Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

“Access Denied” when doing Login via XML RPC
 
Magentourist
Member
 
Total Posts:  48
Joined:  2008-08-11
Berlin
 

Hello,

I’ve setup a user and role in System->Web Service. Role has resources set to all and the user is assigned to that role. Username and api key are double checked when calling the webservice and the is also activated.

However when calling the Login method I receive code 2 Access denied.

Searching on this board and google reveiled only threads from users having trouble after the login so I ended up posting here.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Magentourist
Member
 
Total Posts:  48
Joined:  2008-08-11
Berlin
 

Now this is strange. I added the API key ‘test123’ and when using ‘test123’ as second parameter in the api call I get the error. However when leaving it blank a session id is returned although the api field contains an entry in the api_user table’s api_key field.

Am I supposed to somehow encode the api key in the login call?

It looks like the session I receive from the call without api key has no credentials as I receive an Access Denied error on any subsequent method call using the session ID.

I was following this example and it looks to easy:

http://www.magentocommerce.com/boards/viewthread/11773/

 
Magento Community Magento Community
Magento Community
Magento Community
 
Dwayne
Jr. Member
 
Total Posts:  1
Joined:  2008-03-29
 

Hi Magentourist,

I’m seeing the same thing you describe. Did you ever get this working? If so, what did you change?

Thanks,
dwayner

 
Magento Community Magento Community
Magento Community
Magento Community
 
Roy Andre
Sr. Member
 
Avatar
Total Posts:  209
Joined:  2007-08-31
 

Same problem here with several different installations. All running 1.3.2.1.

Its however working on another installation also running 1.3.2.1, but on a different server.

We’ll continue to debug this and let anyone know if (when..) we find the problem.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Georges@Bitbol
Sr. Member
 
Avatar
Total Posts:  104
Joined:  2008-08-07
Paris, France
 

How did you succeed ?
Still the issue in 1.3.2.3 after updated from previous version.
I’ll continue to search but I do not have any idea anymore.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Roy Andre
Sr. Member
 
Avatar
Total Posts:  209
Joined:  2007-08-31
 

Sorry its so long ago I dont remember. Try setting up a dev-site and upgrade that to 1.4 alpha 3 to see if that helps.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Georges@Bitbol
Sr. Member
 
Avatar
Total Posts:  104
Joined:  2008-08-07
Paris, France
 

Sorry not ot answer before but I succeed.
I have truncated all api tables and recreate users and roles.
It seems to be the same results in db but it works. So I think something was wrong during upgrade and truncation reinitialized it.

Thx.

 
Magento Community Magento Community
Magento Community
Magento Community
 
SnypeTEST
Jr. Member
 
Total Posts:  2
Joined:  2008-08-12
 

If your using the latest version of Magento 1.3 and still have issues, check out the fix here: http://www.everythingilike.com/magento-api-bug-fixes

 
Magento Community Magento Community
Magento Community
Magento Community
 
speang
Jr. Member
 
Total Posts:  17
Joined:  2009-01-12
 

Here is what worked for me. Go to your etc/api.xml for the module that has access denied problem. For me I was trying to make webservice that allows people to comment on products. So I created mage/review/etc/api.xml that looks like this.

<?xml version="1.0"?>
<config>
    <
api>
        <
resources>
            <
review translate="title" module="review">
                <
model>review/review_api</model>
                <
title>Review API</title>
                <
acl>review</acl>
                <
methods>
                    <
comment translate="title" module="review">
                        <
title>Comment</title>
                        <
acl>review/comment</acl>
                    </
comment>
                </
methods>
            </
review>
        </
resources>
        <
acl>
            <
resources>
                <
review translate="title" module="review">
                    <
title>Review</title>
                    <
sort_order>1</sort_order>
                    <
comment translate="title" module="review">
                            <
title>Comment</title>
                    </
comment>
                </
review>
            </
resources>
        </
acl>
    </
api>
</
config>

Name of my custom function that has access denied problem is Comment.
Under acl -> resources->comment I changed <title>Comment</title> to <title>Comment on Product</title> . So it looks like this.

<?xml version="1.0"?>
<config>
    <
api>
        <
resources>
            <
review translate="title" module="review">
                <
model>review/review_api</model>
                <
title>Review API</title>
                <
acl>review</acl>
                <
methods>
                    <
comment translate="title" module="review">
                        <
title>Comment</title>
                        <
acl>review/comment</acl>
                    </
comment>
                </
methods>
            </
review>
        </
resources>
        <
acl>
            <
resources>
                <
review translate="title" module="review">
                    <
title>Review</title>
                    <
sort_order>1</sort_order>
                    <
comment translate="title" module="review">
                            <
title>Comment on Product</title>
                    </
comment>
                </
review>
            </
resources>
        </
acl>
    </
api>
</
config>

Saved file changes. Went to admin section System -> Web Services -> Roles . On that page went to Roles Resources. I could see new title for my custom function in admin section. Make sure that access to this function is checked and click Save Role.

I tried to access this function now through webservice call and it worked for me!

I did the same steps to change custom function name back to old name and it still worked as it should.

My guess is that Magento caches api.xml values somewhere. It is either in db but not in one of the api tables or somewhere on the box but I don’t exactly where. So when you make changes to api.xml it can see that changes are made in file and refreshes values in some secret place.

Good luck.

 
Magento Community Magento Community
Magento Community
Magento Community
 
steward
Member
 
Total Posts:  35
Joined:  2009-06-03
 
speang - 02 March 2010 08:01 AM

refreshes values in some secret place

Good catch and thank you! Re-creating the cache worked for me. Not via admin but in the filesystem…

cd web_root
rm -Rf /var/cache
mkdir cache
chmod 0777 cache

 
Magento Community Magento Community
Magento Community
Magento Community
 
breastfed
Sr. Member
 
Avatar
Total Posts:  194
Joined:  2007-09-24
Münster - Germany
 

Hello

on 1.4 i am using the Sample Code:

require 'Zend/XmlRpc/Client.php';
      
$client = new Zend_XmlRpc_Client('http://mydomain.com/api/xmlrpc/');
       
      
// If somestuff requires api authentification,
      // we should get session token
     
$session $client->call('login', array('username''password'));
    
    
    
$r $client->call('call', array($session'customer.list'));
    
var_dump($r);
    
    
// If you don't need the session anymore
    
$client->call('endSession', array($session));

I am receiving an “Access denied” Error.

I cleared the cache Folder and created a new one. Nothing happend.

Any Ideas?

Thanks for Help!

 
Magento Community Magento Community
Magento Community
Magento Community
 
dimitry
Jr. Member
 
Total Posts:  1
Joined:  2008-03-16
 

hi,

got same problem today.
magento version: 1.3.2.4 (sorry not a last one, but maybe this post will help someone)

1. Users/roles were created in admin panel correctly
2. SOAP response always said: Access Denied
3. After some time spent on class Mage_Api_Model_Mysql4_Acl, it was found that:
Method loadRules expects $rulesArr array be sorted in the way, that roles appearing in the beginning of array and users in the end.
In my case, it was not the case in table api_role

so basically, two solutions may be here:

1. Using ORDER BY parent_id = 0 DESC in SELECT from api_role table.
(which, probably, proper solution is)

2. The trick i did, just because playing with magento for the first time and don’t won’t to dig into details.
Simply resort records in api_role table.

TRUNCATE TABLE api_role# its myisam here, so don't care on foreign keys
INSERT INTO api_role VALUES 
(8010'G'0'role1'),
(
17010'G'0'role2'),
(
15810'U'2'user1'),
(
191710'U'3'user2');

So as you can see, roles are on top now.
This fixed the problem.

Dimitry Butko

 
Magento Community Magento Community
Magento Community
Magento Community
 
dltr_org
Sr. Member
 
Avatar
Total Posts:  167
Joined:  2008-09-12
rockdale, sydney, australia
 
steward - 02 April 2010 11:34 AM

speang - 02 March 2010 08:01 AM
refreshes values in some secret place

Good catch and thank you! Re-creating the cache worked for me. Not via admin but in the filesystem…

cd web_root
rm -Rf /var/cache
mkdir cache
chmod 0777 cache

didn’t work for me. refreshed cache on admin too :(

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top