Loading

API returns 503 Service Unavailable error to clients

Date de publication: Jul 25, 2025
Résolution

SYMPTOM

All clients of a deployed API receive 503 Service Unavailable error (similar to following example): 
$ curl -v http://vending-machine-api.au.cloudhub.io/api/machines
*   Trying 52.62.82.235...
* Connected to vending-machine-api.au.cloudhub.io (52.62.82.235) port 80 (#0)
> GET /api/machines HTTP/1.1
> Host: vending-machine-api.au.cloudhub.io
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 503 Service Unavailable
< Date: Wed, 07 Sep 2016 04:48:46 GMT
< Server: nginx
< transfer-encoding: chunked
< Connection: keep-alive
< 
* Connection #0 to host vending-machine-api.au.cloudhub.io left intact
Service not available for request uri: /api/machines

CAUSE

This issue may affect API's deployed to Mule Runtime 3.8x or greater and is caused by a feature introduced in 3.8x, the Gatekeeper.
Gatekeeper is a process on the mule server which by default blocks any incoming request to the API if the API has not been successfully paired with API Manager to receive appropriate policies. This security setting means that by default - if a policy is not applied or is accidentally not applied, the API cannot be accessed. This is different to previous versions, where it was the opposite. If the policy is not applied, anyone can access the API.
The following is an example log entry shown in mule_ee.log file showing that Gatekeeper is blocking requests: 
INFO  2016-09-07 04:46:38,815 [qtp145809867-35] com.mulesoft.module.policies.lifecyle.GateKeeper: API Vending-Machine 1.0 is blocked. Requests to this API will return 503 status code.
Alternatively, the following is what we expect to see when the API has paired successfully and Gatekeeper has unblocked it. Note that the last line indicates that the API is unblocked. 
INFO  2016-09-07 04:36:31,053 [qtp713027165-35] com.mulesoft.module.client.autodiscovery.AutoDiscoveryDeploymentListener: Successfully created API named Vending-Machine with version 1.0
INFO  2016-09-07 04:36:31,379 [qtp713027165-35] com.mulesoft.module.client.autodiscovery.AutoDiscoveryDeploymentListener: Successfully registered source http://vending-machine-api.au.cloudhub.io/api/* to API Vending-Machine with version 1.0
INFO  2016-09-07 04:36:31,981 [qtp713027165-35] com.mulesoft.module.client.autodiscovery.AutoDiscoveryDeploymentListener: Successfully added root RAML to Vending-Machine with version 1.0
INFO  2016-09-07 04:36:31,982 [qtp713027165-35] com.mulesoft.mmc.agent.service.impl.ApplicationServiceImpl: Successfully deployed [vending-machine-api]
INFO  2016-09-07 04:36:32,841 [agw-policy-polling.01] com.mulesoft.module.policies.lifecyle.GateKeeper: API Vending-Machine 1.0 is now unblocked.
Note: for deployments in CloudHub, these log messages are not shown in the aggregated CloudHub logs.

SOLUTION

Ensure your API is successfully paired with API Manager and appears in API Manager as "Active".
Alternatively Gatekeeper can be disabled. Disabling Gatekeeper should be done for testing purposes only as it might allow unauthorized operations unless controlled by appropriate policies. Remember that Gatekeeper is a security feature. When Gatekeeper is disabled, no logs entries are printed in mule_ee.log from Gatekeeper.
Gatekeeper can be disabled by starting mule with the following start-up parameter:

For Mule Runtime 3.x

anypoint.platform.gatekeeper=false

For Mule Runtime 4.x

anypoint.platform.gatekeeper=disabled

For details on how to set the start-up parameter in different MuleSoft products see the KB Article How can I set Mule and Java system properties at startup?
Examples:
For Mule Runtime command line:
  • For Mule 3.x: "mule -M-Danypoint.platform.gatekeeper=false"
  • For Mule 4.x:  "mule -M-Danypoint.platform.gatekeeper=disabled"
OR set the following in wrapper.conf (add a line): 
  • For Mule 3.x: "wrapper.java.additional.<n>=-Danypoint.platform.gatekeeper=false
  • For Mule 4.x: "wrapper.java.additional.<n>=-Danypoint.platform.gatekeeper=disabled
In Anypoint Studio go to menu Run / Run As / Mule Application (Configure) / Arguments tab / VM Arguments and add:
  • For Mule 3.x: -Danypoint.platform.gatekeeper=false
  • For Mule 4.x: -Danypoint.platform.gatekeeper=disabled
OR If the API is deployed into Mulesoft Cloudhub, following property can be set in applications CloudHub Properties 
  • For Mule 3.x: anypoint.platform.gatekeeper=false
  • For Mule 4.x: anypoint.platform.gatekeeper=disabled

References

https://docs.mulesoft.com/api-manager/gatekeeper
Numéro d’article de la base de connaissances

001118959

 
Chargement
Salesforce Help | Article