It seems that similar questions have been asked but none seem to solve my specific problems. We have developed a routine to automatically update and create product information using the REST API. This routine has been working in our test environment for some time and also working on a couple of other customer sites. Two weeks ago after a Godaddy error/update the REST API stopped working with the error:-
{
"message": "Consumer is not authorized to access %resources",
"parameters": {
"resources": "Magento_Catalog::products"
}
}
We have tried talking to Godaddy, and to C-panel but to no avail. In our test environment, we resorted to doing a completely new install of magento2 (2.1.9); even with this we still got the error.
After re-installing we generate the Integration Access Token Integration Access Token
We use the 'access token' to try a simple test and select the products (HTML version)
GET /rest/V1/products?searchCriteria[page_size]=0 HTTP/1.1
Host: mysite.com
Authorization: Bearer 7l20v2kyp9g7o2jug772soeexn6eyonj
Cache-Control: no-cache
Postman-Token: 4f6d6368-0d05-4f09-a793-6e9aa679e414
and this returns the "Consumer is not authorized error'.
Does anyone have any ideas as to why we get this error and how to solve it?
PHP version is 7.0.30
Since we host on Godaddy we don't have access to root privileges but don't believe we should need these as before it was working.
-
This video could be helpful youtu.be/9OpjTwifhaE, it describes Magento 2 rest API access levels.Dima Portenko– Dima Portenko2020年07月13日 19:28:35 +00:00Commented Jul 13, 2020 at 19:28
1 Answer 1
I have seen this before and I found two main causes. The REST user in use doesn't have access to its User Role. Check the selected role on the user account at System > Permissions > All Users > $username > User Role. Verify the role at System > Permissions > User Roles > $selected role.
The other issue I ran into, which gave me the same message, was a token expiry issue. I had to change expiration timeouts under Stores > Configuration > Services > OAuth.
I changed the Cleanup and Consumer Settings.
I changed the Expiration Period to greater than six hours under Cleanup Settings, then changed the Expiration Period under Consumer Settings to 432000 (five full days).
I was testing a very long-running API connection from a local application. Change those back to defaults when you're done testing for security purposes.