cancel
Showing results for 
Search instead for 
Did you mean: 

REST API: The consumer isn't authorized to access %resources. (2.3.1)

REST API: The consumer isn't authorized to access %resources. (2.3.1)

Hi everyone,

 

My Magento 2 is a fresh install 2.3.1 with only 1 category and 1 product available on the frontend.

 

It might be me who doesn't understand properly the documentation about the access token authentication, but I always get a 401 Unauthorized response from my REST API endpoint.

 

What I want to achieve is: get the list of products in my Magento 2 store by using the REST API with an access token from an Integrations with all the permissions (not custom, ALL).

 

Step to reproduce:

  1. Go into System -> Integrations
  2. Create a new Integration with only a name "Test" and the Resource Access set to "All".
  3. Authorize the integration to get all the tokens
  4. Copy the "Access Token" value
  5. Open Postman
  6. Make a GET request to "https://[mymagentohost].com/rest/V1/products
  7. Set the header "Authorization" to "Bearer TOKEN"
  8. Make sure that there is no space before or after the token, only one after "Bearer"

I also tried with the "Content-Type" header set to "application/json".

 

Response to my request: 

 

{
    "message": "The consumer isn't authorized to access %resources.",
    "parameters": {
        "resources": "Magento_Catalog::products"
    }
}
8 REPLIES 8

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

The issue seems to be with PHP 7.1.30 !

 

When I am using PHP 7.2, everything is working fine.

 

I don't really know why. The only difference in the extensions list is mcrypt that is compiled in my PHP 7.1.30 version. 

 

I have tried to install OAuth with pecl in PHP 7.1.30 but it changes nothing.

 

Doesn't anybody know why ?

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

Follow the below settings to fix the API issue.

 

Login to Admin >> Stores >> Stores >> Settings >> Configuration >> SERVICES >> Magento Web API >> Web API Security >> Allow Anonymous Guest Access: Yes

 

Hope it helps!

Thanks.

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

not working

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

Hi Frank! I wanted to say thank you and possibly provide you with the answer. Your post finally led me to solve this problem. After a long and fruitless search I remembered seeing your post and that the PHP version seemed to make a difference - I didn't recall which way round it worked for you so I did it the other way round, downgrading from PHP 7.3 to 7.1 and suddenly it worked. After initially thinking it might have something to do with mcrypt (with it being the difference in installed extensions as you mentioned) and installing it for PHP 7.3 (although, of course, in hindsight this was unnecessary since it worked the other way around for you), I realised that Apache was set to use a different handler for PHP 7.1: suphp instead of cgi. Switching to suphp for PHP 7.3 solved the problem for this version of PHP also!

 

This is really peculiar because - I don't know if you noticed this also - POST requests worked and only the GET requests failed with this authorization error. I have no idea how the handler could affect something as specific as this, but there must be some obscure reason. I wouldn't use either of these handlers normally, but I am in a testing environment and I just happened to choose the problematic one!

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

Thanks mate !!!!!!!!!!

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

I am getting the same error despite 'ALL' being selected on the integration access, this is on version 2.4

 

Has anyone got an explanation for this?

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

Hi scibot

 

I got same error on magento 2.4.1,  Resource Access "all" has been selected  https://prnt.sc/y4afqc

Re: REST API: The consumer isn't authorized to access %resources. (2.3.1)

Quick temp hack (not a solution) till we get better insights
Don't use `ALL` for resource access
Use `Custom` and check them all or better, only what you need API to use