OAuth Rest API v2 - getting data from the DB
Aldevinas Katkus
4-4-18
How do I get a data from the DB when I have already authenticated via OAuth2 and got an access token?
I am getting an error "the resource is not allowed" when I am authorized and "not authorized to read this resource" when not authorized.


I have added "api" function to the "access functions from the web", but it did not help.
version 8.4 2017-12-09 (build 84191013)



According to OAuth docs , I should have to pass the access token in the request header

Authorization: Bearer

as described here https://tools.ietf.org/html/rfc6750#section-2
"Clients SHOULD make authenticated requests with a bearer token using
the "Authorization" request header field with the "Bearer" HTTP
authorization scheme. Resource servers MUST support this method."

php code:
...
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);
$err = curl_error($ch);
...

Any help?
Aldevinas Katkus
4-5-18
I can see my queries in the server log:
2018-04-05 17:11:16 AK/THREAD(16) Prisijungti - login
2018-04-05 17:11:16 /THREAD(16) FindSlot() from non main thread:
2018-04-05 17:11:16 AK/THREAD(16) FindSlot() from non main thread:

2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:
2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:
Aldevinas Katkus
4-16-18
Everything works after I have added Action=Rest API in user's the Access group.
Giuseppe L.
4-16-18
Hello Aldevinas,
great to know you figured out the what the problem was and how to fix it.

We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI.
Please check the Education Section in the Partner Portal.

Giuseppe

HansaWorld Support
Aldevinas Katkus
4-16-18
Created byGiuseppe L.08:22 16 Apr 2018
Hello Aldevinas, great to know you figured out the what the problem was and how to fix it. We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI. Please check the Education Section in the Partner Portal.
I have watched that webinar.
Aldevinas Katkus
4-4-19
We have a problem connecting with real db:
we get an oauth error "the resource is not allowed",
even though:
token refreshing works,
global users are OK (enabled and set up).
"Web Rest API" is checked in the optional features,
User access group has rest api action access enabled
user can connect with Standard ID
in the "Active users" list connected user is shown as '"user_id" Web"
everything works with my demo db, but doesn't with the client's db.

Any ideas?
Aldevinas Katkus
4-4-19
Created byAldevinas Katkus14:53 4 Apr 2019
We have a problem connecting with real db: we get an oauth error "the resource is not allowed", even though: token refreshing works, global users are OK (enabled and set up). "Web Rest API" is checked in the optional features, User access group has res
after a few trials I got "not authorized to read this resource", after this the next query returned "the resource is not allowed", then "not authorized to read this resource" again. Looks like the error message has a semi random pattern.

8.4 2018-07-26 (build 84192014)
Aldevinas Katkus
4-9-19
Created byAldevinas Katkus15:08 4 Apr 2019
after a few trials I got "not authorized to read this resource", after this the next query returned "the resource is not allowed", then "not authorized to read this resource" again. Looks like the error message has a semi random pattern. 8.4 2018-07-26 (
Well, the problem was that tried to fetch data from the company 2 where, but it it looks like the global user access group used by the SERP was from company 1, where I had not enough rights to use Rest API.
I had to enable rest api Action in the first company to be able to read the data from the second company.
In both companies there were identical access groups except the Rest API access was OFF in the first company.
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
David Delač
Hi Piotr, The log entry:
2024-12-14 08:40:43 0.000 CallHal(IsHansaWorldCustomer) appears because the server is running with the verbosity=debug-detailed setting in its parameters.txt file. Thi...
09:43 16 Dec 2024
Brittany McGrath
Hi Vaughn, I can confirm this has been fixed now and is live in Standard ERP 2024-11-20 Version: 85556786. Thank you. ...
10:04 10 Dec 2024