Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Rest Api Access For Vendor Administrator Rate Topic   - - - - -

 

Posted 12 April 2022 - 10:56 PM #1

Hi,

 

I'm trying to use rest API for my vendor administrator but it is returning 403 forbidden.

Tried accessing the same using the administrator credential and it is working.

If I create an extension to add new entity for rest API, how do I allow access to vendor administrator?

 



 
  • soft-solid
  • Junior Member
  • Authorized Reseller
  • Join Date: 19-Apr 10
  • 1674 posts

Posted 13 April 2022 - 11:37 AM #2

Hello,

 

Main administrator of Marketplace has to enable API access to vendor admin (through tab "API access") and share the API key with him.

Vendor administrators themselves cannot enable API access.

 

Best regards,

Robert


Team of SoftSolid
cs-cart.pl | marketplace | Multi-Vendor/CS-Cart Development | Dedicated developers

We specialize in creating the highest quality addons, safe, useful and flexible


 

Posted 13 April 2022 - 10:52 PM #3

Hi Robert,

 

It is still not working even though the API access for the vendor administrator has being enabled by the administrator.

 

I've tested my code by using the email and api key for both the administrator or the vendor administrator. But it is only working for the administrator and not the vendor administrator.

 

From the https://docs.cs-cart..._extending.html

 

public function privileges()
{
return array(
'create' => 'create_things',
'update' => 'edit_things',
'delete' => 'delete_things',
'index' => 'view_things'
);
}

 

public function privilegesCustomer()

{
return array(
'index' => true
);
}

 

 

To allow access of the API to customers, there is the privilegesCustomer function which can be set.

But for my case, I just want to enable it for vendors only. How do I do it?

 

 

 



 
  • soft-solid
  • Junior Member
  • Authorized Reseller
  • Join Date: 19-Apr 10
  • 1674 posts

Posted 14 April 2022 - 11:04 AM #4

Hello,

 

Developing custom API entities is a separate topic. Vendors may not be able to access the entity you have created because it refers to the resources which are not usually available for vendor (ex. all orders).

 

There is also a mention: "To allow API access for unauthorized users, edit the config.local.php file in the root directory of your store: change 'api_allow_customer' => false, to 'api_allow_customer' => true,."

 

Maybe this is the change you're missing?

 

If you have a programmer hired in the company, he should be able to debug the API and determine what exactly is not working.

 

Best regards,

Robert


Team of SoftSolid
cs-cart.pl | marketplace | Multi-Vendor/CS-Cart Development | Dedicated developers

We specialize in creating the highest quality addons, safe, useful and flexible