strativd - Hi there! We recently launched a Tho...
Hi there! We recently launched a ThoughtSpot Liveboard for customers. We have one Liveboard for all customers, and we filter the data with row-level security (RLS). Whenever a customer views the page (using the Visual SDK) we use a single Service Account to login the user with JIT auth. The Service Account makes two API calls to add customers to TS groups for RLS: one group with the Liveboard ID and one group for the customer's subdomain.
We are seeing intermittent API errors when creating groups using the JIT login flow. All of them look like this:
- POST: /api/rest/2.0/groups/create
- Response: "reason: Conflict"
- Status: 409
We'd like to know why the endpoint is responding with a 409 and what we can do to resolve it.
5 Replies
We have seen some issues when we have concurrency in volved while creating user groups. Are you using concurrency? Can you paste what response you are getting?
We are making several requests one-after-another with the same service account: check for user, create groups (2 calls in a row to make two groups), and then getting the auth token (JIT). The calls are not concurrent, but we are using the same service account for all customer login flows so there may be concurrent requests if multiple users are being authed at once 🤔
We don't get any response from the
/groups/create endpoint, or at least we're not logging responses to avoid leaking sensitive data (auth tokens). Any chance your team has the logs for our tenant? All I can see in Sentry is this:
Is this just this response? I can check the logs for your tenant if you can DM me your IP. I can check and confirm what is causing this
Hi @strativd,
The 409 error indicates that a group with the same name already exists in the system. Our system does not allow the creation of duplicate groups, so attempting to create another group with the same name results in this error.
Oh! That's helpful to know 🤦♂️ the API docs don't mention a 409 anywhere so we were confused. We can update our codepath to account for the expected 409 response. Thanks!