ContentNotFoundException inapproporate with missing MinimumRoles setting

Found in

EPiServer.ContentDeliveryApi 1.0.1

Fixed in

EPiServer.ContentDeliveryApi 2.1.0


Jun 25, 2018


Oct 30, 2018


Closed, Fixed and tested


Steps to reproduce

1. Customize settings to set RequiredRole setting to "ApiGroup" and do not set MinimumRoles setting in code -> Authorization header is not required in this case.

     var options = new ContentApiOptions
                MultiSiteFilteringEnabled = false,
                RequiredRole = "ApiGroup"

2. Create the user group "ApiGroup" having no rights for all content.
3. Send a GET request without an Authorization header for getting content data:


Returns error code 403 Forbidden with an informative error message.

Returns error code 404 "Content was not found" even though the published content #5 exists on the site. The exception in log file as below is not related to the root cause that is a matching group and minimum access rights for MinimumRoles setting.

ERROR EPiServer.ContentApi.Controllers.ContentApiController: Content was not found
EPiServer.Core.ContentNotFoundException: Content was not found
   at EPiServer.ContentApi.Controllers.ContentApiController.ResultFromContent(IContent content, String expand)
   at EPiServer.ContentApi.Controllers.ContentApiController.Get(String contentReference, List`1 languages, String expand)