Magento – Consumer is not authorized to access %resources magento 2

magento2rest api

I try to get one particular customer orders that time i am facing below error.

{
"message": "Consumer is not authorized to access %resources",
"parameters": {
    "resources": "Magento_Catalog::products"
}}

enter image description here

Any one please help me. how i fix this error.

Best Answer

Are you sure that your token is valid? I just checked it using postman too and was able to get list of products. Is your token for an admin or customer? Please, double check that. Customer do not have an access to these resources.

You can read in documentation that customer/admin tokes have different endpoints http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html

More detailed explanation: The resource you are trying to get is configured as follow:

<route url="/V1/products" method="GET">
    <service class="Magento\Catalog\Api\ProductRepositoryInterface" method="getList"/>
    <resources>
        <resource ref="Magento_Catalog::products" />
    </resources>
</route>`

Firstly: ref="Magento_Catalog::products" means that only users with configured ACL which allow access to this resource are allowed to get it. In magento ONLY admin user can have a configuration of ACL.

Secondly: you are using token authentication. In magento you can obtain token either for a customer and for an admin. Since only admin with properly configured ACL can be authorized for this resource you must authenticate yourself with an admin token.

I can see that you are passing a token in your request so my assumption is that you pass a token for a customer or if this is admin's token then this particular admin user do not have access to this resource due to ACL missconfiguration.

Related Topic