Manager API bug

Manager crashes with invalid, but correctly formatted URL’s,
for example:

You need to provide more information. Manager crashes doing what? When you have entered what? On what operating system and with which browser?

I’ve been using the REST API quite heavily on both Cloud and Server Edition over the past few days, and I haven’t noticed any issues.

If you can provide more details, I might be able to help. The browser etc might not be relevant here if you’re making an API request, but it would be helpful to see how you’re making the request.

Are you using some code you’ve written, an external tool like Postman, CURL via command line, …?

Please also state, if you’re using Server Edition, which version of Manager you are running. Perhaps try upgrading to the latest version which is currently 17.10.77:

Server Edition.
Any operating system: tried it a year ago on windows xp and ubuntu, tried it again on windows 7 and 10 just a few days ago using the latest version.
Tried it on all known browsers.

Just trying to request a nonexistent object with an authenticated user will crash the server.

To reproduce:
Start a clean install of Manager Server edition, goto using a browser, then login as administrator with the default empty password.

Keep in mind that what you’ve entered isn’t a valid API endpoint even if you had the ID of an existing object. That URL you’ve provided is one of the helper pages designed to be viewed in a web browser.

On my server, Northwind sample database has a UUID of e0be2546-f804-4048-8e34-381638e46448.

So visiting the following endpoint gives me HTML with a list of available tabs/modules:

If I try to visit a non-existent business as you indicated:

… I get a “502 Bad Gateway” response.

… and if I then try to visit the Northwind endpoint again, it works fine, so the server hasn’t crashed for me. It’s strange that you’re saying the entire server crashes - does it force you to start the service again? How do you usually recover the server after it has crashed?

You can try submitting a GET request to /api/index.json and let us know how that goes. It should return a JSON array of businesses that you have imported, e.g.

        "Key": "ae391f2e-50b2-4b1e-8c10-f08925e1dac0",
        "Name": "Business Name Here"
        "Key": "e0be2546-f804-4048-8e34-381638e46448",
        "Name": "Northwind"

Only “Manager Server” crashes.

Are you sure you are getting that “502 Bad Gateway” from Manager and not for example nginx, after successfully crashing Manager? Can you check if the process id is still the same after getting that message?

I know how use it “normally”, and how to keep it running, but that doesn’t prevent certain people from abusing that bug to do “bad” things.

I think I understand what you’re trying to say now.

Keep in mind, however, that the API is in heavy development and:

  • May change significantly in a future release
  • May contain some bugs

That said, if there’s any security issues I agree that it’s worthwhile bringing to the developer’s attention sooner rather than later. So I will investigate further when I’ve got a chance (next few days), and see if I can reproduce what you are saying.