1
[2022-02-04 11:15:59:623_R:] OK
[2022-02-04 11:16:04:393_S:] AT+QIACT=1
[2022-02-04 11:16:04:446_R:] AT+QIACT=1
[2022-02-04 11:16:04:446_R:] OK
[2022-02-04 11:16:08:290_S:] AT+QIACT?
[2022-02-04 11:16:08:342_R:] AT+QIACT?
[2022-02-04 11:16:08:342_R:] +QIACT: 1,1,1,"100.112.71.113"

[2022-02-04 11:16:08:342_R:] OK
[2022-02-04 11:16:13:044_S:] AT+QHTTPCFG="SSLCTXID",1
[2022-02-04 11:16:13:096_R:] AT+QHTTPCFG="SSLCTXID",1
[2022-02-04 11:16:13:096_R:] OK
[2022-02-04 11:16:20:243_S:] AT+QSSLCFG="SSLVERSION",1,3
[2022-02-04 11:16:20:296_R:] AT+QSSLCFG="SSLVERSION",1,3
[2022-02-04 11:16:20:296_R:] OK
[2022-02-04 11:16:26:843_S:] AT+QSSLCFG="ciphersuite",1,0XC02F
[2022-02-04 11:16:26:895_R:] AT+QSSLCFG="ciphersuite",1,0XC02F
[2022-02-04 11:16:26:895_R:] OK
[2022-02-04 11:16:32:159_S:] AT+QSSLCFG="seclevel",1,0
[2022-02-04 11:16:32:212_R:] AT+QSSLCFG="seclevel",1,0
[2022-02-04 11:16:32:212_R:] OK
[2022-02-04 11:16:38:403_S:] AT+QHTTPURL=74,80
[2022-02-04 11:16:38:456_R:] AT+QHTTPURL=74,80
[2022-02-04 11:16:38:456_R:] CONNECT
[2022-02-04 11:16:46:316_S:] https://********.execute-api.ap-southeast-2.amazonaws.com/dev/data/jedi1

[2022-02-04 11:16:46:318_R:] DSR:0 CTS:0 RI:0 (DCD:1)

[2022-02-04 11:16:46:369_R:] OK
[2022-02-04 11:16:53:691_S:] AT+QHTTPGET=80

[2022-02-04 11:16:53:692_R:] DSR:0 CTS:0 RI:0 (DCD:0)
[2022-02-04 11:16:53:744_R:] AT+QHTTPGET=80
[2022-02-04 11:16:53:744_R:] OK

[2022-02-04 11:16:56:863_R:] DSR:0 CTS:0 (RI:1) DCD:0

[2022-02-04 11:16:56:914_R:] +QHTTPGET: 0,403,23

[2022-02-04 11:16:56:984_R:] DSR:0 CTS:0 (RI:0) DCD:0
[2022-02-04 11:16:58:876_S:] AT+QHTTPREAD=80
[2022-02-04 11:16:58:928_R:] AT+QHTTPREAD=80
[2022-02-04 11:16:58:928_R:] CONNECT
[2022-02-04 11:16:58:928_R:] HTTP/1.1 403 Forbidden
[2022-02-04 11:16:58:928_R:] Date: Fri, 04 Feb 2022 00:16:56 GMT
[2022-02-04 11:16:58:928_R:] Content-Type: application/json
[2022-02-04 11:16:58:928_R:] Content-Length: 23
[2022-02-04 11:16:58:928_R:] Connection: keep-alive
[2022-02-04 11:16:58:928_R:] x-amzn-RequestId: 591a6292-7ff4-47af-9fcd-cdba16b98808
[2022-02-04 11:16:58:928_R:] x-amzn-ErrorType: ForbiddenException
[2022-02-04 11:16:58:928_R:] x-amz-apigw-id: M_aCzEcjSwMFgPg=

[2022-02-04 11:16:58:928_R:] {"message":"Forbidden"}
[2022-02-04 11:16:58:928_R:] OK

[2022-02-04 11:16:58:928_R:] +QHTTPREAD: 0

Why is the BG96 successfully performing GET requests on HTTPS endpoints using these configurations but not the end point I have setup using AWS API Gateway given that I can successfully perform GET requests on that end point using POSTMAN or just a browser with the endpoint URL searched?

Note the certification information after successful browser request

Many thanks

  1. 403 means that :You don’t have permission to access / on this server.Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
    2, as you said , you can use httpget with httppost tools .
    so pls comfirm that your SIM card can access the Internet sucessfully , pls
    contact it wii us
    3, I attched Http AWS AT log for your reference .

https://cnquectel-my.sharepoint.com/:f:/g/personal/america-fae_quectel_com/EiPm6UWIRNtDmlqZEjPgjY8Be7NDOfuHE7UwiUhXWA4woQ?e=FxlTX9

1 Like