Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"The consumer isn't authorized to access %resources."

‎01-29-2020 03:57 PM
‎01-29-2020 03:57 PM

"The consumer isn't authorized to access %resources."

We have noticed that starting with Jan7, when making more than 1000 requests against a particular endpoint (for i.e. the /customers, products, orders endpoint) the "The consumer isn't authorized to access %resources." error message starts being returned by the endpoint. The curious part is that if, for example, the /customers endpoint starts returning this error, other endpoints continue to be functional and return valid results(for i.e products). Could you please advise if this is expected behavior or if there were recent changes made that might restrict access to a certain endpoint if a lot of requests have been made? As far as I know, Magento does not impose any rate limits. We have also noticed that refreshing the token solves the issue, but would like to understand the nature of this issue.

 

Thank you in advance for your help!

 

0 Kudos
3 REPLIES 3
‎01-29-2020 07:53 PM
‎01-29-2020 07:53 PM

Re: "The consumer isn't authorized to access %resources."

Hi @cloudelements 

"The consumer isn't authorized to access %resources." error message comes when the API end point resource is "Self" so for this you need to pass customer token in that API not only in this API but in every "Self" resource API.
As we know there are 3 types of resource in Magento API:
1. Administrator or Integration : Resources for which administrators or integrator are authorised. For example, if administrators are authorised for the Magento_Customer::group resource, they can make a GET /V1/customerGroups/:id call.

2. Customer : Resources with "anonymous" or "self" permission.

3. Guest user : Resources with anonymous permission 

 

so there are 3 types or resources when you check the end point which you are hitting you will see in it's webapi.xml file that resource type is self which is number 2 point.

For This you need to generate a customer token using magento default Customer Token API using below end point:

/V1/integration/customer/token

and need to pass below request Parameter:

 

{
"username": "pass customer email id",
"password": "pass customer password",
"device":"Device type from which you login"
}

Once you pass these and hit this POST API then it will return a token for you then you just need to pass it in you API header where you were facing the error to pass in header you have to pass it like:

Authorization :bearer<space><the token generated for customer>

once you do this API will hit.
for more information about resources you can follow Authentication  Dev Docs by Magento.
 
PS: This customer Token generate automatically when customer get login so you just need to pass that token in all those API which are "self" type. 
 If my answer is useful, please Accept as Solution & give Kudos
Shubham Khandelwal 

0 Kudos
‎01-30-2020 03:32 PM
‎01-30-2020 03:32 PM

Re: "The consumer isn't authorized to access %resources."

Hi Shubham Khandelwal ,

 

Thank you for your reply!

 

The user we are logged in with is an admin with full permissions. As far I know, that should be sufficient to have access to all the resources. Also, this issue occurs only when a large number of requests are performed and refreshing the token restores the access to the resource in question. Could you please advise if the steps you provided are still applicable in this case?

 

Thank you and best regards,

Alexandra

0 Kudos
‎02-07-2020 01:00 AM
‎02-07-2020 01:00 AM

Re: "The consumer isn't authorized to access %resources."

Hi @cloudelements 

 

can you please tell me why we are login with admin Credential? if this api is related to customer then you should try with the customer credential and then test it.and about permission yes admin have all the permission but some time it won't do work in case of customer related API so try with customer API and check this hope that will work. as far as what i have shared with you above is for how API works in Magento so it is basically a way to run an api. hope this clears everything. let me know if you still faces issue.

If my answer is useful, please Accept as Solution & give Kudos
Shubham Khandelwal 

0 Kudos