401 Unauthorized for accessing customer api












1














I was able to get the admin token using the below url against the created admin user
http://username:password@localhost.com/index.php/rest/V1/integration/admin/token



The username and password is for browser authentication which you can see before the url which is defined in .htaccess and .htpassword. The original username and password is given in the body



{

"username":"admin",

"password":"admin123"

}


But when I get customers by passing the token it says 401 unauthorized.
Below is the request



http://username:password@localhost.com/index.php/rest/V1/customers
and token is passed as "Authorization: Bearer abcdefghi" in request header



How to fix this issue?






magento2 magento-2.1 api rest-api







share|improve this question





























    1














    I was able to get the admin token using the below url against the created admin user
    http://username:password@localhost.com/index.php/rest/V1/integration/admin/token



    The username and password is for browser authentication which you can see before the url which is defined in .htaccess and .htpassword. The original username and password is given in the body



    {
    
"username":"admin",
    
"password":"admin123"
    
}


    But when I get customers by passing the token it says 401 unauthorized.
    Below is the request



    http://username:password@localhost.com/index.php/rest/V1/customers
    and token is passed as "Authorization: Bearer abcdefghi" in request header



    How to fix this issue?






    magento2 magento-2.1 api rest-api







    share|improve this question



























      1












      1








      1







      I was able to get the admin token using the below url against the created admin user
      http://username:password@localhost.com/index.php/rest/V1/integration/admin/token



      The username and password is for browser authentication which you can see before the url which is defined in .htaccess and .htpassword. The original username and password is given in the body



      {
      
"username":"admin",
      
"password":"admin123"
      
}


      But when I get customers by passing the token it says 401 unauthorized.
      Below is the request



      http://username:password@localhost.com/index.php/rest/V1/customers
      and token is passed as "Authorization: Bearer abcdefghi" in request header



      How to fix this issue?






      magento2 magento-2.1 api rest-api







      share|improve this question















      I was able to get the admin token using the below url against the created admin user
      http://username:password@localhost.com/index.php/rest/V1/integration/admin/token



      The username and password is for browser authentication which you can see before the url which is defined in .htaccess and .htpassword. The original username and password is given in the body



      {
      
"username":"admin",
      
"password":"admin123"
      
}


      But when I get customers by passing the token it says 401 unauthorized.
      Below is the request



      http://username:password@localhost.com/index.php/rest/V1/customers
      and token is passed as "Authorization: Bearer abcdefghi" in request header



      How to fix this issue?






      magento2 magento-2.1 api rest-api




      magento2 magento-2.1 api rest-api






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited yesterday









      Aditya Shah

      3,6202834




      3,6202834










      asked May 21 '18 at 6:32









      JN_newbieJN_newbie

      1278




      1278






















          2 Answers
          2






          active

          oldest

          votes


















          4














          In magento web-API when you pass user name and password then it genrates token for that specific customer (Which is only valid for 1 hour - configurable from admin)




          http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123




          webapi.xml code



          <route url="/V1/customers/me" method="GET">
          
    <service class="MagentoCustomerApiCustomerRepositoryInterface" method="getById"/>
          
    <resources>
          
        <resource ref="self"/>
          
    </resources>
          
    <data>
          
        <parameter name="customerId" force="true">%customer_id%</parameter>
          
    </data>
          
</route>


          which returns token.



          After genrating token, when we pass that token in header.



          Authorization :: Bearer <Token Value>
          

          
http://magento.host/index.php/rest/V1/customers/me


          Which returns customer detailes.



          The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.






          share|improve this answer





















          • And yeah your URL action should be "POST"
            – Aditya Shah
            May 21 '18 at 10:21










          • I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
            – JN_newbie
            May 21 '18 at 10:43










          • Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
            – Aditya Shah
            May 21 '18 at 10:50










          • and did you checked the action of the URL ?
            – Aditya Shah
            May 21 '18 at 10:51










          • It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
            – JN_newbie
            May 21 '18 at 11:02



















          0














          Please pass username and password correctly



          for customers API:
          rest/V1/customer/token






          share|improve this answer





















          • Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
            – JN_newbie
            May 21 '18 at 7:02










          • There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
            – JN_newbie
            May 21 '18 at 7:15











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "479"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f226787%2f401-unauthorized-for-accessing-customer-api%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          4














          In magento web-API when you pass user name and password then it genrates token for that specific customer (Which is only valid for 1 hour - configurable from admin)




          http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123




          webapi.xml code



          <route url="/V1/customers/me" method="GET">
          
    <service class="MagentoCustomerApiCustomerRepositoryInterface" method="getById"/>
          
    <resources>
          
        <resource ref="self"/>
          
    </resources>
          
    <data>
          
        <parameter name="customerId" force="true">%customer_id%</parameter>
          
    </data>
          
</route>


          which returns token.



          After genrating token, when we pass that token in header.



          Authorization :: Bearer <Token Value>
          

          
http://magento.host/index.php/rest/V1/customers/me


          Which returns customer detailes.



          The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.






          share|improve this answer





















          • And yeah your URL action should be "POST"
            – Aditya Shah
            May 21 '18 at 10:21










          • I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
            – JN_newbie
            May 21 '18 at 10:43










          • Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
            – Aditya Shah
            May 21 '18 at 10:50










          • and did you checked the action of the URL ?
            – Aditya Shah
            May 21 '18 at 10:51










          • It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
            – JN_newbie
            May 21 '18 at 11:02
















          4














          In magento web-API when you pass user name and password then it genrates token for that specific customer (Which is only valid for 1 hour - configurable from admin)




          http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123




          webapi.xml code



          <route url="/V1/customers/me" method="GET">
          
    <service class="MagentoCustomerApiCustomerRepositoryInterface" method="getById"/>
          
    <resources>
          
        <resource ref="self"/>
          
    </resources>
          
    <data>
          
        <parameter name="customerId" force="true">%customer_id%</parameter>
          
    </data>
          
</route>


          which returns token.



          After genrating token, when we pass that token in header.



          Authorization :: Bearer <Token Value>
          

          
http://magento.host/index.php/rest/V1/customers/me


          Which returns customer detailes.



          The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.






          share|improve this answer





















          • And yeah your URL action should be "POST"
            – Aditya Shah
            May 21 '18 at 10:21










          • I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
            – JN_newbie
            May 21 '18 at 10:43










          • Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
            – Aditya Shah
            May 21 '18 at 10:50










          • and did you checked the action of the URL ?
            – Aditya Shah
            May 21 '18 at 10:51










          • It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
            – JN_newbie
            May 21 '18 at 11:02














          4












          4








          4






          In magento web-API when you pass user name and password then it genrates token for that specific customer (Which is only valid for 1 hour - configurable from admin)




          http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123




          webapi.xml code



          <route url="/V1/customers/me" method="GET">
          
    <service class="MagentoCustomerApiCustomerRepositoryInterface" method="getById"/>
          
    <resources>
          
        <resource ref="self"/>
          
    </resources>
          
    <data>
          
        <parameter name="customerId" force="true">%customer_id%</parameter>
          
    </data>
          
</route>


          which returns token.



          After genrating token, when we pass that token in header.



          Authorization :: Bearer <Token Value>
          

          
http://magento.host/index.php/rest/V1/customers/me


          Which returns customer detailes.



          The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.






          share|improve this answer












          In magento web-API when you pass user name and password then it genrates token for that specific customer (Which is only valid for 1 hour - configurable from admin)




          http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123




          webapi.xml code



          <route url="/V1/customers/me" method="GET">
          
    <service class="MagentoCustomerApiCustomerRepositoryInterface" method="getById"/>
          
    <resources>
          
        <resource ref="self"/>
          
    </resources>
          
    <data>
          
        <parameter name="customerId" force="true">%customer_id%</parameter>
          
    </data>
          
</route>


          which returns token.



          After genrating token, when we pass that token in header.



          Authorization :: Bearer <Token Value>
          

          
http://magento.host/index.php/rest/V1/customers/me


          Which returns customer detailes.



          The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 21 '18 at 10:16









          Aditya ShahAditya Shah

          3,6202834




          3,6202834












          • And yeah your URL action should be "POST"
            – Aditya Shah
            May 21 '18 at 10:21










          • I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
            – JN_newbie
            May 21 '18 at 10:43










          • Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
            – Aditya Shah
            May 21 '18 at 10:50










          • and did you checked the action of the URL ?
            – Aditya Shah
            May 21 '18 at 10:51










          • It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
            – JN_newbie
            May 21 '18 at 11:02


















          • And yeah your URL action should be "POST"
            – Aditya Shah
            May 21 '18 at 10:21










          • I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
            – JN_newbie
            May 21 '18 at 10:43










          • Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
            – Aditya Shah
            May 21 '18 at 10:50










          • and did you checked the action of the URL ?
            – Aditya Shah
            May 21 '18 at 10:51










          • It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
            – JN_newbie
            May 21 '18 at 11:02
















          And yeah your URL action should be "POST"
          – Aditya Shah
          May 21 '18 at 10:21




          And yeah your URL action should be "POST"
          – Aditya Shah
          May 21 '18 at 10:21












          I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
          – JN_newbie
          May 21 '18 at 10:43




          I have created one admin user and new role with which will be "web api role" with access rights to customers and categories. I have assigned the "web api role" to admin user. It means that this admin user can only access the customers and categories. Now I have successfully generate the token. But when I use that token to fetch the customers. It says 401 unauthorized. I have gone some many resources, I understand the concept but don't know why it is keep on giving 401 unauthorized
          – JN_newbie
          May 21 '18 at 10:43












          Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
          – Aditya Shah
          May 21 '18 at 10:50




          Okay, just for testing purpose please give all access role to that user and check whether it's giving a same error.
          – Aditya Shah
          May 21 '18 at 10:50












          and did you checked the action of the URL ?
          – Aditya Shah
          May 21 '18 at 10:51




          and did you checked the action of the URL ?
          – Aditya Shah
          May 21 '18 at 10:51












          It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
          – JN_newbie
          May 21 '18 at 11:02




          It was "GET" before now it is "POST" and still 401. Let me try be giving all access roles
          – JN_newbie
          May 21 '18 at 11:02













          0














          Please pass username and password correctly



          for customers API:
          rest/V1/customer/token






          share|improve this answer





















          • Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
            – JN_newbie
            May 21 '18 at 7:02










          • There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
            – JN_newbie
            May 21 '18 at 7:15
















          0














          Please pass username and password correctly



          for customers API:
          rest/V1/customer/token






          share|improve this answer





















          • Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
            – JN_newbie
            May 21 '18 at 7:02










          • There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
            – JN_newbie
            May 21 '18 at 7:15














          0












          0








          0






          Please pass username and password correctly



          for customers API:
          rest/V1/customer/token






          share|improve this answer












          Please pass username and password correctly



          for customers API:
          rest/V1/customer/token







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 21 '18 at 6:43









          VishnunathVishnunath

          4209




          4209












          • Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
            – JN_newbie
            May 21 '18 at 7:02










          • There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
            – JN_newbie
            May 21 '18 at 7:15


















          • Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
            – JN_newbie
            May 21 '18 at 7:02










          • There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
            – JN_newbie
            May 21 '18 at 7:15
















          Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
          – JN_newbie
          May 21 '18 at 7:02




          Actually the username and password before url is for browser authentication which is defined in .htaccess. The original admin username and password was provided in body to get the token. Now to fetch the customers I think we will pass that token in header and simple call the url.
          – JN_newbie
          May 21 '18 at 7:02












          There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
          – JN_newbie
          May 21 '18 at 7:15




          There is one more thing I have created this new admin api user in production mode with specific role to access customers and categories. Do I need to do something to reflect the change?
          – JN_newbie
          May 21 '18 at 7:15


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Magento Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f226787%2f401-unauthorized-for-accessing-customer-api%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          An IMO inspired problem

          Image
          14 4 This problem from IMO 1988 is said to be one of the most elegant ones in functional equations. Problem : The function $f$ is defined on the set of all positive integers as follows: begin{align} f(1) = 1, f(3) &= 3, f(2n) = f(n), \ f(4n+1) &= 2f(2n+1) - f(n), \ f(4n+3) &= 3 f(2n+1) - 2f(n) end{align} Find the number of $n$ with $f(n) = n, 1 leq n leq 1988$. The main idea towards the solution is realizing that these conditions stand for the fact that $f(n)$ just reverses the digits in the binary representation of the number $n$. So, essentially the solution is finding the number of binary pallindromes $leq 1988_{10}$. My question is the following : How to reformulate the problem so that $f(n)$ reverses the digits of $n$ in its ternary representation. Or even better, can we reformulate it for a
          Read more

          Management

          Image
          Management From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Manager" redirects here. For other uses, see Management (disambiguation) and Manager (disambiguation). An organization chart for the United States Coast Guard shows the hierarchy of managerial roles in that organization. Business administration Management of a business Accounting Management accounting Financial accounting Financial audit Business entities Cooperative Corporation Limited liability company Partnership Sole proprietorship State-owned enterprise Corporate governance Annual general meeting Board of directors Supervisory board Advisory board Audit committee Corporate law Commercial law Constitutional documents Contract Corporate crime Corporate liability Insolvency law International trade law Mergers and acquisitions Economics Commodity Pu
          Read more

          Has there ever been an instance of an active nuclear power plant within or near a war zone?

          Image
          36 3 The question Has there ever been a military combat going on around an active (running or in outage but not decommissioned) commercial nuclear power plant? Or dangerously near it? If yes, how did the plant and its personnel fare in such situation? Why I ask Let's assume for the scope of this question modern commercial nuclear power plants (CANDU, PWR, BWR of generation II plus all of gen III and newer) are usually reasonably safe to operate given that the engineering has been done right and there is a whole cohort of very well trained personnel on-site at all times, well rested and with considerable resources on their hands. Things hard to get with an armed conflict like the recent Syrian war raging around. I can't seem to find any reference or a comprehensive article about this, hence this question.
          Read more