Hello!
I’m on a free plan and tried to use Pinecone with my self-hostet n8n server. My server runs on a Hetzner shared server. When I try to access the index via CURL using a API key it works from my local workstation, but I get a 403 on my server. I tried a command from DOCs:
curl -X GET “https://api.pinecone.io/indexes” \
-H “Api-Key: xxxxx”
My local workstation gets a reply with my demo index.
But my Server gets:
403 Forbidden
Error: Forbidden
Your client does not have permission to get URL /indexes from this server.
Does anyone know how to solve this issue?
Thanks in advance!
403 typically means youve either exceeded a quota, or hit deletion protection
Since you’re encountering a 403 Forbidden error when accessing Pinecone’s API from your Hetzner server, but the same request works from your local workstation it sounds like a client error (again, indicating permission issues)
Since the same API key works from your local machine, the issue might be related to your server environment rather than the API key itself.
Here are the most likely causes and solutions, to help you hone in:
1. Check your API key permissions
Ensure your API key has the necessary permissions for the operation you’re trying to perform . Since you’re using a free plan, verify you haven’t exceeded the Starter plan limits, which include 5 serverless indexes per project and 2 GB of serverless index storage per project
2. Verify your server’s network configuration
The fact that it works locally but not from your Hetzner server suggests a network-level issue. Check if your server has any firewall rules or network restrictions that might be blocking outbound HTTPS requests to Pinecone’s API endpoints.
3. Confirm you’re using the correct API endpoint
Make sure you’re using the correct global control plane endpoint https://api.pinecone.io/indexes as shown in your command. This is the proper format for control plane operations.
4. Check for billing issues
Although you mentioned you’re on the free plan, verify your billing status in the console to ensure there are no account-level restrictions.
If none of these resolve the issue, I recommend checking out these resources:
Thanks for your response.
I’ve double-checked the API key, endpoint, and quota — everything is within limits and works perfectly from my local machine.
The issue is reproducible only from my Hetzner (AS24940) shared server:
DNS resolution and TLS handshake complete successfully.
curl -v https://api.pinecone.io/indexes returns an immediate HTTP/2 403 with a standard Google Frontend (GFE) HTML page.
The same API key and request from a local or AWS host return 200 OK.
Data-plane endpoints (e.g. https://<index-name>.svc.aped-4627-b74a.pinecone.io/...) work fine from Hetzner — only the control-plane endpoint is blocked.
This suggests that requests from Hetzner IP ranges are being rejected at Google’s edge/WAF level rather than by Pinecone’s application layer.
Could you please confirm whether Pinecone’s control-plane endpoints intentionally block certain hosting ASNs (like Hetzner Online) or if there’s a chance to whitelist specific IPs?
My IPv6 prefix is 2a01:4f8:c17:918e::/64 (Hetzner Online GmbH, Germany).
Thanks for checking this — the routing and TLS traces clearly show the block originates upstream of my host firewall.
I suspect you’re right that GCP is blocking your IP for some reason. We’ll need to open a case with them to troubleshoot, and will follow-up with you here when we know more.