[API] PUT /api/settings should validate required fields or support PATCH for partial updates #2892
Description
Problem
When calling PUT /api/settings with a partial payload (e.g., only updating SMTP config), the API accepts the request and replaces ALL settings with the partial payload. This causes:
- Required fields like
app.langandupload.providerbecome empty strings - Listmonk crashes on next restart with
panic: invalid value: app.lang= - Server becomes unbootable until database is manually fixed via direct SQL
Steps to Reproduce
- Have a working Listmonk instance with configured settings
- Call
PUT /api/settingswith only SMTP configuration:
{
"smtp": [{...smtp config...}]
}- API returns success
- Restart Listmonk container
- Result: Server crashes with
panic: invalid value: app.lang=
Expected Behavior
Either:
- Option A: Validate that required fields are present before accepting the update, return 400 error if critical settings would be wiped
- Option B: Support
PATCH /api/settingsfor partial/merge updates (only modify fields that are sent) - Option C: Document clearly that PUT replaces ALL settings and partial payloads will break the instance
Current Workaround
Must fetch ALL settings first via GET /api/settings, modify the specific field in the response, then PUT the entire object back. This is error-prone and not documented.
Environment
- Listmonk version: v6.0.0
- Deployment: Docker (via Coolify)
- Database: PostgreSQL 16
Related Issues
- Partially update a user #1681 (partial update painpoint for other endpoints)
- FEATURE: Swagger along Listmonk w/ better configuration and up-to-date definitions #1886 (swagger outdated for /api/settings)
Impact
This issue caused production downtime twice - the server became completely unbootable until we manually restored ~20 settings via direct database access.
Metadata
Metadata
Assignees
Labels
No labels