CIP values provokes "400, reason phrase: Bad Request" error

Hi all,

I’m working on a Grails platform web service, reporting api requests to matomo.

This web service is seating behind a load balancer and when testing it, I can hit the public URL (passing through load balancer) or hit directly one of the front end servers (using a VPN).

When hitting the web service via public URL I can collect the IP address but when passing it in the request (CIP) to matomo it seems to provoke a “400, reason phrase: Bad Request” error (see examples below):
2021-04-16 13:01:47 INFO [i.w.WebAnalyticsService] {token_auth=…, idsite=6, rec=1, _id=Romania, uid=Romania, url=https://xxx/show/UKR06673820, action_name=show/UKR06673820, cip=80.96.3.4, apiv=1, rand=…, gt_ms=55}
2021-04-16 13:01:48 ERROR [i.w.WebAnalyticsService] An error occured calling Analytics service: status code: 400, reason phrase: Bad Request [token_auth:XXXXX, idsite:6, rec:1, _id:0customs-Romania, uid:customs-Romania, url:https://itdb.unece.org/api/holders/show/UKR06673820, action_name:holders/show/UKR06673820, cip:80.96.3.4, apiv:1, rand:… gt_ms:55]

Now doing the same but hitting the web service directly I don’t collect the IP address then pass CIP=null to matomo it seems to be fine (see example below):
2021-04-16 12:59:59 INFO [i.w.WebAnalyticsService] {token_auth=…, idsite=6, rec=1, _id=test-fr, uid=test-fr, url=https://xxx/show/UZB074835, action_name=show/UZB074835, cip=null, apiv=1, rand=…, gt_ms=121}

Would anyone have any idea why this is happening ?

Hi,

If you have issues with the tracking API not working as you would expect it, the best way is to (temporarily) enable debugging (https://developer.matomo.org/api-reference/tracking-api#debugging-the-tracker) which makes the matomo.php request respond with a verbose log on how it is interpreted.
This should help you a lot faster to find out what is wrong. (Maybe a parameter is missing or invalid)

Hi Lukas,

Many thanks for your feedback.
Well I didn’t manage to get the person in charge of the matomo server to update the config to turn on the debug mode but after 2 couple of hours working with him we found out the root cause of this issue that i’d like to share for the sake of the Matomo user community.
The trick was that for some reason the token_auth value that was set once upon a time by the person who implemented initially the web analytics reporting on our web services was actually linked to a read only user.
The Matomo doc (https://developer.matomo.org/api-reference/tracking-api) explicitly indicate the optional CIP parameter “requires authentication via token_auth )”.

Now in case, the request was sent with CIP = null, it would disregard the auth_token value as it would consider it as not required, but if a value was assigned to the CIP parameter like CIP = 192.168.1.5 then it would check it …and return 400 bad request error :neutral_face: .

So in short, I’m not really sure to understand why in such a case the error message was not more elaborate (for security reason ? ha ha ha) but this was a hard one to find out and I hope my finding may help others in the future.

Cheers.