Azure-docs: Ocp-Apim-Trace-Location missing on a 401?

Created on 5 Mar 2018 · 10Comments · Source: MicrosoftDocs/azure-docs

I am trying to diagnose a a 401 response I am getting from my backend api. While trying to follow the steps when I attempt to do a trace I get the following HTTP response

HTTP/1.1 401 Unauthorized

date: Mon, 05 Mar 2018 16:57:11 GMT
www-authenticate: Bearer error="invalid_token", error_description="The signature key was not found"
x-powered-by: ASP.NET
vary: Origin
content-length: 0

And the trace tab displays

Trace is not available because response does not contain Ocp-Apim-Trace-Location header.

It appears that APIM is not adding the trace header when a 401 is returned. Is that expected behavior?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 0a3dd020-373d-9807-fcfd-30fedf005040
Version Independent ID: 34fe30d0-f225-ff8d-1f6b-2494f7aad42d
Content
Content Source
Service: api-management

Pri2 api-managemensvc assigned-to-author doc-bug triaged

Source

leftler

All 10 comments

Thanks for your feedback. We will investigate and update on it soon.

MohitGargMSFT on 5 Mar 2018

@leftler We were unable to reproduce the issue and as a result, we have assigned the document author to take a further look.

BryanTrach-MSFT on 7 Mar 2018

@leftler Thanks for your feedback. It seems we don't have enough information from you to be able to action on this item at this time. I received an update from @vladvino who said he wasn't able to reproduce the issue either.

Please provide additional information to help us track down how we can address this content bug.

For now, #please-close

SyntaxC4 on 21 Mar 2018

I received Ocp-Apim-Trace-Location missing error also. But I am ignoring for now because I know my domain names aren't configured correctly.

TimMcCann on 20 Apr 2018

👍1

I have observed it missing on a 404, and a 400.

iainxt on 20 Jun 2018

You can easily reproduce this by implementing a validate-jwt policy and then supplying a wrong token.

EDIT:
So I was able to get a Ocp-Apim-Trace-Location in response headers.

The only configuration change I made was selecting "Requires subscription" in the settings of the Product containing the API.

szuro on 25 Jun 2018

👍1

Why is this closed? When the API does not require subscription and you provide a wrong token, it still has no trace information. I wanted to test why my JWT validation policy fails, but if there is no trace at all, it is impossible.

seekingtheoptimal on 29 Nov 2019

Okay so this only happens when you do not send the "Ocp-Api-Subscription-Key" header, which I assume is the intended behavior so non-admins cannot use Trace. But this info should be more visible, as many people run into this. And it happens even when the API itself does not require subscription, this is why it is confusing in the dev portal.

seekingtheoptimal on 29 Nov 2019

Actually, in my case I'm sending a subscription key and still getting the same error.

skiryazov on 9 Jan 2020

Same here. I'm using the test feature under apim > Api's. have added Ocp-Apim-Trace : true and Ocp-Apim-Subscription-Key : my admin primary subscr key and i cannot use trace because "response does not contain Ocp-Apim-Trace-Location header".
Is there anything else that needs to be done to activate trace? I think this was working before (around December).

* update *

After a bit of investigation I realized that the "Ocp-Apim-Subscription-Key" header had been renamed. Once that header was set to the new name, it worked.