Question 108330 in Magento Question posted in
The official documentation can be found here.

Magento – The consumer isn't authorized to access %resources

Magento version 2.3.3

Admin token is successfully obtained using the API, however, when trying to fetch any resource using that token, I get this message: "The consumer isn’t authorized to access %resources."

The user is Administrator and has access to all of the resources. There’s no field labeled "Allow OAuth Access Tokens to be used as standalone Bearer tokens" so that I can enable it.

What else can be done ?

I’m using Postman.

Using OAuth with the integration details in Magento admin to get the admin token from rest/V1/integration/admin/token

Then using the access token in response as a Bearer token to access resources, for example from rest/V1/products

Authorization: "Bearer <admin access token obtained>"

Tags:

2

Answers


  1. 0

    Are you passing the token correctly?

    Section Authorization:
    Choose Type: Bearer Token

    Paste the token like

    Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...

    Or from Magento2 docs (Adobe)

    To disable this feature, log in to the Admin panel and navigate to
    Stores > Settings > Configuration > Services > Magento Web API > Web
    API Security. Then select Yes from the Allow Anonymous Guest Access
    menu.

    A setting you should be careful with.

    Login or Signup to reply.
  2. 0

    Please, log in to the Admin Panel and

    • Consider adding a new integration under SYSTEM > Extensions > Integrations > "Add New Integration".
      • Don’t forget to select "All" or select "Resource Access" to your integration under "Add New Integration" > API and save.
      • Once saved, activate your integration to get the consumer key, access token, etc.
    • Under STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings" > set "Allow OAuth Access Tokens to be used as standalone Bearer tokens" to "Yes.
    • Clear the cache under SYSTEM > Tools > Cache Management > "Flush Cache Storage"

    Now, you can use your integration’s Access Token as Bearer Token.
    🔥 However, you should never use it in client-side code but only in a server-side one to keep it secure.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search