POST to new /tracker returns a 500 about MethodAllowedList

Trying to POST a set of events to /tracker, I get a 500 error:

{"httpStatus":"Internal Server Error","httpStatusCode":500,"status":"ERROR","message":"org.hisp.dhis.security.apikey.MethodAllowedList"}

A GET to /tracker/events works.

My token has POST allowed, so I’m not sure what’s going on here (and 405 would be a more correct error code anyway if the method isn’t supported). Is this a data validation error in disguise? Something else?

Thanks for any pointers.

Hi @caalami

Welcome to the community!

Would you share the API request headers and parameters if any? I’d like to test by reproducing it in play.dhis2.org.

Which version are you using?

Thank you!

@Gassim, thanks, it’s version 2.40.3

My request is something like

POST https://bulletin.example.com/api/tracker?async=FALSE&importStrategy=CREATE&importMode=VALIDATE

with JSON body

{
  "events": [
    {
      "program": "G7csB1HIvsb",
      "programStage": "A3JKTgzt7fq",
      "orgUnit": "RV19Edu9KCT",
      "occurredAt": "2024-10-15T05:52:00",
      "geometry": {
        "type": "Point",
        "coordinates": [
          ...
        ]
      },
      "dataValues": [
        ...
      ]
    }
  ]
}
1 Like

Hi @caalami

Thank you for the additional information. I used the same endpoint and parameters in 2.40.6 on Postman:

The response is 200 OK which means we’re using the endpoint correctly and POST method is allowed.

It’s either you need to update your version from 2.40.3 to the latest patch 2.40.6, or maybe recheck your token settings. You’re welcome to share the token configuration so I can test using the same Token configuration.

Thanks!

Hmm, thanks for checking. I don’t maintain the instance so not sure I’ll be able to get a patch upgrade done, but will check the release notes to see if anything seems relevant.

Token looks like:

Is there a chance that the authorities list is missing something for me?

OK, the error is about the query parameter.

async=false

is correct.

async=FALSE

throws the 500 error.

1 Like

Hi @caalami

Thanks for sharing the solution that worked for you.

What I don’t understand is that if you see in my screenshot, I actually used async=FALSE and it worked. :thinking:

We’re using the same endpoint and version, so I’m not sure why it’d throw a 500 error for you when it worked for me.

You can test on play as well to see for yourself. Maybe there’s something else that changed?

Thanks!

I noticed that as well. The weird thing is that when I try your same query in Postman against the play site I can replicate my 500 error:

If I change to false I get a 409 validation error, which is fine for my purposes.

So maybe our Postmans are doing something something slightly with query parameters?