Deploy API "You are not allowed to access the API" unclear message #4101
Replies: 2 comments 1 reply
-
|
At https://coolify.domain.com/settings you can specify whitelisted ips. The error message is vague. Perhaps better for security, but very annoying. At https://coolify.domain.com/security/api-tokens there is no indication of this setting at /settings. Maybe the ip whitelist should be moved to or at least be mentioned in the api tokens page. |
Beta Was this translation helpful? Give feedback.
-
|
Of note, for intrepid souls - if this doesn't seem to be working for your IP, ifconfig.me and see if its actually reporting your ipv6 instead (as was the case with me). I will second the notion that this error message is needlessly obtuse. What the heck is the security difference between knowing you aren't on a whitelist and not knowing this? You ability to impact it is the same. The expectation that there IS a whitelist is not unreasonable for those who are probing you anyway - oh yeah, and this is opensource, so one could just go look it up. But only in the code because the docs as of this date, do NOT reference the api whitelist even. Who suffers here? The poor schmoe trying to be security conscious from jump, trying to set things up to use the API securely and coming away thinking "goodness, even the API doesn't work on this project..." |
Beta Was this translation helpful? Give feedback.
-
|
Yeah I redact my security statement. This is simply a UI flaw that should be addressed. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Error Message and Logs
{"success":true,"message":"You are not allowed to access the API."}
Steps to Reproduce
-H "Authorization: Bearer 1|TOKEN"
Example Repository URL
No response
Coolify Version
v4.0.0-beta-360
Are you using Coolify Cloud?
No (self-hosted)
Operating System and Version (self-hosted)
Ubuntu 24
Additional Information
No response
Beta Was this translation helpful? Give feedback.
All reactions