Failed to persist entry: API_ERROR: Not Found for org/team repo

[SathyaBhat]

Describe the bug
Trying to create a new post or update an existing post throws

Failed to persist entry: API_ERROR: Not Found

error

To Reproduce

I used the template starter for Gatsby and then pushed the starter template to an org/team repo. Now when I go to Admin, the existing posts are shown fine but updating or creating a new post throws the above error.

This is the repo in question: https://github.com/awsugblr/awsugblr
This repo works fine: https://github.com/SathyaBhat/gatsby-starter-netlify-cms

Expected behavior

Post persists

Applicable Versions:

• Git provider: Github
• OS: macOS Mojave
• Browser version Chrome (Version 70.0.3538.67 (Official Build) (64-bit)) , Safari (Version 12.0 (14606.1.36.1.9))

• Node.JS version:

CMS configuration

https://github.com/awsugblr/awsugblr/blob/master/static/admin/config.yml

Additional context
This seems to affect the org/team repo, I'm not sure if it is related. Also noticed no web hooks are created for the repo in https://github.com/awsugblr/awsugblr/settings/hooks

[erquhart]

Your org probably needs to grant access to your Netlify CMS instance.

[SathyaBhat]

@erquhart I'm not sure how to do that? the Git gateway is enabled and I'm (currently) the sole person behing the org

[SathyaBhat]

Ok, after some messing with the settings turns out if you have Application/oAuth App access restrictions enabled (cf: https://help.github.com/articles/about-oauth-app-access-restrictions/) netlifycms is not able to save the data. I don't see a way to enable access restriction and have NetlifyCMS be granted permission though.

The setting is available at https://github.com/organizations/<org-name>/settings/oauth_application_policy

[erquhart]

Organization members can request owner approval for OAuth Apps they'd like to use, and organization owners receive a notification of pending requests.

Have you already requested access? Help article here: https://help.github.com/articles/requesting-organization-approval-for-oauth-apps/

[SathyaBhat]

I don't see netlifyCMS an app there; Netflify Auth has been granted access and Netlify Identity doesn't show the orgs:

Netlify Auth:

Identity:

[erquhart]

You mentioned no webhooks are present on your repo, which is strange considering your closed PR's did have deploy previews. Are you sure no one else is making changes to the repo?

For now it's difficult to assess this as a Netlify CMS issue - the current disconnect is between the Netlify platform and your GitHub repo.

[SathyaBhat]

Yeah, pretty sure no one else has access to this. For now I have it working so I guess it's fine.

[erquhart]

Cool - feel free to reach out via chat if you have any other questions.

[vitorbarbosa19]

Here is what worked for me:

1. Inside Github go to 'Settings'
2. Click your org name under 'Organization Settings'
3. Click 'Third-party access'
4. Finally, click the button 'Remove restrictions'
   

[meinvolk]

Was running into this issue and the solution was different for me. I created a new Collection type and was pointing the collections -> folder property in the config.yml file to a new folder. But because there was no existing markdown files in the folder nothing got pushed up to the repo. Thus, Netlify CMS did not know where to read or write the new collection type to. After creating a test markdown file in the new folder that the collection was referencing the issue was resolved.

[erquhart]

@meinvolk strange, the folder doesn't actually need to exist (or have files) for a folder collection to work, not sure why that happened.

[SeanAbstract]

What if my account is not under any organization?

[swyxio]

(not answering seanabstract directly)

just chiming in to say i had this problem and going to https://help.github.com/en/articles/requesting-organization-approval-for-oauth-apps and requesting and getting the organization owner to approve the Netlify Auth app worked for me

[chrfritsch]

What if my account is not under any organization?

Having the same problem. I am not under an organization.

My content overview works, but clicking on a blog post I get

{code: 401, msg: "Access to endpoint not allowed: this part of GitHub's API has been restricted"}

[olegkvyatkovskiy]

Was running into this issue and the solution was different for me. I created a new Collection type and was pointing the collections -> folder property in the config.yml file to a new folder. But because there was no existing markdown files in the folder nothing got pushed up to the repo. Thus, Netlify CMS did not know where to read or write the new collection type to. After creating a test markdown file in the new folder that the collection was referencing the issue was resolved.

I fixed this issue in the same way - After creating a test markdown file in the new folder that the collection was referencing the issue was resolved.

[SherG]

Ran into this issue, on a site that deployed via Stackbit. Occurred a couple of months after launch.

To fix this (or any similar API_ERROR message caused by an app) go to Github settings > Applications > Stackbit [or other app] > configure.

If you see a new/pending requests for access from Stackbit or another app, grant access and the API_ERROR will be fixed.

[positonic]

I had the same issue, and resolved it by setting up the OAuth on my organisation

https://github.com/organizations/[my-org]/settings/applications

instead of my personal Github:

https://github.com/settings/developers

It's working with the protective restrictions back on now.

[NathanSkene]

(not answering seanabstract directly)

just chiming in to say i had this problem and going to https://help.github.com/en/articles/requesting-organization-approval-for-oauth-apps and requesting and getting the organization owner to approve the Netlify Auth app worked for me

I also had the "Failed to persist entry" error when I switched to using an organisational repo. The quoted link also solved it for me. Thanks!

[cskerbo]

I was receiving this same error. None of the above worked, and completely removing restrictions should not be an answer - that is a huge security hole. Netlify Auth showed up under my profile's OAuth apps, but did not allow me to grant access to the organization.

What you need to do is login to Netlify, and under "Site Settings" -> "Identity", you need to generate an access token. The authorization that pops up should allow you to grant access to your organization right then and there. This worked for me.

[Phebonacci]

I was receiving this same error. None of the above worked, and completely removing restrictions should not be an answer - that is a huge security hole. Netlify Auth showed up under my profile's OAuth apps, but did not allow me to grant access to the organization.

What you need to do is login to Netlify, and under "Site Settings" -> "Identity", you need to generate an access token. The authorization that pops up should allow you to grant access to your organization right then and there. This worked for me.

This sadly didn't work for me :( I was able to generate an access token but I'm still getting 403s

[lrq3000]

Idem as the last post above. This error started appearing after trying to link my Netlify repo to my organization instead of a personal Github repo. I regenerated the Git Gateway and also the OAuth secret key and transferred ownership of the OAuth app to the organization, but I'm still getting the same error.

[erezrokah]

Hi @lrq3000, another possible option is to create a personal access token and set it under the Git Gateway settings

[lrq3000]

I found the issue: I had to disconnect and reconnect to NetlifyCMS to use the new OAuth app. Here are all the steps I had to follow to relink a Netlify instance after migrating to another (organizational) repository:

If you want to transfer a Netlify instance from one repo to another (eg, relinking from a personal repository to an organization repository), then the following must be done:

1. Change the repository address in the Netlify's Site Settings > Build & Deploy > Continuous Deployment > Build settings, click on Edit settings. The organization repositories won't show up at first, you need to scroll down and click on the button to connect Netlify to a new account, then select the GitHub organization, and then the org's repositories should display. Select the appropriate one.
2. Relink the Netlify Identity providen to the new repository, by going into Site Settings > Identity > Services, then click the Disable Git Gateway button to force delinking to the old repository, then click on Create Git Gateway to create a new one that will be automatically linked to the new repository (because it syncs with the change at step 1 above).
3. Create a new OAuth app on GitHub for the Organization. For some reason, the "Application" setting doesn't show up for organizations anymore, but it's possible to access it manually via: https://github.com/organizations/[my-org]/settings/applications (change [my-org] to your organization's name). Here are the required settings:
   • Application Name: whatever you want to name it.
   • Homepage URL: the URL to the Netlify built website, the one visitors see. Eg, https://my-awesome-website.netlify.app/
   • Application description: whatever you want to remember what this app is about.
   • Authorization callback URL: https://api.netlify.com/auth/done
4. After creating the OAuth app, it should open the app's options (otherwise, go to https://github.com/organizations/[my-org[/settings/applications/) and allow to create a new clients secrets keys. Create one, and then copy it along with the ID to Netlify's Site settings > Access Control > OAuth. If there is already a GitHub entry, delete it, because only one entry per hoster can be saved, and create a new one.
5. Edit /static/admin/config.yml to update the repo field to point to your github repository's address. If necessary, change also the branch field if you don't deploy from the master branch but from another branch (eg, main).
6. If you were connected in the admin panel of NetlifyCMS, disconnect, clear cookies, and reconnect. NetlifyCMS should now ask you to grant a new authorization to the repository using the organization account to the OAuth app you created above, the name you chose for the OAuth app should be displayed. Accept, and you are done!

This last step is crucial, otherwise you will get an error message:

Failed to persist entry: API_ERROR: Although you appear to have the correct authorization credentials, the My-Org organization has enabled OAuth App access restrictions, meaning that data access to third-parties is limited. For more information on these restrictions, including how to enable this app, visit https://docs.github.com/articles/restricting-access-to-your-organization-s-data/

[turq84]

I had the same issue, and resolved it by setting up the OAuth on my organisation

https://github.com/organizations/[my-org]/settings/applications

instead of my personal Github:

https://github.com/settings/developers

It's working with the protective restrictions back on now.

This worked for me, but instead of setting it up on my organization, I was able to transfer the ownership of the OAuth from my personal account to the organization. Thanks for the insight!