Cs Cart Rest Api Returns Products But No Orders

Hi all,

I'm working on an integration through the CS Cart REST API and it's working fine for /api/products calls. But /api/orders and basically any other REST API call returns a 403 Forbidden response. I'm using an admin user for authentication of the REST API calls. Is there an option to enable access to more than just the /api/products calls?

Best regards,

Tijs

Hi all,

I've been digging a bit further and it looks like the authentication header is not passed to CS Cart for some reason. The authentication fails always for some reason and I'm getting back a 401 Unauthorized (in my previous post I had api_allow_customer enabled, which I turned off again.

Also saw some recommendations to add the following lines to the .htaccess file:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
So added it, but still no difference. Any ideas on what I could try?
Best regards,
Tijs

Hello

Did you try request by postman ?

What specific query to API are you doing?

Best regards

Robert

Hi Robert,

Thanks for the reply.

Yes I've tried to use postman but it also returns a 401 response there. In the second post I added here (needs to be approved by the moderator), I already mentioned that the error code changed from 403 to 401 after setting the api_allow_customer config flag to false. I think what is happening is that the authentication header is not passed correctly to CS Cart because the Apache HTTP server is doing something with it. But I don't know where to look in the logging for this to find out what is happening exactly. Any help is appreciated.

Best regards,

Tijs

Most likely you are getting a php error somewhere and the web server is returning the 403. Check your php error_logs.

Hello

Show screenshots from Postaman.

Best regards

Robert

Or show the code snippet where you're building the request.

Thanks for the replies. Please find attached the Postman screenshots. I'm still assuming the HTTP basic auth headers don't get to CS Cart. But don't have an idea yet where to look.

Best regards,

Tijs

Screenshot 2020-09-18 at 21.50.36.png

Screenshot 2020-09-18 at 21.50.16.png

Thanks for the replies. Please find attached the Postman screenshots. I'm still assuming the HTTP basic auth headers don't get to CS Cart. But don't have an idea yet where to look.

Best regards,

Tijs

Hello,

Error 401 means that there's a problem with login and password you provided - are you sure that you have not reset your API key before attempting to connect with api/orders resource? Remember that you have to save user profile to add API key to store database.

I have tested it on my local store & endpoint is working correctly, even if you type random data into headers. So it's not caused by incorrect headers.

Best regards,

Robert

If you can retrieve products but not orders via the API then I'm assuming you have an addon enabled that is causing an error. The 40x response is most likely erroneous in that case.

Disable all 3rd party addons and try it.

No all API calls are returning a 401 for me, also the products.

Yes I'm sure that the correct username and API key is used, I've tried it a couple of times and also generated a new API key just to be sure, but still the same result.

Best regards,

Tijs

What does your PHP error_log say? Anything relevant?