Magento – Invalid Signature when testing API

apioauthrest

I am trying to connect to my Magento API but keep getting an invalid signature response after authorizing. My long term goal is to have an external app that will be modifying select product details.

I have created the following on Magento ($remoteHost).

REST Role:

  • Role Name: Product Updater
  • User Type: Admin

OAuth Consumers:

  • Consumer Name: Product Updater Consumer
  • Callback URL: not provided
  • Rejected Callback URL: not provided

Admin user is assigned to the REST Role.

<?php
/**
 * Example of update product record via Magento REST API. OAuth authorization is used
 */
error_reporting(E_ALL);
ini_set("display_errors",1);
/**
 * Example of retrieving the products list using Admin account via Magento REST API. OAuth authorization is used
 * Preconditions:
 * 1. Install php oauth extension
 * 2. If you were authorized as a Customer before this step, clear browser cookies for 'yourhost'
 * 3. Create at least one product in Magento
 * 4. Configure resource permissions for Admin REST user for retrieving all product data for Admin
 * 5. Create a Consumer
 */
// $callbackUrl is a path to your file with OAuth authentication example for the Admin user

$remoteHost = "https://magentostore.com";
$localHost = "https://givememagentodata.com";
$callbackUrl = "$localHost/dev/testApi.php";
$temporaryCredentialsRequestUrl = "$remoteHost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
//My magento does not use /admin/ as the admin path it uses backend2015
$adminAuthorizationUrl = "$remoteHost/backend2015/oauth_authorize";
$accessTokenRequestUrl = "$remoteHost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$apiUrl = "$remoteHost/api.php/rest";
$consumerKey = '646d1690082f151323c4...';
$consumerSecret = '05c09cee74c0f49c39...';

session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
    $_SESSION['state'] = 0;
}
try {
    $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
    $oauthClient->enableDebug();

    if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
        $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
        $_SESSION['secret'] = $requestToken['oauth_token_secret'];
        $_SESSION['state'] = 1;

        header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
        exit;
    } else if ($_SESSION['state'] == 1) {
        //die($_GET['oauth_token']."-----".$_SESSION['secret']);

        $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
        $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
        $_SESSION['state'] = 2;
        $_SESSION['token'] = $accessToken['oauth_token'];
        $_SESSION['secret'] = $accessToken['oauth_token_secret'];
        header('Location: ' . $callbackUrl);
        exit;
    } else {
        $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
        $resourceUrl = "$apiUrl/products";
        $oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/json'));
        $productsList = json_decode($oauthClient->getLastResponse());
        print_r($productsList);
    }
} catch (OAuthException $e) {
    var_dump($e);
    print_r($e->getMessage());
    echo "<br/>";
    print_r($e->lastResponse);
}

Best Answer

If all credentials and URLs are correct and existing, the issue might happen because of time synchronization issues of your local with remote (it is important for signatures validation).

Related Topic