Secure an API with OAuth tutorial: Failed to connect, timeout

Not applicable

I followed this tutorial here OAuth tutorial as an example to secure my API. It all went fine till I reached to the step where I finally can test it (section Try calling the API to get your IP address (fail!) ).

When I try to call the url like:

curl https://{org-name}-test.apigee.net/hellooauth2

it causes a connection timeout error:

Failed to connect to {org-name}-test.apigee.net port 443: Connection timed out


The organization name it's OK, because when I change it, it says

Could not resolve host: {fake--org-name}-test.apigee.net


Does anyone know what is going on with that?

0 1 2,099
1 REPLY 1

hmmmmmm

It's a network connection issue.

If you had actually reached an Apigee Edge router, and you had misconfigured something in Apigee Edge, then you'd get something like this:

$ curl -i https://${ORG}-${ENV}.apigee.net/v1/foo
HTTP/1.1 404 Not Found
Date: Thu, 08 Mar 2018 17:05:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 145
Connection: keep-alive
X-Powered-By: Express
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /v1/foo</pre>
</body>
</html>

if you're running on macOS, you can try using openssl to query the secure endpoint.

openssl s_client -connect {$ORG}-${ENV}.apigee.net:443 -showcerts

And also try:

openssl s_client -connect www.google.com:443 -showcerts

If THAT fails, then your machine cannot initiate a basic TLS connection to the apigee host, or to google.com. That would mean it has nothing to do with Apigee at all, but instead has something to do with how your machine is connected to the internet.

The most likely case is that your network requires you to connect through an http proxy. For example, for Safari on macos, you can click Safari > Preferences, and you see this dialogue:

6560-safari-proxy-settings.png

Other browsers have a similar settings option. If your corporate policy is to connect through a proxy, and your browser has the proxy set up correctly, and can connect to apigee.com (and so on), but curl cannot... it may mean that you need to use the proxy from the curl command.

You can do that with the -x option to curl.

If not the browser proxy, it could be a router is filtering requests that don't have a browser user agent. Could be ... lots of things. I've seen that kind of problem when connecting through an every restricted squid proxy, for example.

The solution to that is to talk to your networking people. (if you have networking people)