cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 1.x Access denied when Posting a Product

Magento 1.x Access denied when Posting a Product

Hi

I am new to Magento but not to APIs, Rest and Oauth.

I am working for a client who had a team install a Magento website. I was brought in to connect our Multiple Channel Selling Tools to the Magento admin tools.

 

We have been able to generate a request token and exchange it for a permanent access token.

 

I can use the API to get products but that does not need to authenticate.

 

Thecal l is being made from another server.

 

When I try to post a product I get 403 Access Denied. The response is below. While it could be a problem with our code, I think everything looks right and I am not convinced the problem is not in the user/role setups.

 

This team setup the users and roles. Under Rest Roles there are 4 setup. Customer, Guest, One named after the API but never used, and one the username that I saw on the page there I approved. We will call this user "tony".

 

All roles have all access.

WHEN I generated the link and request token the magento page said something like "Grant Access to user Tony'

 

I did these and my system received the access token and secret.

 

But when I did this I was actually logged in as admin.

 

Is this part of my problem?

 

Here is the response.

 

 

$VAR1 = bless( {
                 "_content" => "{\"messages\":{\"error\":[{\"code\":403,\"message\":\"Access denied\"}]}}",
                 "_headers" => bless( {
                                      "::std_case" => {
                                                      "client-date" => "Client-Date",
                                                      "client-peer" => "Client-Peer",
                                                      "client-response-num" => "Client-Response-Num",
                                                      "client-transfer-encoding" => "Client-Transfer-Encoding"
                                                    },
                                      "client-date" => "Fri, 30 Jun 2017 17:21:33 GMT",
                                      "client-peer" => "45.79.72.135:80",
                                      "client-response-num" => 1,
                                      "client-transfer-encoding" => [
                                                                    "chunked"
                                                                  ],
                                      "connection" => "close",
                                      "content-type" => "application/json; charset=utf-8",
                                      "date" => "Fri, 30 Jun 2017 17:21:33 GMT",
                                      "server" => "Apache/2.4.10 (Debian)"
                                    }, 'HTTP::Headers' ),
                 "_msg" => "Forbidden",
                 "_protocol" => "HTTP/1.1",
                 "_rc" => 403,
                 "_request" => bless( {
                                      "_content" => "{\"visibility\":\"4\",\"sku\":\"1\",\"status\":\"1\",\"name\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"description\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"tax_class_id\":\"2\",\"short_description\":\"Baseball MLB 2017 Tier One Autographed Prodigies Patches #APP-AJO Adam Jones MINT MEM Auto 8/10 Orioles\",\"stock_data\":{\"is_in_stock\":\"1\",\"quantity\":1,\"manage_stock\":\"1\"},\"type_id\":\"simple\",\"weight\":0.17,\"attribute_set_id\":\"1\"}",
                                      "_headers" => bless( {
                                                           "accept" => "application/json",
                                                           "authorization" => {
                                                                              "oauth_consumer_key" => "xxxxxx",
                                                                              "oauth_nonce" => "xxxxxx",
                                                                              "oauth_signature" => "xxxxxx=",
                                                                              "oauth_signature_method" => "HMAC-SHA1",
                                                                              "oauth_timestamp" => 1498843293,
                                                                              "oauth_token" => "xxxxxxx",
                                                                              "oauth_version" => "1.0"
                                                                            },
                                                           "content-length" => 540,
                                                           "content-type" => "application/json",
                                                           "user-agent" => "libwww-perl/6.15"
                                                         }, 'HTTP::Headers' ),
                                      "_method" => "POST",
                                      "_uri" => bless( do{\(my $o = "http://tonyetrade.dev2.vuria.com/api/rest/products?oauth_consumer_key=xxxxxx&oauth_nonce=xxxxxxx&oau...")}, 'URI::http' ),
                                      "_uri_canonical" => bless( do{\(my $o = "http://tonyetrade.dev2.vuria.com/api/rest/products?oauth_consumer_key=xxxxxx&oauth_nonce=xxxxxx&oaut...")}, 'URI::http' )
                                    }, 'HTTP::Request' )
               }, 'HTTP::Response' );

 

This is the perl code to send the request. I am sending JSON data to products.

 

  $Net:Smiley SurprisedAuth:Smiley TongueROTOCOL_VERSION = Net:Smiley SurprisedAuth:Smiley TongueROTOCOL_VERSION_1_0A;
  my $nonce = md5_hex(time() * rand());
  my $timestamp = time();

  my $request = Net:Smiley SurprisedAuth->request("user auth")->new(
      consumer_key      => $magento_config{'consumer_key'},
      consumer_secret   => $magento_config{'consumer_secret'},
      request_method    => uc( $args{request_method} ),
      signature_method  => 'HMAC-SHA1',
      timestamp         => $timestamp,
      nonce             => $nonce,
      request_url       => $magento_config{'request_url'} . $args{uri},
      token             => $args{access_token},
      token_secret      => $args{access_token_secret},
      extra_params      => $args{parameters} || {},
  );


  my $uri = URI->new($args{request_url});
  $request->sign;



  confess "COULDN'T VERIFY! Check OAuth parameters.\n"
      unless $request->verify;

  my $params = $request->to_hash;
  my $req;

    my $preresults =  Dumper( $request );

  if ($request->{request_method} eq 'POST') {
    # Checks if Content-Type: multipart/form is needed
    if(defined $args{content_type} and $args{content_type} =~ /json/) {
      $req = HTTP::Request::Common:Smiley TongueOST(
                     $request->to_url,
                     Content_Type => 'application/json',
                                         Accept =>'application/json',
                     Content => $args{content},
                     Authorization => $params,
                    );
    }

 

Any advice greatly appreciated.

 

Thanks

Mike

 

1 REPLY

Re: Magento 1.x Access denied when Posting a Product

In my perl code it said

my $request = Net:Smiley SurprisedAuth->request("user auth")->new(

 

I am actually using my $request = Net:Smiley SurprisedAuth->request("protected_resource")->new(

 

user auth was a shotin  the dark!

 

Thanks

Mike