How to remove all Gateways/Ranges from the BlockedIpZone using the Zones API

I’m using the “Update a Network Zone” API method (i.e.: PUT/api/v1/zones/${zoneId} as described here to add and remove Gateways from the BlockedIpZone in my Okta dev tenant successfully… I can add an remove CIDRs and RANGES without an issue…

EXCEPT if the update operation involves removing the last Gateway (such as an /32 CIDR IP address).

I’m trying to do so buy setting

"gateway": null

in the request body of the PUT request to /api/v1/zones/${zoneId} (mimicking what I have seen as the value for the “gateway” key when I get the details of the BlockedIpZone through Zones API after manually deleting all the contents of the BlockedIpZone using the admin console,… but doing so returns the following API error:

"api_object": {
"errorCauses": [],
"errorCode": "E0000001",
"errorId": "oaejsGeHmYQRRKNqD2wNiT7XA",
"errorLink": "E0000001",
"errorSummary": "Api validation failed: Both gateways and proxies cannot be missing for the IP Zone."
"status_code": 400,

I have checked the documentation for this API method multiple times but I have not been able to find a way to empty the BlockedIpZone through the API Zone Update method without triggering this error.

Am I missing something here, please?

Thanks in advance for any advice!

Hey @AlbertoC Do you get a similar error trying to do this clickops through the admin console?

Sounds like a bug since you can add and remove all other values. Perhaps raise with Support if you haven’t already? The Zones API is an early access feature so more likely to be buggy.