www.hkvforums.com


https://www.hkvforums.com/

Permissions processed differently between REST API and UI

https://www.hkvforums.com/viewtopic.php?t=44263

Page 1 of 1

Permissions processed differently between REST API and UI

Posted: Wed Apr 03, 2019 5:59 am
by gtasic

I’m testing the simple REST API (list,view, search) with hard coded admin user and have discovered a problem with how the REST API processes permissions.
For testing REST API client I am using Postman and wamp server on Windows and MySql on my computer for project. Project has just one table and LIST/VIEW/SEARCH. In advance settings - all API settings according to tutorial.

With UI access I am able to log in list, view and search successfully but attempting to retrieve REST api failed and in the postman JSON message
{
"success": false,
"failureMessage": "You do not have permission to access /freeapi/api/index.php.",
"version": "15.0.8"
}

For reference, I’m testing urls of the form: localhost/freeapi/projectlist.php and
REST API localhost/freeapi/api/list/project

Test in Postman:

  1. POST localhost/freeapi/api/login
    in body(row) {
    "username" : "xxxx",
    "password" : "xxxxx"
    }

  2. Status OK and Response
    {
    "JWT": "eytokenxxxxxxxxxxxxxxxxlrCSw"
    }

  3. Check Signature Verified on jwt.io with secret- and everything ok

  4. GET localhost/freeapi/api/list/project
    in body(row) put jwt from the step 2

  5. Status ok 200 but in body
    {
    "success": false,
    "failureMessage": "You do not have permission to access /freeapi/api/index.php.",
    "version": "15.0.8"
    }

I dont know what am I missing? If there is no restriction rest api is working as it should.

Any suggestions, tnx in advance...

Re: Permissions processed differently between REST API and U

Posted: Wed Apr 03, 2019 10:02 am
by motfs

You need to authenticate your request with JWT first. Read help file topic: REST API (Authenticate User with JWT (JSON Web Token))

Re: Permissions processed differently between REST API and U

Posted: Wed Apr 03, 2019 6:50 pm
by gtasic

Tnx for response

but this is what I did - POST api/login and got JWT and with this jwt GET api/list/ got failuremessage do not have permission to access api/index.php

Does anyone have a project where REST api with authentication is in use?

Tnx in advance...

Re: Permissions processed differently between REST API and U

Posted: Thu Apr 04, 2019 9:38 am
by motfs
  1. Double check if the JWT is set to the request header correctly as per the help file example.
  2. Check Tools -> Advanced Settings -> API access time after login. Make sure that it is set to 0.

Re: Permissions processed differently between REST API and U

Posted: Thu Apr 04, 2019 4:53 pm
by mobhar

Perhaps this would help, too: hkvforums.com/viewtopic.php?f=4&t=43868

All times are UTC+08:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited