AppVeyor API delete build behaviour

Ingo's Avatar

Ingo

20 Nov, 2020 12:04 PM

Hello AppVeyor,

using the AppVeyor API to clean up the build history, I noticed different behaviour in different projects which use the same (python) script, only environment vars change (account name, project slug), both api token were encrypted the same way by https://ci.appveyor.com/tools/encrypt

It works as expected here:
https://ci.appveyor.com/project/SASfit/sasfit/build/job/95y52e48vyg...

The same code does not work here:
https://ci.appveyor.com/project/IngoBressler/jupyter-integration/bu...

I am not sure if the URL is correct since it requires an account (?) and it says at the API token page that /api/account/*** should be prefixed to any API call. All the examples do not use this. I did a quick test with a slightly changed URL (removing the 2nd api) which gives me HTTP status 200 but does not delete anything (shouldn't it be an error then?):
https://ci.appveyor.com/project/IngoBressler/jupyter-integration/bu...

Thanks for any hints on what might be wrong!
Best regards
Ingo

  1. Support Staff 1 Posted by Feodor Fitsner on 20 Nov, 2020 06:03 PM

    Feodor Fitsner's Avatar

    Hi Ingo,

    The only guess I can make is that token has no permissions to delete the build or access the account. I'd try running the requests with curl to see if they work and what response is.

    URL with two /api is definitely wrong: https://ci.appveyor.com/api/account/IngoBressler/api/builds/36294490. It gives 200 though as it falls back to index.html of SPA.

  2. 2 Posted by Ingo on 26 Nov, 2020 04:52 PM

    Ingo's Avatar

    Hi Feodor,

    thanks for having a look. Using curl with the SASfit account it works as
    expected. Using curl with the IngoBressler account it tells me:

    $ curl -w "%{http_code}" -X DELETE -H "Authorization: Bearer ***"
    https://ci.appveyor.com/api/account/IngoBressler/builds/36294992

    {"message":"Account cannot be accessed with current authentication
    method."}401

    While the settings under *Security* and *API Keys* are the same in both
    profiles/accounts, the bearer token is different only.

    Thanks for any hints.

    Best regards
    Ingo

  3. Support Staff 3 Posted by Feodor Fitsner on 27 Nov, 2020 03:11 AM

    Feodor Fitsner's Avatar

    Actually, account IngoBressler has both APIv1 and APIv2 login methods disabled. Allow them on Account -> Security page.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac