How to debug 500 error from Azure API Management call?

Question

I have my API hooked up to Azure's API Management service. When I try to call one of my endpoints, I get the following error:

{
  "statusCode": 500,
  "message": "Internal server error",
  "activityId": "79c1bef9-a05d-4734-b729-0657c1749e40"
}

I enabled tracing and this is the trace json

{
"traceId": "79c1bef9a05d4734b7290657c1749e40",
"traceEntries": {
    "inbound": [
    {
        "source": "api-inspector",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002259",
        "data": {
        "request": {
            "method": "GET",
            "url": "https://mysite.azure-api.net/partner/api/partner/ClientsActions",
            "headers": [
            {
                "name": "Ocp-Apim-Subscription-Key",
                "value": "..."
            },
            {
                "name": "Connection",
                "value": "Keep-Alive"
            },
            {
                "name": "Host",
                "value": "mysite.azure-api.net"
            }
            ]
        }
        }
    },
    {
        "source": "api-inspector",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002352",
        "data": {
        "configuration": {
            "api": {
            "from": "/partner",
            "to": null,
            "version": null,
            "revision": "1"
            },
            "operation": {
            "method": "GET",
            "uriTemplate": "/api/partner/ClientsActions"
            },
            "user": {
            "id": "1",
            "groups": [
                "Administrators",
                "Developers"
            ]
            },
            "product": {
            "id": "57c59e76ea12f3007f060002"
            }
        }
        }
    },
    {
        "source": "cors",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002544",
        "data": "Origin header was missing or empty and the request was classified as not cross-domain. CORS policy was not applied."
    },
    {
        "source": "choose",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002633",
        "data": {
        "message": "Expression was successfully evaluated.",
        "expression": "context.Request.Url.Query.ContainsKey(\"key\")",
        "value": false
        }
    },
    {
        "source": "set-header",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002744",
        "data": {
        "message": "Expression was successfully evaluated.",
        "expression": "(string)context.User.Id",
        "value": "1"
        }
    },
    {
        "source": "set-header",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002802",
        "data": {
        "message": "Specified value was assigned to the header (see below).",
        "header": {
            "name": "x-client-id",
            "value": "1"
        }
        }
    }
    ],
    "backend": [
    {
        "source": "forward-request",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0002909",
        "data": {
        "message": "Backend service URL is not defined."
        }
    },
    {
        "source": "forward-request",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0004824",
        "data": {
        "messages": [
            null,
            "Backend service URL is not defined."
        ]
        }
    }
    ],
    "outbound": [
    {
        "source": "transfer-response",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0007989",
        "data": {
        "message": "Response headers have been sent to the caller."
        }
    },
    {
        "source": "transfer-response",
        "timestamp": "2017-10-24T21:50:09.6322945Z",
        "elapsed": "00:00:00.0008730",
        "data": {
        "message": "Response body streaming to the caller is complete."
        }
    }
    ]
}
}

The "Backend service URL is not defined." messages look suspicious to me but I can't find any information on what they might mean. If I had to guess I'd say API Management is having issues talking to my real API but I can access it fine directly.

Anyone have any idea what might be going on or what I should look at? I'm running the tests directly through the developer portal provided by Azure.

Jason

Would you be able to show us the forward-request policy you have set into your back-end policy for this particular method? — zurebe-pieter, Oct 24 '17 at 22:18
Also: are any other calls working or is this the only call setup to your API at the moment? — zurebe-pieter, Oct 24 '17 at 22:19
It looks like all the calls are having the same issue. My backend policy is just but I also tried . I'm feeling my way along here as I inherited the project from a dev that's no longer working for us. I'm beginning to think the issue is in the initial Swagger import as I'm trying to recreate the API elsewhere and getting errors from the Swagger.json file. The file is generated by the .NET Swashbuckle toolset. — Jason, Oct 25 '17 at 19:14
Does your swagger file contain the correct host and relative uri? — zurebe-pieter, Oct 25 '17 at 19:33
Yep, that's exactly what the issue was. Turns out the Swagger.json file from Swashbuckle doesn't contain the host or schemes entries which are required by the import in Azure API Management. Go ahead and post an answer and I'll select it as the correct one. — Jason, Oct 26 '17 at 13:52
The problem was that `Web service URL` value was empty on azure api service in my case. I do not know how it was set but it is a fact. And Azure API was not able to call backend service. This is internal Azure setting and is not reflected in the yaml file for Azure API — oleksa, Jan 08 '19 at 15:30

score 46 · Answer 1 · answered Jun 14 '18 at 22:45

46

I had the same issue. I resolved it by putting the back end API URL on the "Web service URL" of my API in the API Management. So at the time of writing, the steps using the portal would be:

Open your API Management instance
Open the APIs blade
Select your API on the list
Settings tab > Web service URL property

answered Jun 14 '18 at 22:45

Midas

461
1
4
4

1

Solved for me either. – Arun Jun 30 '19 at 08:37
1

Same here, but why? – Simon Linder Dec 11 '19 at 08:13
This caught me out too. We are consuming a 3rd party Api but was missing this when we imported itsswagger Open Api specification. – Johnny Sep 14 '20 at 11:14
Same for me. I did the setup from an Azure web app, so I would have guessed that the URL was there by default. Thanx for sharing! – Trond Jelsnes Undrum Nov 25 '20 at 21:18

score 11 · Accepted Answer · answered Oct 26 '17 at 13:59

In your Swagger file, make sure it mentions the correct host, basePath and schemes entries. Swashbuckle generated Swagger files tend not to contain those.

Here is an example:

{
"swagger": "2.0",
"info": {
    "title": "Your title",
    "version": "1.0",
    "description": "Your description"
},
"host": "server.host.com",
"basePath": "/api",
"schemes": [
    "https"
],
"consumes": [
    "application/json"
],
"produces": [
    "application/json"
],

Take specific interest in "host", "basePath" and "schemes" and change those according to your API.

score 0 · Answer 3 · answered Jul 17 '18 at 11:03

I encountered similar error while configuring my endpoints in API management. This happens when API management is unable to validate the SSL certificate root authority chains. If you are using self signed certificate then use below powershell to skip the certificate chain validation for your endpoint.

$subscriptionName = "MySubscription"
Get-AzureRmSubscription -SubscriptionName $subscriptionName | Set-AzureRmContext 

$context = New-AzureRmApiManagementContext -resourcegroup 'myResourceGroup' -servicename 'myApiManagementServiceName'
New-AzureRmApiManagementBackend -Context  $context -Url 'https://myService.abc.com/' -Protocol http -SkipCertificateChainValidation $true

I hope this will address your issue.

If you need to check which URLs have been setup to skip the certificate chain validation then use below powershell command -

Get-AzureRmApiManagementBackend -Context $context

score 0 · Answer 4 · answered Dec 06 '18 at 13:18

Recently I have come across this issue. Was using the Swashbuckle.AspNetCore for creating the json file meta data from the api.The fields like host,schemes,securityDefinitions and apiKeyQuery are missing for some reason not sure why. But after explicitly added those the issue resolved. below missing fields

"host": "your api host .com",
"schemes": ["http", "https"],
"securityDefinitions": {
    "apiKeyHeader": {
        "type": "apiKey",
        "name": "Ocp-Apim-Subscription-Key",
        "in": "header"
    },
    "apiKeyQuery": {
        "type": "apiKey",
        "name": "subscription-key",
        "in": "query"
    }
},
"security": [{
    "apiKeyHeader": []
}, {
    "apiKeyQuery": []
}],

Vibin Vijay · Answer 5 · 2022-08-05T17:26:35.633

Go to the Function App -> Configuration -> General Settings -> Incoming client certificates -> Select Client certificate mode as "Ignore"

If you want the Client Certificate mode as "Allow" (Allow means check below) you've got to add a policy to this specific operation in the APIM. So keep the Client Certificate Mode as "Allow" and go to APIM -> APIs -> Select the API -> Select the Operation -> Go to the policy and add this policy inside the inbound, inbound policy

(Allow means Clients will be prompted for a certificate, if no certificate is provided fallback to SSO or other means of authentication. Unauthenticated requests will be blocked.)

This worked for me. Cheers!

score -1 · Answer 6 · answered Aug 27 '20 at 14:29

-1

I had same error but realized that I had subscription requirement on although I didn't provide any secure key values.

answered Aug 27 '20 at 14:29

Tommi Grönlund

1

How to debug 500 error from Azure API Management call?

6 Answers6

Linked