We run a bot that uses the API via a private token to do housekeeping work in the issue tracking system mostly. The bot has been working fine until late this morning, when it began to get 403 errors when making modifications to objects via the API. To test, I created a new personal token with all permissions (api, sudo, read_users, read_repository) and used that with curl on the command line to do some sample requests. Reading is fine, but I cannot update anything. I just get 403 Forbidden, with no further information. There are no error messages in the GitLab logs that I can tell.
To see if this is an issue with our instance or GitLab in general, I added an access token to my test repo on GitLab.com and was able to execute a PUT request with no issue:
$ curl -X PUT -H 'Private-Token: REDACTED' https://gitlab.com/api/v4/projects/4603421/issues/3?weight=1
{"id":9159781,"iid":3,"project_id":4603421,"title":"test new branch","description":"","state":"closed","created_at":"2018-02-08T23:21:55.588Z","updated_at":"2018-08-30T16:44:38.279Z","closed_at":"2018-02-08T23:22:33.312Z","closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":2003894,"name":"Mohan","username":"schmohan","state":"active","avatar_url":"https://secure.gravatar.com/avatar/d2ee414233e77ce6aa58fb2a2cbe0457?s=80\u0026d=identicon","web_url":"https://gitlab.com/schmohan"},"assignee":null,"user_notes_count":0,"upvotes":0,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"web_url":"https://gitlab.com/JoelFeiner/BugTest/issues/3","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"_links":{"self":"https://gitlab.com/api/v4/projects/4603421/issues/3","notes":"https://gitlab.com/api/v4/projects/4603421/issues/3/notes","award_emoji":"https://gitlab.com/api/v4/projects/4603421/issues/3/award_emoji","project":"https://gitlab.com/api/v4/projects/4603421"},"subscribed":true,"weight":1}
I am willing to provide logs or output of commands if needed.