I’m testing the simple REST API (list,view, search) with hard coded admin user and have discovered a problem with how the REST API processes permissions.
For testing REST API client I am using Postman and wamp server on Windows and MySql on my computer for project. Project has just one table and LIST/VIEW/SEARCH. In advance settings - all API settings according to tutorial.
With UI access I am able to log in list, view and search successfully but attempting to retrieve REST api failed and in the postman JSON message
{
"success": false,
"failureMessage": "You do not have permission to access /freeapi/api/index.php.",
"version": "15.0.8"
}
For reference, I’m testing urls of the form: localhost/freeapi/projectlist.php and
REST API localhost/freeapi/api/list/project
Test in Postman:
POST localhost/freeapi/api/login
in body(row) {
"username" : "xxxx",
"password" : "xxxxx"
}Status OK and Response
{
"JWT": "eytokenxxxxxxxxxxxxxxxxlrCSw"
}Check Signature Verified on jwt.io with secret- and everything ok
GET localhost/freeapi/api/list/project
in body(row) put jwt from the step 2Status ok 200 but in body
{
"success": false,
"failureMessage": "You do not have permission to access /freeapi/api/index.php.",
"version": "15.0.8"
}
I dont know what am I missing? If there is no restriction rest api is working as it should.
Any suggestions, tnx in advance...