Deploying failing - "malformed authorization header"


Most of the time when we deploy from Github actions it fails with errors like below - any idea what this is about?

> [09/21] Waiting for 4d891331c67518 [app] to have state: started
> [10/21] Machine 5683dd94a6958e [app] has state: started
> [10/21] Checking that 5683dd94a6958e [app] is up and running
✔ [10/21] Machine 5683dd94a6958e [app] update succeeded
> [12/21] Machine 9080e015a139e8 [app] has state: started
> [12/21] Checking that 9080e015a139e8 [app] is up and running
✔ [12/21] Machine 9080e015a139e8 [app] update succeeded
✖ [11/21] Machine 6e82dd35f7d658 [app] update failed: failed to update VM 6e82dd35f7d658: request returned non-2xx status, 504
✖ [06/21] Machine 3287490eb3e685 [app] update failed: timed out waiting for machine to reach started state: failed to wait for VM 3287490eb3e685 in started state: Get "": net/http: request canceled
✖ [09/21] Machine 4d891331c67518 [app] update failed: timed out waiting for machine to reach started state: failed to wait for VM 4d891331c67518 in started state: Get "": net/http: request canceled

and i click on the link it provides it says

{"error":"malformed authorization header"}
1 Like

Same error. Deploying via Terraform.

Create request failed: 401 Unauthorized, {"error":"malformed authorization header"}

For the context this error started to appear today. Was the an update or outage?

The most recent update was likely Fly deploy changes for process groups and auto-scaled services which may have introduced some other changes under the hood.

Looking through the Terrform provider output (via DEBUG=1 TF_LOG=debug terraform apply) I can for example see the following redirect chain:


which then returns the Swagger docs. I don’t know the significance of this initial request for the provider though.

Unfortunately the (unsupported) Terraform provider seems have become more of a liability than a helpful shortcut.

Sadly seems to be the case :cry:

Why is the terraform provider requesting It’s not an API endpoint, the docs redirect is expected.

It is here

const FLY_MACHINES_ENDPOINT string = ""

BTW app is being made successfully. During machine creation it errs.


2023-11-11T14:18:44.228+1100 [WARN]  unexpected data: terraform.local/local/fly:stdout="2023/11/11 14:18:44.227790 DEBUG [req] HTTP/1.1 POST"
2023-11-11T14:18:44.228+1100 [WARN]  unexpected data:
  | POST /v1/apps/my-machine/machines HTTP/1.1\r
  | Host:\r
  | User-Agent: req/v3 (


HTTP/1.1 301 Moved Permanently\r
  | location:\r
  | server: Fly/442f90d3 (2023-11-07)\r
  | via: 1.1\r
  | fly-request-id: 01HEY674SNC1T1ERKM6QSBYQV5-sin\r
  | content-length: 0\r

It looks like to be http to https redirect and it doesn’t carry the token.


FWIW we’re no longer using the fly_machine resource. Here is a simplified example of our workaround (which still needs to get battle-tested):

terraform {
  required_providers {
    restapi = { source = "Mastercard/restapi", version = "~> 1.18" }

provider "restapi" {
  uri                  = ""
  update_method        = "POST"
  write_returns_object = true

  headers = {
    Authorization = "Bearer ${var.FLY_API_TOKEN}"

resource "restapi_object" "my_machine" {
  path         = "/apps/${}/machines"
  destroy_path = "/apps/${}/machines/{id}?kill=true"

  data = jsonencode({
    // See


The provider specifies as endpoint instead of (source). My best guess is that it’s doing an initial request to check access (somewhere in here maybe).

The provider manages apps through the GraphQL API.

1 Like

Ok, got it fixed: fixed malformed auth issue due to http to https redirect · fly-apps/terraform-provider-fly@c566744 · GitHub :tada:

Given upstream doesn’t release new PRs, I published it under my account: Terraform Registry (NOTE: this release only has a fix for fly machine api)

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.