I’ve tried to reproduce that behaviour without luck. Could you take a look in the Octopus Server log file from that time and find the full stack trace of the NullReferenceException? That would help us track down the root cause and fix it.
Are you trying to automate API keys with a script, or is this error happening when you use the Octopus UI?
Here are the log messages for that error (again **** used for obfuscation). This problem is happening when I use the Octopus UI.
2018-04-16 09:56:29.7260 6108 522 ERROR Unhandled error on request: http://****/api/users/Users-21/apikeys/apikeys-YtPXw8TX4n3vg9LqH2VYCl45s 9eaa5ebf05ac4bbaba66ec0b8f35284d by ****@****.**** : Object reference not set to an instance of an object.
System.NullReferenceException: Object reference not set to an instance of an object.
at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalLoader.GetPrincipalForUser(IUser user, AuthenticationSourceDescriptor authenticationSourceDescriptor)
at Octopus.Server.Web.Infrastructure.Security.CanEditAdministrator.AuthorizeAction(ISpecialRuleContext context)
at Octopus.Server.Web.Infrastructure.Api.Responder`1.ExecuteRegisteredRules[TRule](Action`2 ruleCallback)
at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context)
at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
at Octopus.Server.Web.Infrastructure.OctopusNancyModule.<>c__DisplayClass14_0.<get_Routes>b__1(Object x)
at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)
2018-04-16 09:56:37.1323 6108 249 ERROR Unhandled error on request: http://****/api/users/Users-21/apikeys/apikeys-YtPXw8TX4n3vg9LqH2VYCl45s aca719847cf14af3bf3a366441bdb982 by ****@****.****: Object reference not set to an instance of an object.
System.NullReferenceException: Object reference not set to an instance of an object.
at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalLoader.GetPrincipalForUser(IUser user, AuthenticationSourceDescriptor authenticationSourceDescriptor)
at Octopus.Server.Web.Infrastructure.Security.CanEditAdministrator.AuthorizeAction(ISpecialRuleContext context)
at Octopus.Server.Web.Infrastructure.Api.Responder`1.ExecuteRegisteredRules[TRule](Action`2 ruleCallback)
at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context)
at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
at Octopus.Server.Web.Infrastructure.OctopusNancyModule.<>c__DisplayClass14_0.<get_Routes>b__1(Object x)
at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)