Better logging for MAILMAN_ARCHIVER_FROM
Hyperkitty has a setting in settings.py called MAILMAN_ARCHIVER_FROM. It specifies ip addresses that are allowed to use the archiving rest api. If some machine whose ip is not specified tries to use the hyperkitty rest api, it is rejected with a 403 error.
However, it does not specify that it was because of the ip address that it was unauthorized. If you are not aware of this feature, you may sit there scratching your head trying to figure out why it can't authenticate, because the passphrase looks fine.
It would be most helpful if it said what ip address you appeared to be coming from. That way, if there is a proxy between the mailman-core server and the hyperkitty server, it'll be easier to see that this is why the ip address was not matching.