Oracle Cloud Infrastructure Documentation

Troubleshooting API Gateway

Find out how to troubleshoot problems with API Gateway, and possible solutions to common issues.

This topic covers common issues related to the API Gateway service and how you can address them.

The issues in this topic are organized in the following broad categories:

Issues creating API gateways

Error message or description More information
Creating a new API gateway stalls with a state of Creating, or fails. Creating a new API gateway stalls with a state of Creating, or fails
VNIC attachment failed due to the limit for number of private IP addresses for this subnet Creating a new API gateway returns a "VNIC attachment failed due to the limit for number of private IP addresses for this subnet" message
The limit for number of private IP addresses for this subnet has been exceeded Creating a new API gateway returns a "The limit for number of private IP addresses for this subnet has been exceeded" message
The limit for number of public IP addresses for this compartment has been exceeded Creating a new public API gateway returns a "The limit for number of public IP addresses for this compartment has been exceeded" message
Work request was cancelled Creating a new API gateway returns a "Work request was cancelled" message
An unexpected error occurred. Contact Oracle Support for assistance. Creating a new API gateway returns a "An unexpected error occurred. Contact Oracle Support for assistance" message
Unknown resource <subnet-ocid>, make sure subnet exists, the user can access the subnet and it is in the same region where the gateway will be created Creating a new API gateway returns an "Unknown resource <subnet-ocid>, make sure subnet exists,..." message and a 400 error

Issues creating API deployments

Errors related to stalling API deployments:

Error message or description More information
Creating a new API deployment stalls with a state of Creating, or fails. Creating a new API deployment stalls with a state of Creating, or fails

"Bad request" HTTP-4xx errors related to mTLS configuration:

Error message or description More information
Cannot enable mutual TLS because custom CA Bundles are not added to the Gateway. Please add a custom CA Bundle and try again. Creating a new API deployment fails with "Cannot enable mutual TLS because custom CA Bundles are not added to the Gateway. Please add a custom CA Bundle and try again." message
Duplicate SAN or CN values passed in input. Creating a new API deployment fails with "Duplicate SAN or CN values passed in input" message
Too many value, must not have more than 10 values. Creating a new API deployment fails with "Too many value, must not have more than 10 values" message
Length of SAN or CN string should be less than 256 characters. Creating a new API deployment fails with "Length of SAN or CN string should be less than 256 characters" message
Invalid format for SAN or CN. Creating a new API deployment fails with "Invalid format for SAN or CN"

Issues calling APIs

Use API Gateway logs to review invocation information. The Oracle Cloud Infrastructure Logging service is the default and recommended option for accessing, searching, and storing API Gateway logs. For more information, see Adding Logging to API Deployments.

Use the error messages from the logs and the information below to resolve invocation issues.

HTTP-5xx errors when API deployment is created successfully but requests fail:

Error message or description More information
failed to parse pem cert chain, shown in the log. Invoking the API deployment fails with an HTTP-5xx error, and a "failed to parse pem cert chain" error is output to the log
Client CA Bundle not present, shown in the log. Invoking the API deployment fails with an HTTP-5xx error, and a "Client CA Bundle not present" error is output to the log
Error in client certificate verification, shown in the log. Invoking the API deployment fails with an HTTP-5xx error, and an "Error in client certificate verification" error is output to the log
503: Service Unavailable Invoking the API deployment fails with a "Service Unavailable" message and a 503 error

HTTP-4xx errors when API deployment created successfully but requests fail:

Error message or description More information
Client certificate is invalid for this gateway., shown in the log. Invoking the API deployment fails with an HTTP-4xx error, and a "Client certificate is invalid for this gateway" error is output to the log
SAN validation failure, shown in the log. Invoking the API deployment fails with an HTTP-4xx error, and a "SAN validation failure" error is output to the log

Miscellaneous errors when calling APIs

Error message or description More information
Base 64 Certificate Size greater than 8KB, shown in the log. Invoking the API deployment is successful but a "Base 64 Certificate Size greater than 8KB" warning is output to the log

Issues affecting API gateways

Error message or description More information
Modifying a defined tag causes an API gateway to enter a failed state. Modifying a defined tag causes an API gateway to enter a failed state