API just stopped working

We have some APIs in place for a while now, connected to our own CRM. Everything has stopped working today and cannot update Monday.com from our server.

Nothing has changed our side, server can see call externally and API token still the same. However, today all attempts are coming back with 500 errors and cannot see why?

Hey @andyoungy,

I’ve just tried making some API queries from my end, using the Playground, a NodeJS server and Postman - and had no issues making requests in all cases.

Are you still having this issue? If so, I’d suggest reaching out to us at appsupport@monday.com with the following details:

  • A sample of the code or query you are trying to run;
  • A timestamp of the issue;
  • The Board IDs this occurs on;

I’m looking forward to hearing from you soon! :slight_smile:

-Alex

Hi Alex,

Thank you so much for trying. At least we know it isn’t a general API issue if no one else if having a problem. And we cannot see anything in a change log that shows that something might have changed Monday.com side, backed up by you still being able to make calls.

We are investigating our side further, just in case it is a server issue or change our side. But we might also send something through to that email address to get some more help.

Thanks
Andy

@andyoungy

Sounds like a great plan of action :slight_smile: Thank you for considering that and taking a further look.

Please don’t hesitate to reach out if you are still having issues. We’re here to help!

-Alex

Ok, so we have had a go with playgrounds, which we can see is working so the token is fine! However, our developer has tried a new get item from our server and nothing is working. Please see below what he tried and the error, if you can shed any light on it would be great. Note-we cannot see anything that might be with our server, again, nothing has changed!

Query:

query request($id:Int) { items(ids: [$id]) { id name board { id name description board_kind state board_folder_id } group { id title color archived deleted } column_values { id text title type value additional_info } subscribers { id name email } updates(limit: 100000) { id body text_body replies { id body text_body creator_id creator { id name email } created_at updated_at } creator_id creator { id name email } created_at updated_at } creator_id created_at updated_at creator { id name email } } }

Variable id = 1420229580

It’s a really strange, it is saying “Authentication failed, see inner exception” but inner message is
“The message received was unexcepted or badly formatted”.

@andyoungy

Thanks so much for getting those over to me! To be transparent with you, we do see more reportrs of users having issues accessing our API now, and this seems to be related to the same SSL error. Are you running a Windows machine on your server?

We are currently investigating the root cause and trying to identify a solution. I will get back to you as soon as I can with an update.

-Alex

Hi Alex,

Thanks for the update, on here and the support ticket. To keep everything together, and to answer your question, API is running on Window 2008 R2 server but we have tried it from our dev environment using Visual Studio 2019.

Fingers crossed something up come up to resolve soon!

If anyone else sees this and has found a work around (building new, changing server settings etc) please let us know?

Thanks

@andyoungy

I just wanted to provide an update here and mention that, indeed, using only newer than SVR 2012R2 or Win8.1 will work, as those OSs have strong cipher support.

We are still investigating the behavior and as soon as I have any further feedback, I’ll get back to you with an updat.e

-Alex

We had the same issue last week as our app was deployed on windows server 2012R2 and suddenly it stopped working due to same cipher issue. We had to quickly resolve this by deploying a new VM for windows server 2022 on AWS and publish the app there.

@andyoungy – can you clarify if the issue is still occurring?

I think @umair has the right solution here, since your screenshot shows an SSL error.

Last week we deprecated some outdated cipher suites to improve the security of our platform. Most commonly, this affected folks who were making API calls from old versions of Windows Server (Windows 2012 R2 was particularly common, as it uses outdated ciphers by default).

We have since rolled-back the change, but we will eventually deprecate these ciphers to keep up with modern encryption practices.

Bottom line, you shouldn’t get the error message anymore, BUT I recommend you upgrade your server’s OS, so you don’t get hit with this error when we do stop accepting these suites.

Thats right, it was due to outdated cipher suites. There is no way we can install or update cipher suites on an existing windows OS and the resolution is only to update to newer OS.

I am not 100% sure, but I think this is because we generated LetsEncrypt certificate on our windows server and the SSL used machine’s root certificate without outdated ciphers?

The change to remove cipher suites should have been conveyed to api users beforehand but was probably missed by monday team. Is there a page or a blog article published for this change so other users can also know about the deprecation?

1 Like

Hey @umair – we are planning on updating our accepted ciphers, but no specific timeline on when. I’ll notify you when we do have a specific date on it.

Hi all,

Thank you for the updates and continued support. Alex helped us on our suppert ticket to confirm the problem and let us know when the server was reverted back. We can connect to Monday.com with our APIs again so all working.

We are in the process of spinning up a new server to move too so that will solve the problem in the long term.

Thanks all
Andy

Thanks everyone, we were experiencing the same problem. We are running Windows Server 2012 R2.

I wonder, if Monday will try the enhanced encryption again, will they first set up a beta endpoint with this encryption? So we can test in advance?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.