[GH-ISSUE #805] Bug: Multiple API errors #16623

New Issue

Closed

opened 2026-05-18 16:43:21 -05:00 by GiteaMirror · 3 comments

GiteaMirror commented 2026-05-18 16:43:21 -05:00

Owner

Copy Link

Originally created by @kmanwar89 on GitHub (May 30, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/805

Originally assigned to: @miloschwartz on GitHub.

Hi,

I'm familiarizing myself with the Pangolin API to develop some automations (such as automatically adding a defined IP ruleset to every resource I create). I've encountered the following errors so far in testing:

1. While trying to delete an org, I receive a 500 "unknown error" status code. Relevant logs and screenshots are attached.

Is this possibly bug behavior?

pangolin  | 2025-05-30T01:13:30.755987257Z 2025-05-30T01:13:30.755Z [error]: User not authenticated
pangolin  | 2025-05-30T01:13:30.756105083Z Stack: UnauthorizedError: User not authenticated
pangolin  | 2025-05-30T01:13:30.756126071Z     at uo (file:///app/dist/server.mjs:12:17850)
pangolin  | 2025-05-30T01:13:30.756139601Z     at Vi (file:///app/dist/server.mjs:31:19673)
pangolin  | 2025-05-30T01:13:30.756154873Z     at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
pangolin  | 2025-05-30T01:13:30.756168479Z     at next (/app/node_modules/express/lib/router/route.js:149:13)
pangolin  | 2025-05-30T01:13:30.756181529Z     at file:///app/dist/server.mjs:25:21061

Below screenshot showing a successful get listing the org as valid:

And API key permissions:

2. Unable to GET or DELETE roles (returns 404/400), but able to create successfully

I can also create a role successfully:

But it fails to GET the role I just created...

The role is seen in the GUI so I can confirm it exists there:

And from the PUT, I know it's roleId is "8", so when I pass that in the body of a DELETE, I receive a 400:

For brevity, I won't add more but I'd love to work with the developers to contribute documentation fixes if nothing else - I'm not a software developer, but if I'm pointed to where in the code these endpoints are at least documented, I'd be happy to contribute something there. Thanks!

Originally created by @kmanwar89 on GitHub (May 30, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/805 Originally assigned to: @miloschwartz on GitHub. Hi, I'm familiarizing myself with the Pangolin API to develop some automations (such as automatically adding a defined IP ruleset to every resource I create). I've encountered the following errors so far in testing: ### 1. While trying to delete an org, I receive a 500 "unknown error" status code. Relevant logs and screenshots are attached. Is this possibly bug behavior? ``` pangolin | 2025-05-30T01:13:30.755987257Z 2025-05-30T01:13:30.755Z [error]: User not authenticated pangolin | 2025-05-30T01:13:30.756105083Z Stack: UnauthorizedError: User not authenticated pangolin | 2025-05-30T01:13:30.756126071Z at uo (file:///app/dist/server.mjs:12:17850) pangolin | 2025-05-30T01:13:30.756139601Z at Vi (file:///app/dist/server.mjs:31:19673) pangolin | 2025-05-30T01:13:30.756154873Z at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5) pangolin | 2025-05-30T01:13:30.756168479Z at next (/app/node_modules/express/lib/router/route.js:149:13) pangolin | 2025-05-30T01:13:30.756181529Z at file:///app/dist/server.mjs:25:21061 ``` <img width="1303" alt="Image" src="https://github.com/user-attachments/assets/44967cb7-dac7-43d1-a903-a84b1a3857aa" /> Below screenshot showing a successful get listing the org as valid: <img width="1261" alt="Image" src="https://github.com/user-attachments/assets/53cbfdff-bea0-43eb-850e-65159b29fe7e" /> And API key permissions: <img width="1650" alt="Image" src="https://github.com/user-attachments/assets/c4ac9b05-d932-4a0a-9308-98cca4ad2a6c" /> ### 2. Unable to GET or DELETE roles (returns 404/400), but able to create successfully I can also create a role successfully: <img width="1315" alt="Image" src="https://github.com/user-attachments/assets/09d67ec5-4a21-4537-a39c-2ee5f091ad4e" /> But it fails to GET the role I just created... <img width="1348" alt="Image" src="https://github.com/user-attachments/assets/9c605491-6eeb-4271-9d33-3777ff65c972" /> The role is seen in the GUI so I can confirm it exists there: <img width="931" alt="Image" src="https://github.com/user-attachments/assets/1d40349c-bba7-4a93-83d2-1df938314bbf" /> And from the PUT, I know it's roleId is "8", so when I pass that in the body of a DELETE, I receive a 400: <img width="1314" alt="Image" src="https://github.com/user-attachments/assets/58f0f92e-2183-4585-a849-63f67ea2ef44" /> For brevity, I won't add more but I'd love to work with the developers to contribute documentation fixes if nothing else - I'm not a software developer, but if I'm pointed to where in the code these endpoints are at least documented, I'd be happy to contribute something there. Thanks!

GiteaMirror added the needs investigatingbug labels 2026-05-18 16:43:22 -05:00

GiteaMirror closed this issue 2026-05-18 16:43:23 -05:00

GiteaMirror commented 2026-05-18 16:43:27 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (May 31, 2025):

Hi thanks for testing all of these things in the api. They sounds like real bugs that may have arisen from the shared code between both the integration api and dashboard API. Ill ping @miloschwartz to take a look.

<!-- gh-comment-id:2925264795 --> @oschwartz10612 commented on GitHub (May 31, 2025): Hi thanks for testing all of these things in the api. They sounds like real bugs that may have arisen from the shared code between both the integration api and dashboard API. Ill ping @miloschwartz to take a look.

GiteaMirror commented 2026-05-18 16:43:29 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Jun 4, 2025):

I'll work on fixing the GET in the next release (seems to be missing from the router hence the not found error).

For the DELETE, it's not documented well, but the roleId that will be deleted needs to be passed in the URL params. The roleId in the body, is the new role to which the users previously present in the deleted role will be assigned.

<!-- gh-comment-id:2941308049 --> @miloschwartz commented on GitHub (Jun 4, 2025): I'll work on fixing the GET in the next release (seems to be missing from the router hence the not found error). For the DELETE, it's not documented well, but the roleId that will be deleted needs to be passed in the URL params. The roleId in the body, is the new role to which the users previously present in the deleted role will be assigned.

GiteaMirror commented 2026-05-18 16:43:30 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Jun 5, 2025):

Should be fixed in 1.5.0. Let me know if for some reason it's not!

<!-- gh-comment-id:2945891411 --> @miloschwartz commented on GitHub (Jun 5, 2025): Should be fixed in 1.5.0. Let me know if for some reason it's not!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-94425a55d0

dependabot/npm_and_yarn/dev-minor-updates-4aaf4dbce4

dependabot/go_modules/install/minor-updates-a249525a56

fix-3104

dev

exit-node-reconnect

fix-logoUrl

button-to-rebuild-association

crowdin_dev

rdp-ssh

dependabot/npm_and_yarn/brace-expansion-5.0.6

copilot/fix-documentation-input-output-types

dependabot/github_actions/sigstore/cosign-installer-4.1.2

redis

resource-policies

dependabot/npm_and_yarn/next-15.5.18

dependabot/npm_and_yarn/fast-uri-3.1.2

s3

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

dependabot/npm_and_yarn/next-intl-4.9.2

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

breakout-sites-tables

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.4

1.18.3

1.18.2

1.18.1

1.18.0

1.18.0-rc.0

1.17.1

1.17.0

1.17.0-rc.0

1.16.2

1.16.1

1.16.0

1.16.0-rc.0

1.15.4

1.15.3

1.15.2

1.15.1

1.15.0

1.15.0-rc.0

1.14.1

1.14.0

1.14.0-rc.0

1.13.1

1.13.0

1.13.0-rc.0

1.12.3

1.12.2

1.12.1

1.12.0

1.12.0-rc.0

1.11.1

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label bug needs investigating

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#16623