I can give you workable example:
System / Web Services / REST Roles
Role info:
Role Name: admin
Password: 123123
Role API resources:
Resources access: All
Role Users:
I have assigned admin user
System / Web Services / REST Attributes / Select {Admin}
Resources access: All
System / Web Services / REST OAuth Consumers
My magento url is http://mg1910.local.dev/
My http://mg1910.local.dev/oauth_admin.php is following:
<?php
/* live server */
$host = 'http://mg1910com.local.dev/';
$consumerKey = '7e14cd85d05456c3e4de9e3c5c5f61e4';
$consumerSecret = 'f8aab713fa50504f0fac99d564ecaf7a';
/* << live server */
$callbackUrl = "http://mg1910com.local.dev/oauth_admin.php";
$temporaryCredentialsRequestUrl = $host . "oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = $host . "admin/oauth_authorize";
$accessTokenRequestUrl = $host . "oauth/token";
$apiUrl = $host . "api/rest";
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/products?limit=3";
//$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/json'));
$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/xml', 'Accept' => '*/*'));
$productsList = json_decode($oauthClient->getLastResponse());
echo "<pre>";
print_r($productsList);
}
} catch (OAuthException $e) {
print_r($e->getMessage());
echo "<br/>";
print_r($e->lastResponse);
}
As you can see my script receive 3 products.
You may have triggered some Mod Security rules with your custom module.
Try checking your Mod Security logs or disable it and see if it works.
If it's confirmed to be caused by Mod Security, you can either identify the particular rule and disable it or change your codes to workaround the rule.
Best Answer
It's due to magento has security measures to disallow public to access
var
folder.see
/var/.htaccess
fileI would recommend you to save your csv file else where. May be create a new folder in root and just save the file there.
If you really want to save file in var
Remove above code from
.htaccess
file. But this is very bad practice. You shouldavoid thisnever do this.Thanks to @fschmengler - As soon as var/cache is accssible, attackers can read sensitive configuration data. At most, add an exception for the CSV files in var/export.