Forum - OAuth Rest API v2 - getting data from the DB

OAuth Rest API v2 - getting data from the DB

Aldevinas Katkus

4-4-18

How do I get a data from the DB when I have already authenticated via OAuth2 and got an access token?
I am getting an error "the resource is not allowed" when I am authorized and "not authorized to read this resource" when not authorized.

I have added "api" function to the "access functions from the web", but it did not help.
version 8.4 2017-12-09 (build 84191013)

According to OAuth docs , I should have to pass the access token in the request header

Authorization: Bearer

as described here https://tools.ietf.org/html/rfc6750#section-2
"Clients SHOULD make authenticated requests with a bearer token using
the "Authorization" request header field with the "Bearer" HTTP
authorization scheme. Resource servers MUST support this method."

php code:
...
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);
$err = curl_error($ch);
...

Any help?

Aldevinas Katkus

4-5-18

I can see my queries in the server log:
2018-04-05 17:11:16 AK/THREAD(16) Prisijungti - login
2018-04-05 17:11:16 /THREAD(16) FindSlot() from non main thread:
2018-04-05 17:11:16 AK/THREAD(16) FindSlot() from non main thread:

2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:
2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:

Aldevinas Katkus

4-16-18

Everything works after I have added Action=Rest API in user's the Access group.

Giuseppe L.

4-16-18

Hello Aldevinas,
great to know you figured out the what the problem was and how to fix it.

We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI.
Please check the Education Section in the Partner Portal.

Giuseppe

HansaWorld Support

Aldevinas Katkus

4-16-18

Created byGiuseppe L.08:22 16 Apr 2018

Hello Aldevinas, great to know you figured out the what the problem was and how to fix it. We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI. Please check the Education Section in the Partner Portal.

I have watched that webinar.

Aldevinas Katkus

4-4-19

We have a problem connecting with real db:
we get an oauth error "the resource is not allowed",
even though:
token refreshing works,
global users are OK (enabled and set up).
"Web Rest API" is checked in the optional features,
User access group has rest api action access enabled
user can connect with Standard ID
in the "Active users" list connected user is shown as '"user_id" Web"
everything works with my demo db, but doesn't with the client's db.

Any ideas?

Aldevinas Katkus

4-4-19

Created byAldevinas Katkus14:53 4 Apr 2019

after a few trials I got "not authorized to read this resource", after this the next query returned "the resource is not allowed", then "not authorized to read this resource" again. Looks like the error message has a semi random pattern.

8.4 2018-07-26 (build 84192014)

Aldevinas Katkus

4-9-19

Created byAldevinas Katkus15:08 4 Apr 2019

Well, the problem was that tried to fetch data from the company 2 where, but it it looks like the global user access group used by the SERP was from company 1, where I had not enough rights to use Rest API.
I had to enable rest api Action in the first company to be able to read the data from the second company.
In both companies there were identical access groups except the Rest API access was OFF in the first company.

Back to the list

New Message
Open Questions My Questions