Showing results for 
Search instead for 
Did you mean: 

Rest API - The consumer isn't authorized to access %resources

Rest API - The consumer isn't authorized to access %resources

I have written a script to make use of Magento Bulk Endpoints in order to quickly and efficiently import hundreds and potentially thousands of products into magento.

The first part is to get the authorisation token that will then be passed to the "/async/bulk/V1/products" magento endpoint rest service for the "Authorization Bearer" param.

So from my script, when making a CURL request to the "rest/V1/integration/admin/token" magento endpoint rest service to get the token, I pass my admin user (username, password) as params. My users USER Role has ALL privileges, so that is not the issue.

This successfully returns a token.

What seems to happen then is after this, magento then delegates to Magento\WebapiAsync\Controller\Rest\Asynchronous\InputParamsResolver - resolve()

then this line is run:

which calls: Magento\Webapi\Controller\Rest\RequestValidator - validate()

which then calls Magento\Webapi\Controller\Rest\RequestValidator - checkPermissions()


and this fails giving error "The consumer isn't authorized to access %resources" and therefore rendering the token request inoperable

Back in the file Magento\WebapiAsync\Controller\Rest\Asynchronous\InputParamsResolver - resolve()

If I comment out the call to validate, it works

Of course I know this is bad and I wouldnt do that. But why would this fail using the correct admin user (username, password)

My curl request is as such

$requestUri = 'http://my-domain/rest/V1/integration/admin/token';
$data = [
    "username" => "myusername",
    "password" => "mypassword"

$data_string = json_encode($data);
$ch = curl_init($requestUri);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Length:' . strlen($data_string))

$authToken = curl_exec($ch);

return $authToken;

This token is fine and valid.

When I do comment out

Magento\WebapiAsync\Controller\Rest\Asynchronous\InputParamsResolver - resolve()

works fine, but if I dont I get the error:
The consumer isn't authorized to access %resources

and the token is then returned as null subsequent services cannot be called without the bearer token

What am I doing wrong?