Magento – Consumer is not authorized to access %resources Magento_Sales::sales

apimagento2restsales-order

I have this basic API script:

<?php
    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);
    error_reporting(-1);

    $usr = [
        'username' => 'username',
        'password' => 'somePassword'
    ];

    $ch = curl_init('https://magentostore/index.php/rest/V1/integration/admin/token');

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($usr));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Content-Length: '. strlen(json_encode($usr))]);

    $token = curl_exec($ch);

    echo '<pre>';
    print_r($token);
    echo '</pre>';

    echo '========================';

    $ch = curl_init('https://magentostore/index.php/rest/V1/orders/1');

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Authorization: Bearer '. json_decode($token)]);

    $result = curl_exec($ch);

    $result = json_decode($result, 1);
    echo '<pre>'. print_r($result) .'</pre>';

but it returns this message:

Array ( [message] => Consumer is not authorized to access %resources [parameters] => Array ( [resources] => Magento_Sales::sales ) )

I'm not sure why, my script should work but I can't figure out why? Is it because of username account permissions? Shouldn't be as user = admin. Just trying to get array of orders …

Alternative testing method that yielded same results:

I did:

curl -X POST 'https://magentostore/index.php/rest/V1/integration/admin/token' \
-H 'Content-Type:application/xml' \
-d '<login><username>admin</username><password>password</password></login>'

which got me the Token, which I then used like this:

curl -X GET https://magentostore/index.php/rest/V1/orders/1' -H 'Authorization: Bearer <Token that was returned>'

which gets me the same error as above

Edit:

I've tried with a few different API Endpoints and some work (like getting categories) but /orders still doesn't. I've tried on 3 separate environments and only 1 works:

Env One – Doesn't Work

  • OS: CentOS 7
  • PHP Version: 7.1
  • Magento Version: 2.2.5
  • Hosted outside of LAN

Env Two – Doesn't Work

  • OS: CentOS 7
  • PHP Version: 7.0
  • Magento Version: 2.2.5
  • Hosted outside of LAN

Env Three – DOES WORK

  • OS: Linux Mint 19
  • PHP Version: 7.2
  • Magento Version: 2.3-develop
  • localhost

Best Answer

1. First setup Integrations

Open the System > Extensions > Integrations

enter image description here

Add New Integration

enter image description here

Set the integration Name and other settings, then specify your Magento 2 back-end password in the Your Password field

enter image description here

Switch to the API sidebar tab and select the resources which will be available to OAuth clients:

enter image description here

Press the Save button. The integration will be saved and the Integrations list will be shown again. Press the Activate link in the integration row:

enter image description here

A confirmation screen will be shown. Press the Allow button

enter image description here

The credentials screen will be shown. Use them in your third-party software to access your Magento 2 as OAuth server.

You will see:

  • Consumer Key
  • Consumer Secret
  • Access Token
  • Access Token Secret

Copy it to somewhere, then press the Done button.

enter image description here

The integration will be saved and the Integrations list will be shown again. You will see your integration in the Active state: enter image description here

2. Now get admin token

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "http://magento.host/index.php/rest/V1/integration/admin/token?username=admin&password=admin123",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_HTTPHEADER => array(
    "Cache-Control: no-cache",
    "Postman-Token: b7d053fe-df0d-4a85-ab82-4093a9be9d15"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

3. add that Admin token 

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "http://magento.host/index.php/rest/V1/orders/1",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Bearer <YOUR ADMIN TOKEN>",
    "Cache-Control: no-cache",
    "Postman-Token: 1057fee5-abde-4a88-bd39-2a623ca995e6"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
Related Topic