It seems that similar questions have been asked but none seem to solve my specific problems. We have developed a routine to automatically update and create product information using the REST API. This routine has been working in our test environment for some time and also working on a couple of other customer sites. Two weeks ago after a godaddy error/update the REST API stopped working with the error:-
{
"message": "Consumer is not authorized to access %resources",
"parameters": {
"resources": "Magento_Catalog::products"
}
}
We have tried talking to godaddy, to c-panel but to no avail. We resorted, in our test environment, to do a completely new install of magento2 (2.1.9) and even with this we still get the error.
After re-installing we generate the Integration Access Token
We use the 'access token' to try a simple test and select the products
(html version)
GET /rest/V1/products?searchCriteria[page_size]=0 HTTP/1.1
Host: mysite.com
Authorization: Bearer 7l20v2kyp9g7o2jug772soeexn6eyonj
Cache-Control: no-cache
Postman-Token: 4f6d6368-0d05-4f09-a793-6e9aa679e414
and this returns the "Consumer is not authorized error'.
Does anyone have any ideas as to why we get this error and how to solve it?
php version is 7.0.30
Since we host on godaddy we don't have access to root previlidges but don't believe we should need these as before it was working.
Best Answer
I have seen this before and I found two main causes. The REST user in use doesn't have access to its User Role. Check the selected role on the user account at
System > Permissions > All Users > $username > User Role. Verify the role atSystem > Permissions > User Roles > $selectedrole.The other issue I ran into, which gave me the same message, was a token expiry issue. I had to change expiration timeouts under
Stores > Configuration > Services > OAuth.I changed the Cleanup and Consumer Settings.
I changed the Expiration Period to greater than six hours under Cleanup Settings, then changed the Expiration Period under Consumer Settings to 432000 (five full days).
I was testing a very long-running API connection from a local application. Change those back to defaults when you're done testing for security purposes.