Can’t access API from local machine - domain serves HTML, server URL 502

I deployed a Wasp app to Fly which created three apps:

• mericsfocusvault-client (attached to https://getfocusvault.com)

• mericsfocusvault-server

• mericsfocusvault-db

From my local machine (api/v1/license/activate have a js file listening packets):

• curl -i https://getfocusvault.com/api/v1/license/activate returns 200 text/html (the SPA HTML).

• curl -i https://mericsfocusvault-server.fly.dev/api/v1/license/activate returns 502.

flyctl status shows the server machines as started. The server app’s fly.toml has internal_port = 8080. In local dev everything works (API on http://localhost:3001/api/v1).

I need to keep a single domain (https://getfocusvault.com) and have /api/v1/* reach the server app. Right now, calls from my local machine to the API URL don’t work (HTML on the main domain, 502 on the server app URL).

Probably the problem is in fly.io networking, for server and client, because when I try to run the same project in my local pc and try to access same url api/v1/license/activate from my local pc, I can access it. Probably, the my API request goes to client, not to server, and they respond failure.

Maybe I can merger server and client machines into one? Or find an access url for my server machine with in my domain?

Are you trying to contact one machine from another in the Fly private network? If so, 127.0.0.1 won’t work - that’s localhost.

However if you’re just using 127.0.0.1 for debugging purposes in a machine console, then you need to work out if your listener is still up. What processes do you get with ps aux? What is the output of netstat -tuln?

I am trying to access the API from my own pc, I made a desktop app to access it from my own pc.

I have 3 apps in fly.io

One of them server, db and client.. I made a js file as API coming from request from outside.

When I try to send API request from any other machine, outside the fly.io server/client/db, I cannot access the URL

It gives this response:

curl -i -X POST https://getfocusvault.com/api/v1/license/activate \
  -H 'Content-Type: application/json' \
  -d '{"email":"a@b.com","licenseKey":"abc","machineId":"dev"}'
HTTP/2 200
accept-ranges: bytes
content-length: 1803
content-type: text/html; charset=utf-8
last-modified: Sat, 30 Aug 2025 21:41:26 GMT
date: Tue, 02 Sep 2025 17:01:42 GMT
server: Fly/ab05b014b (2025-09-02)
via: 2 fly.io, 2 fly.io
fly-request-id: 01K45P13X8J4F8EXGJ86PNEQEW-ams

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <link rel="shortcut icon" href="/favicon.ico" />
        <meta
            name="viewport"
            content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no"
        />

        <link rel="manifest" href="/manifest.json" />

        <link rel='icon' href='/app_icon.ico' />
<meta charset='utf-8' />
<meta name='description' content='Your apps main description and features.' />
<meta name='author' content='Your (App) Name' />
<meta name='keywords' content='saas, solution, product, app, service' />
<meta property='og:type' content='website' />
<meta property='og:title' content='Your Open SaaS App' />
<meta property='og:site_name' content='Your Open SaaS App' />
<meta property='og:url' content='https://your-saas-app.com' />
<meta property='og:description' content='Your apps main description and features.' />
<meta property='og:image' content='https://your-saas-app.com/public-banner.webp' />
<meta name='twitter:image' content='https://your-saas-app.com/public-banner.webp' />
<meta name='twitter:image:width' content='800' />
<meta name='twitter:image:height' content='400' />
<meta name='twitter:card' content='summary_large_image' />
<script defer data-domain='<your-site-id>' src='https://plausible.io/js/script.js'></script>
<script defer data-domain='<your-site-id>' src='https://plausible.io/js/script.local.js'></script>

        <title>Meric&#39;s Focus Vault</title>
      <script type="module" crossorigin src="/assets/index-B0kBujDT.js"></script>
      <link rel="stylesheet" crossorigin href="/assets/index-LmymmnuF.css">
    </head>

    <body>
        <noscript>You need to enable JavaScript to run this app.</noscript>
        <div id="root"></div>
    </body>
</html>

I think it is because I have 2 apps as server and client, My API request goes to client, instead of server app probably.

When I try to run the same project in local, I can access it from my own machine since I don’t have seperate machines like client and server. It can respond to me from the localhost:3001. But when I deploy that url cannot respond my local machine. from these urls:

https://getfocusvault.com/api/v1/license/activate or https:/getfocusvault.com/api/v1/license/activate

What do you guys suggest? I would like to access my url.

Could you please check both my reply and the main question, if it is not enough, I will explain more.

Much, much, better. Please always post like that; this is well formatted, and offers plenty of clarity.

OK, so the first thing is that https://mericsfocusvault-server.fly.dev does not seem to be responding from the public internet. I would fix that first. I think this is where your API actually lives.

At a guess, the port listener configured in your fly.toml does not match up with the one that is actually in use.

I will post this, and then will make a suggestion for fixing your other problem.

https://mericsfocusvault-server.fly.dev should this respond to public internet? I used below commands to deploy my project:

wasp deploy fly setup mericsfocusvault cdg
wasp deploy fly create-db cdg
wasp deploy fly deploy

It is default project deployement for wasp. Since the api code stays inside the server my packets cannot reach? Here is my simple tom file:

app = 'mericsfocusvault-server'
primary_region = 'cdg'

[build]

[http_service]
  internal_port = 8080
  force_https = true
  auto_stop_machines = 'stop'
  auto_start_machines = true
  min_machines_running = 1
  processes = ['app']

[[vm]]
  memory = '256mb'
  cpu_kind = 'shared'
  cpus = 1

Secondly, I can see that in your web app, you are making calls to two APIs:

• GET https://getfocusvault.com/api/v1/license/activate
• GET https://mericsfocusvault-server.fly.dev/auth/me

I suspect the first one will fail because there isn’t an API deployed there, and the second one might work, but it needs to be exposed to the public internet first. Now, you may also have CORS problems, since you are using two different domains, but they are resolvable.

As an alternative, you could set up a proxy in getfocusvault.com so that it talks to mericsfocusvault-server.fly.dev on your behalf. That would resolve CORS problems, but at the cost of more set-up work. In fact, if you take this option, you would not need to expose the API server to the internet at all, since the network connection between the two machines could just be on the Fly private network.

GET https://mericsfocusvault-server.fly.dev/auth/me

I think it is related with the framework I am using, I can remove it, it is not that important. My API is a ts file living in /api/v1/license/activate

So for the first issue, what is the best method?

This Fly config looks OK. Make sure you are listening on port 8080 in that app. Also, are you attaching to IPv4 or IPv6? Also, check that you are attaching on all interfaces, and not just local. Finally, if you are still stuck, show us what flyctl ips list gives you for the API app.

I wonder if you are getting your terms mixed up. Your curl attempt indicates that you were POSTing a JSON string to this endpoint, which you would not do for a static JavaScript file. An API is basically a web server that accepts and receives JSON (or some other serialised data format).

Currently I am assuming that your API is not on https://getfocusvault.com, which I guess is why this does not work.

I wonder if this is your trouble. I assume you are running your API container locally in Docker. But your API Fly config specifies port 8080 as the listener; the port number has to match.

api activateLicense {
fn: import { activateLicense } from “@src/apis/licensingApi.js”,
httpRoute: (POST, “/api/v1/license/activate”),
entities: [License, Activation],
auth: false
}

This is my wasp configuration. And licensingApi.js

chatgpt 5 claims that, the issue is related with server and client duality. When I try to access that url, client responds not server, and he thinks my code lives in server In my local pc, I don’t haver server and client, only db and my wasp project..

wasp start/wasp db start, and when I try to curl that as I show you:

curl -i -X POST https://getfocusvault.com/api/v1/license/activate \
  -H 'Content-Type: application/json' \
  -d '{"email":"a@b.com","licenseKey":"abc","machineId":"dev"}'
HTTP/2 200
accept-ranges: bytes
content-length: 1803
content-type: text/html; charset=utf-8
last-modified: Sat, 30 Aug 2025 21:41:26 GMT
date: Tue, 02 Sep 2025 17:01:42 GMT
server: Fly/ab05b014b (2025-09-02)
via: 2 fly.io, 2 fly.io
fly-request-id: 01K45P13X8J4F8EXGJ86PNEQEW-ams

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <link rel="shortcut icon" href="/favicon.ico" />
        <meta
            name="viewport"
            content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no"
        />

        <link rel="manifest" href="/manifest.json" />

        <link rel='icon' href='/app_icon.ico' />
<meta charset='utf-8' />

From this he thinks the client is responding Spa

Haven’t we established that your API lives in https://mericsfocusvault-server.fly.dev?

Sorry if I miss anything could you please maybe explain me what should I do in a single message. Your recomeneded solution etc

Should I maybe modify my domain provider proxy settings?

Start here; get your API server working. I assume it is safe to put on the web, but be aware that if you’re “vibe coding”, AI tools aren’t going to protect you from security issues.

Also, check that your configured port matches the port in your API app. I wonder if it should be 3001, not 8080:

Maybe I should change the toml file port to 3001? It might fix it?

Everyone is vibe coding no? I am SD but, this website thing is new for me, so vibe coding all the way

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.