Troubleshooting API Gateway
Find out how to troubleshoot problems with API Gateway, and possible solutions to common issues.
This topic covers common issues related to the API Gateway service and how you can address them.
The issues in this topic are organized in the following broad categories:
- Issues creating API gateways
- Issues creating API deployments
- Issues calling APIs
- Issues affecting API gateways
Issues creating API gateways
Issues creating API deployments
Errors related to stalling API deployments:
Error message or description | More information |
---|---|
Creating a new API deployment stalls with a state of Creating, or fails. | Creating a new API deployment stalls with a state of Creating, or fails |
"Bad request" HTTP-4xx errors related to mTLS configuration:
Error message or description | More information |
---|---|
Cannot enable mutual TLS because custom CA Bundles are not added to the Gateway. Please add a custom CA Bundle and try again. |
Creating a new API deployment fails with "Cannot enable mutual TLS because custom CA Bundles are not added to the Gateway. Please add a custom CA Bundle and try again." message |
Duplicate SAN or CN values passed in input. |
Creating a new API deployment fails with "Duplicate SAN or CN values passed in input" message |
Too many value, must not have more than 10 values. |
Creating a new API deployment fails with "Too many value, must not have more than 10 values" message |
Length of SAN or CN string should be less than 256 characters. |
Creating a new API deployment fails with "Length of SAN or CN string should be less than 256 characters" message |
Invalid format for SAN or CN. |
Creating a new API deployment fails with "Invalid format for SAN or CN" |
Issues calling APIs
Use API Gateway logs to review invocation information. The Oracle Cloud Infrastructure Logging service is the default and recommended option for accessing, searching, and storing API Gateway logs. For more information, see Adding Logging to API Deployments.
Use the error messages from the logs and the information below to resolve invocation issues.
HTTP-5xx errors when API deployment is created successfully but requests fail:
Error message or description | More information |
---|---|
failed to parse pem cert chain , shown in the log. |
Invoking the API deployment fails with an HTTP-5xx error, and a "failed to parse pem cert chain" error is output to the log |
Client CA Bundle not present , shown in the log. |
Invoking the API deployment fails with an HTTP-5xx error, and a "Client CA Bundle not present" error is output to the log |
Error in client certificate verification , shown in the log. |
Invoking the API deployment fails with an HTTP-5xx error, and an "Error in client certificate verification" error is output to the log |
503: Service Unavailable |
Invoking the API deployment fails with a "Service Unavailable" message and a 503 error |
HTTP-4xx errors when API deployment created successfully but requests fail:
Error message or description | More information |
---|---|
Client certificate is invalid for this gateway. , shown in the log. |
Invoking the API deployment fails with an HTTP-4xx error, and a "Client certificate is invalid for this gateway" error is output to the log |
SAN validation failure , shown in the log. |
Invoking the API deployment fails with an HTTP-4xx error, and a "SAN validation failure" error is output to the log |
Miscellaneous errors when calling APIs
Error message or description | More information |
---|---|
Base 64 Certificate Size greater than 8KB , shown in the log. |
Invoking the API deployment is successful but a "Base 64 Certificate Size greater than 8KB" warning is output to the log |
Issues affecting API gateways
Error message or description | More information |
---|---|
Modifying a defined tag causes an API gateway to enter a failed state. | Modifying a defined tag causes an API gateway to enter a failed state |