Menu

Welcome, Guest
Username: Password: Remember me

TOPIC: 7.10 v8 API Error: access_denied Hint: Missing "Authorization" header

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 1 month 3 weeks ago #66395

  • judgerod
  • judgerod's Avatar
  • Offline
  • Junior Member
  • Posts: 20
  • Karma: 0
My Environment
PHP 7.0
MySQL 5.6
CentOS 6.9
Apache 2.4
SuiteCRM 7.10.4

If anyone have a solution or having a similar experience, please let me know. I've listed all the relevant information below I that I have investigated trying to fix this issue. I don't have any error messages in Apache Error Logs pertaining to this issue.

*************************************************************************
I'm receiving the following error message in the suitecrm.log when I try to invoke the version 8 of the APIs:
[-none-][FATAL] [ERROR] [ResourceServer] Code: 9 Message: The resource owner or authorization server denied the request. ErrorType: access_denied Hint: Missing "Authorization" header

*************************************************************************
This is the error message I get in the error.log:
[22-May-2018 12:23:14 America/New_York] PHP Fatal error: Uncaught RuntimeException: Unexpected data in output buffer. Maybe you have characters before an opening <?php tag? in /<suitecrmpath>/vendor/slim/slim/Slim/App.php:604
Stack trace:
#0 /<suitecrmpath>/vendor/slim/slim/Slim/App.php(316): Slim\App->finalize(Object(Slim\Http\Response))
#1 /<suitecrmpath>/lib/API/core/app.php(83): Slim\App->run()
#2 /<suitecrmpath>/lib/API/public/index.php(5): require_once('/home/hhadmin/a...')
#3 {main}
thrown in /<suitecrmpath>/vendor/slim/slim/Slim/App.php on line 604


*************************************************************************
I'm following the example code but have tweak it since it had some coding errors: This is the code:

<?php
$ch = curl_init();

$header = array(
'Content-type: applicatoin/vnd.api+json',
'Accept: application/vnd.api+json',
);

$postStr = json_encode(array(
'grant_type' => 'client_credentials',
'client_id' => 'removed-b9b9-ded8-c2e0-removed',
'client_secret' => '',
'scope' => 'standard:create standard:read standard:update standard:delete stand:relationship:create standard:relationship:read standard:relationship:update standard;relationship:delete'
));

$url = 'https://<myurl-removed>/api/oauth/access_token';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

$output = curl_exec($ch);

echo "the response(output):\n";
print($output);
$txt ="\ncompleted\n";

echo $txt;
print($url);
echo "\n";
print($postStr);
print("\n\n")
?>

*************************************************************************
I've also checked my .htaccess file to ensure the api mods were correct. This is what I have:

# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch 403 (?i).*\.log$
RedirectMatch 403 (?i)/+not_imported_.*\.txt
RedirectMatch 403 (?i)/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+.*\.(php|tpl)
RedirectMatch 403 (?i)/+emailmandelivery\.php
RedirectMatch 403 (?i)/+upload
RedirectMatch 403 (?i)/+cache/+diagnostic
RedirectMatch 403 (?i)/+files\.md5$
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
# END SUGARCRM RESTRICTIONS
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ myurl-removed.com

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/SuiteCRM/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
<FilesMatch "\.(jpg|png|gif|js|css|ico)$">
<IfModule mod_headers.c>
Header set ETag ""
Header set Cache-Control "max-age=2592000"
Header set Expires "01 Jan 2112 00:00:00 GMT"
</IfModule>
</FilesMatch>
<IfModule mod_expires.c>
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
</IfModule>
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 3 weeks 2 days ago #68344

  • davide-bca
  • davide-bca's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 1
Hello
Same issue here, but without the errors in the log (no errors at all for me), just a 401 in the access_log.
Trying both Postman and jMeter, no success.
Should you have found a solution, let us know!
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 3 weeks 2 days ago #68345

  • judgerod
  • judgerod's Avatar
  • Offline
  • Junior Member
  • Posts: 20
  • Karma: 0
I didn't find a solution. I just used v4.1 version of the APIs
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 3 weeks 1 day ago #68357

  • davide-bca
  • davide-bca's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 1
Hello
I did some research, and I managed to have the v8 API working.
There are several issues here and unfortunately I dont' have the bandwidth to provide a quality report, I hope this may help anyway.

WRT the Authorization issue, I could solve it as described here, by adding the
SetEnvIf
to .htaccess.
Note that the
RewriteRule
is already in place, I don't know Apache/PHP enough to determine why this is required.

That fixed, I had an issue with the token being immediately revoked. This is a known issue, and was indeed fixed by modifying the timezone in php.ini.

Finally, I should say that I am using a bitnami image on AWS, updated to the latest stable release (7.10.7).

Hope this helps
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 5 days 16 hours ago #69229

  • nairit84
  • nairit84's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Also faced with the same issue and now struggling against it. I am a .NET developer and not really familiar with LAMP stack. But liked suite CRM. Could you provide your .htaccess so I could compare it with mine?

The part of mine looks like and it is an image of Bitnami Suite CRM on Azure(surprise surprise)

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
#RewriteBase /suitecrm
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

But I didn't really got on what should be [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] replaced.
The administrator has disabled public write access.
Time to create page: 0.119 seconds
Powered by Kunena Forum