3

Error : Rest API for customer return 403 access denied error.

Format : website/rest/api/customer -> 403 access denied error

Magento\Framework\Webapi\Exception::HTTP_FORBIDDEN

enter image description here

Teja Bhagavan Kollepara
3,8275 gold badges33 silver badges69 bronze badges
asked Oct 16, 2018 at 6:48
12
  • Are you using POSTMAN ? and which method you're using ? Commented Oct 16, 2018 at 7:00
  • Share your url, url method and please check your token is valid or not. Commented Oct 16, 2018 at 7:00
  • @AdityaShah I just simply enter in url like websitename/api/rest/products not working, in localhost localhost/magento/api/rest/products returns my products in json format. Commented Oct 16, 2018 at 7:03
  • @AdityaShah How can i check my token? Commented Oct 16, 2018 at 7:03
  • Yeah zus i understand your concern but when url is redirected at 404 it means your url method or url might be wrong, so i need more details :) Commented Oct 16, 2018 at 7:04

2 Answers 2

2
+50

Error : Rest API for products return 404 page error in Live Site.

Retrieve the list of products for Admin user with OAuth authentication

<?php
/**
 * Example of retrieving the products list using Admin account via Magento REST API. OAuth authorization is used
 * Preconditions:
 * 1. Install php oauth extension
 * 2. If you were authorized as a Customer before this step, clear browser cookies for 'yourhost'
 * 3. Create at least one product in Magento
 * 4. Configure resource permissions for Admin REST user for retrieving all product data for Admin
 * 5. Create a Consumer
 */
// $callbackUrl is a path to your file with OAuth authentication example for the Admin user
$callbackUrl = "http://yourhost/oauth_admin.php";
$temporaryCredentialsRequestUrl = "http://yourhost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://yourhost/admin/oAuth_authorize';
$accessTokenRequestUrl = 'http://yourhost/oauth/token';
$apiUrl = 'http://yourhost/api/rest';
$consumerKey = 'yourconsumerkey';
$consumerSecret = 'yourconsumersecret';
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
 $_SESSION['state'] = 0;
}
try {
 $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
 $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
 $oauthClient->enableDebug();
 if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
 $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
 $_SESSION['secret'] = $requestToken['oauth_token_secret'];
 $_SESSION['state'] = 1;
 header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
 exit;
 } else if ($_SESSION['state'] == 1) {
 $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
 $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
 $_SESSION['state'] = 2;
 $_SESSION['token'] = $accessToken['oauth_token'];
 $_SESSION['secret'] = $accessToken['oauth_token_secret'];
 header('Location: ' . $callbackUrl);
 exit;
 } else {
 $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
 $resourceUrl = "$apiUrl/products";
 $oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/json'));
 $productsList = json_decode($oauthClient->getLastResponse());
 print_r($productsList);
 }
} catch (OAuthException $e) {
 print_r($e->getMessage());
 echo "&lt;br/&gt;";
 print_r($e->lastResponse);
}
answered Oct 20, 2018 at 11:36
2
  • what is the error mean : snag.gy/0i9SUF.jpg? Commented Oct 20, 2018 at 12:29
  • 1
    finally get the oauth_token,oauth_token_secret,oauth_callback_confirmed, then what i need to do? Commented Oct 23, 2018 at 9:51
1

Let's clarify a few things.

  1. Accessing https://www.example.com/api/rest/products from your browser shouldn't return a list of products like your screenshot shows. It should return a 403 with access denied, unless you passed in credentials - it doesn't sound like you did?

  2. According to your question, on your live website, you tried https://www.example.com/api/rest/customer and you're getting a 404, that's because that endpoint doesn't exist. You need to add an s to customers like so https://www.example.com/api/rest/customers

  3. What you're seeing in your browser is not json it's xml

answered Oct 19, 2018 at 11:59
4
  • Updated snag.gy/LcnQVP.jpg like customer to customers getting error, can you guide me solve the issue? FYI - localhost/anusthana/api/rest/products return products values. Commented Oct 19, 2018 at 12:24
  • There is no issue, unless you are authorized you should not be able to access that URL from a browser. You need to be passing along API credentials Commented Oct 19, 2018 at 12:25
  • Also you realize that on your local you are looking for products and on your live you are looking for customers Commented Oct 19, 2018 at 12:26
  • Yes, you are right. example.com/api/rest/products not return products, how can i pass my credentials? @haim Commented Oct 25, 2018 at 7:54

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.