REST API active users

Not sure if this is a bug or if I’m doing something wrong but basically every time I make a REST api call to a mikrotik device, it creates a new active user, that seems to linger forever. At the moment I have about a hundred active users. I’ve tested this with 7.14.3 and 7.15rc1, same thing for both.

/user/active> print proplist=when,via
Columns: WHEN, VIA
 # WHEN                 VIA      
 0 2024-04-24 16:31:07  (unknown)
 1 2024-04-24 16:41:44  (unknown)
 2 2024-04-24 16:51:45  (unknown)
 3 2024-04-24 17:01:45  (unknown)
 4 2024-04-24 17:11:46  (unknown)
 5 2024-04-24 17:21:47  (unknown)
 6 2024-04-24 17:31:47  (unknown)
 7 2024-04-24 17:41:48  (unknown)
 8 2024-04-24 17:51:48  (unknown)
 9 2024-04-24 18:01:49  (unknown)
10 2024-04-24 18:11:49  (unknown)
11 2024-04-24 18:21:50  (unknown)
12 2024-04-24 18:31:50  (unknown)
13 2024-04-24 18:41:51  (unknown)
14 2024-04-24 18:51:52  (unknown)
15 2024-04-24 19:01:52  (unknown)
16 2024-04-24 19:11:53  (unknown)
17 2024-04-24 19:21:53  (unknown)
18 2024-04-24 19:31:54  (unknown)
19 2024-04-24 19:41:54  (unknown)
20 2024-04-24 19:51:55  (unknown)
21 2024-04-24 20:01:55  (unknown)
22 2024-04-24 20:11:56  (unknown)
23 2024-04-24 20:21:56  (unknown)
24 2024-04-24 20:31:57  (unknown)
25 2024-04-24 20:41:57  (unknown)
26 2024-04-24 20:51:58  (unknown)

I want to say it used say “api” for via, not “(unknown)” - so that’s also not right here.

When you say “forever”, so you mean longer than 2 minutes. AFAIK REST API is just a proxy layer over the native API, and that api uses sessions… so reasonable it stick around for REST timeout plus some extra to avoid re-auth to native API for subsequent stateless HTTP REST API requests.

But >5 minutes would seem to be a bug, likely even shorter than that too.

Yes, a lot longer than 5 minutes, those logins are hours old, also, it does create an api user too (only one as far as I’ve seen), but the unknowns just keep adding up.

...
60 2024-04-25 02:22:17  (unknown)
61 2024-04-25 02:32:17  (unknown)
62 2024-04-25 02:42:18  (unknown)
63 2024-04-25 02:42:18  api

I see two entries (plus winbox ones) in 7.15rc1. One that says (unknown) from the remote IP, and 2nd that says “api” with no IP.

 1 2024-04-24 11:18:10  xxxuser  192.XX.XX.148  (unknown)
 2 2024-04-24 11:18:10  xxxuser                  api

I don’t see multiple ones, but I only tested from my laptop, so only one remote IP. I’ll check tomorrow and see if it’s still there since this router doesn’t (or shouldn’t) get any REST API calls.

Ah, sorry forgot to mention that all my users are from the same ip too. A new user is created every 10 minutes, I think that that is the interval of the keep-alive in the rest api (a new connection created every 10 minutes).

# WHEN                 VIA        ADDRESS     
 0 2024-04-24 16:31:07  (unknown)  192.xx.xx.1
 1 2024-04-24 16:41:44  (unknown)  192.xx.xx.1
 2 2024-04-24 16:51:45  (unknown)  192.xx.xx.1
 3 2024-04-24 17:01:45  (unknown)  192.xx.xx.1
 4 2024-04-24 17:11:46  (unknown)  192.xx.xx.1
 5 2024-04-24 17:21:47  (unknown)  192.xx.xx.1
 6 2024-04-24 17:31:47  (unknown)  192.xx.xx.1
 7 2024-04-24 17:41:48  (unknown)  192.xx.xx.1
 8 2024-04-24 17:51:48  (unknown)  192.xx.xx.1
 9 2024-04-24 18:01:49  (unknown)  192.xx.xx.1
10 2024-04-24 18:11:49  (unknown)  192.xx.xx.1
11 2024-04-24 18:21:50  (unknown)  192.xx.xx.1
12 2024-04-24 18:31:50  (unknown)  192.xx.xx.1
13 2024-04-24 18:41:51  (unknown)  192.xx.xx.1
14 2024-04-24 18:51:52  (unknown)  192.xx.xx.1
15 2024-04-24 19:01:52  (unknown)  192.xx.xx.1
16 2024-04-24 19:11:53  (unknown)  192.xx.xx.1
17 2024-04-24 19:21:53  (unknown)  192.xx.xx.1
18 2024-04-24 19:31:54  (unknown)  192.xx.xx.1
19 2024-04-24 19:41:54  (unknown)  192.xx.xx.1
20 2024-04-24 19:51:55  (unknown)  192.xx.xx.1
21 2024-04-24 20:01:55  (unknown)  192.xx.xx.1
22 2024-04-24 20:11:56  (unknown)  192.xx.xx.1
23 2024-04-24 20:21:56  (unknown)  192.xx.xx.1
24 2024-04-24 20:31:57  (unknown)  192.xx.xx.1
25 2024-04-24 20:41:57  (unknown)  192.xx.xx.1
26 2024-04-24 20:51:58  (unknown)  192.xx.xx.1
27 2024-04-24 21:01:59  (unknown)  192.xx.xx.1
28 2024-04-24 21:11:59  (unknown)  192.xx.xx.1
29 2024-04-24 21:22:00  (unknown)  192.xx.xx.1
30 2024-04-24 21:32:00  (unknown)  192.xx.xx.1
31 2024-04-24 21:42:01  (unknown)  192.xx.xx.1
32 2024-04-24 21:52:01  (unknown)  192.xx.xx.1
33 2024-04-24 22:02:02  (unknown)  192.xx.xx.1
34 2024-04-24 22:12:02  (unknown)  192.xx.xx.1
35 2024-04-24 22:22:03  (unknown)  192.xx.xx.1
36 2024-04-24 22:32:04  (unknown)  192.xx.xx.1
37 2024-04-24 22:42:04  (unknown)  192.xx.xx.1
38 2024-04-24 22:52:05  (unknown)  192.xx.xx.1

Sent an email to Mikrotik support about this, they confirmed it is a real issue, and they are aware of it.

Hello, Same issue in 7.13.5

 /user/active/print
Columns: WHEN, NAME, ADDRESS, VIA
   # WHEN                 NAME   ADDRESS         VIA
   0 2024-02-29 18:09:04  admin  172.31.111.2    (unknown)
   1 2024-02-29 18:19:27  admin  172.31.111.2    (unknown)
   2 2024-02-29 18:29:27  admin  172.31.111.2    (unknown)
   3 2024-02-29 18:39:27  admin  172.31.111.2    (unknown)
   4 2024-02-29 18:49:57  admin  172.31.111.2    (unknown)
   5 2024-02-29 19:00:27  admin  172.31.111.2    (unknown)
   6 2024-02-29 19:10:27  admin  172.31.111.2    (unknown)
   7 2024-02-29 19:20:57  admin  172.31.111.2    (unknown)
   8 2024-02-29 19:31:27  admin  172.31.111.2    (unknown)
   9 2024-02-29 19:41:27  admin  172.31.111.2    (unknown)
  10 2024-02-29 19:51:27  admin  172.31.111.2    (unknown)
  11 2024-02-29 20:01:27  admin  172.31.111.2    (unknown)
  12 2024-02-29 20:11:57  admin  172.31.111.2    (unknown)
  
  /user/active/print count-only
 9306

Can you, please, share the support ticket number?

Thank you

The issue with stuck active users and unknown rest-api sessions will be addressed in RouterOS 7.16 version.

Thank you @matiss.

Could you share the SUP ticket number for a reference, please? - to have a possibility to check the status.

Thank you

Has been fixed in RouterOS version 7.16