I'm trying to use rest API for my vendor administrator but it is returning 403 forbidden.
Tried accessing the same using the administrator credential and it is working.
If I create an extension to add new entity for rest API, how do I allow access to vendor administrator?
Main administrator of Marketplace has to enable API access to vendor admin (through tab "API access") and share the API key with him.
Vendor administrators themselves cannot enable API access.
It is still not working even though the API access for the vendor administrator has being enabled by the administrator.
I've tested my code by using the email and api key for both the administrator or the vendor administrator. But it is only working for the administrator and not the vendor administrator.
From the https://docs.cs-cart.com/latest/developer_guide/addons/api_extending.html
public function privileges()
'create' => 'create_things',
'update' => 'edit_things',
'delete' => 'delete_things',
'index' => 'view_things'
public function privilegesCustomer()
'index' => true
To allow access of the API to customers, there is the privilegesCustomer function which can be set.
But for my case, I just want to enable it for vendors only. How do I do it?
Developing custom API entities is a separate topic. Vendors may not be able to access the entity you have created because it refers to the resources which are not usually available for vendor (ex. all orders).
There is also a mention: "To allow API access for unauthorized users, edit the config.local.php file in the root directory of your store: change 'api_allow_customer' => false, to 'api_allow_customer' => true,."
Maybe this is the change you're missing?
If you have a programmer hired in the company, he should be able to debug the API and determine what exactly is not working.