Hi
I am new to Magento but not to APIs, Rest and Oauth.
I am working for a client who had a team install a Magento website. I was brought in to connect our Multiple Channel Selling Tools to the Magento admin tools.
We have been able to generate a request token and exchange it for a permanent access token.
I can use the API to get products but that does not need to authenticate.
Thecal l is being made from another server.
When I try to post a product I get 403 Access Denied. The response is below. While it could be a problem with our code, I think everything looks right and I am not convinced the problem is not in the user/role setups.
This team setup the users and roles. Under Rest Roles there are 4 setup. Customer, Guest, One named after the API but never used, and one the username that I saw on the page there I approved. We will call this user "tony".
All roles have all access.
WHEN I generated the link and request token the magento page said something like "Grant Access to user Tony'
I did these and my system received the access token and secret.
But when I did this I was actually logged in as admin.
Is this part of my problem?
Here is the response.
$VAR1 = bless( {
"_content" => "{\"messages\":{\"error\":[{\"code\":403,\"message\":\"Access denied\"}]}}",
"_headers" => bless( {
"::std_case" => {
"client-date" => "Client-Date",
"client-peer" => "Client-Peer",
"client-response-num" => "Client-Response-Num",
"client-transfer-encoding" => "Client-Transfer-Encoding"
},
"client-date" => "Fri, 30 Jun 2017 17:21:33 GMT",
"client-peer" => "45.79.72.135:80",
"client-response-num" => 1,
"client-transfer-encoding" => [
"chunked"
],
"connection" => "close",
"content-type" => "application/json; charset=utf-8",
"date" => "Fri, 30 Jun 2017 17:21:33 GMT",
"server" => "Apache/2.4.10 (Debian)"
}, 'HTTP::Headers' ),
"_msg" => "Forbidden",
"_protocol" => "HTTP/1.1",
"_rc" => 403,
"_request" => bless( {
"_content" => "{\"visibility\":\"4\",\"sku\":\"1\",\"status\":\"1\",\"name\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"description\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"tax_class_id\":\"2\",\"short_description\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"stock_data\":{\"is_in_stock\":\"1\",\"quantity\":1,\"manage_stock\":\"1\"},\"type_id\":\"simple\",\"weight\":0.17,\"attribute_set_id\":\"1\"}",
"_headers" => bless( {
"accept" => "application/json",
"authorization" => {
"oauth_consumer_key" => "xxxxxx",
"oauth_nonce" => "xxxxxx",
"oauth_signature" => "xxxxxx=",
"oauth_signature_method" => "HMAC-SHA1",
"oauth_timestamp" => 1498843293,
"oauth_token" => "xxxxxxx",
"oauth_version" => "1.0"
},
"content-length" => 540,
"content-type" => "application/json",
"user-agent" => "libwww-perl/6.15"
}, 'HTTP::Headers' ),
"_method" => "POST",
"_uri" => bless( do{\(my $o = "http://tonyetrade.dev2.vuria.com/api/rest/products?oauth_consumer_key=xxxxxx&oauth_nonce=xxxxxxx&oau...")}, 'URI::http' ),
"_uri_canonical" => bless( do{\(my $o = "http://tonyetrade.dev2.vuria.com/api/rest/products?oauth_consumer_key=xxxxxx&oauth_nonce=xxxxxx&oaut...")}, 'URI::http' )
}, 'HTTP::Request' )
}, 'HTTP::Response' );
This is the perl code to send the request. I am sending JSON data to products.
$Net:
Auth:
ROTOCOL_VERSION = Net:Auth:ROTOCOL_VERSION_1_0A;
my $nonce = md5_hex(time() * rand());
my $timestamp = time();
my $request = Net:Auth->request("user auth")->new(
consumer_key => $magento_config{'consumer_key'},
consumer_secret => $magento_config{'consumer_secret'},
request_method => uc( $args{request_method} ),
signature_method => 'HMAC-SHA1',
timestamp => $timestamp,
nonce => $nonce,
request_url => $magento_config{'request_url'} . $args{uri},
token => $args{access_token},
token_secret => $args{access_token_secret},
extra_params => $args{parameters} || {},
);
my $uri = URI->new($args{request_url});
$request->sign;
confess "COULDN'T VERIFY! Check OAuth parameters.\n"
unless $request->verify;
my $params = $request->to_hash;
my $req;
my $preresults = Dumper( $request );
if ($request->{request_method} eq 'POST') {
# Checks if Content-Type: multipart/form is needed
if(defined $args{content_type} and $args{content_type} =~ /json/) {
$req = HTTP::Request::Common:OST(
$request->to_url,
Content_Type => 'application/json',
Accept =>'application/json',
Content => $args{content},
Authorization => $params,
);
}
Any advice greatly appreciated.
Thanks
Mike
In my perl code it said
my $request = Net:Auth->request("user auth")->new(
I am actually using my $request = Net:Auth->request("protected_resource")->new(
user auth was a shotin the dark!
Thanks
Mike