Permissions processed differently between REST API and UI

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
gtasic
User
Posts: 3

Permissions processed differently between REST API and UI

Post by gtasic »

I’m testing the simple REST API (list,view, search) with hard coded admin user and have discovered a problem with how the REST API processes permissions.
For testing REST API client I am using Postman and wamp server on Windows and MySql on my computer for project. Project has just one table and LIST/VIEW/SEARCH. In advance settings - all API settings according to tutorial.

With UI access I am able to log in list, view and search successfully but attempting to retrieve REST api failed and in the postman JSON message
{
"success": false,
"failureMessage": "You do not have permission to access /freeapi/api/index.php.",
"version": "15.0.8"
}

For reference, I’m testing urls of the form: localhost/freeapi/projectlist.php and
REST API localhost/freeapi/api/list/project

Test in Postman:

  1. POST localhost/freeapi/api/login
    in body(row) {
    "username" : "xxxx",
    "password" : "xxxxx"
    }

  2. Status OK and Response
    {
    "JWT": "eytokenxxxxxxxxxxxxxxxxlrCSw"
    }

  3. Check Signature Verified on jwt.io with secret- and everything ok

  4. GET localhost/freeapi/api/list/project
    in body(row) put jwt from the step 2

  5. Status ok 200 but in body
    {
    "success": false,
    "failureMessage": "You do not have permission to access /freeapi/api/index.php.",
    "version": "15.0.8"
    }

I dont know what am I missing? If there is no restriction rest api is working as it should.

Any suggestions, tnx in advance...

Top
motfs
User
Posts: 258

Post by motfs »

You need to authenticate your request with JWT first. Read help file topic: REST API (Authenticate User with JWT (JSON Web Token))

Top
gtasic
User
Posts: 3

Post by gtasic »

Tnx for response

but this is what I did - POST api/login and got JWT and with this jwt GET api/list/ got failuremessage do not have permission to access api/index.php

Does anyone have a project where REST api with authentication is in use?

Tnx in advance...

Top
motfs
User
Posts: 258

Post by motfs »

  1. Double check if the JWT is set to the request header correctly as per the help file example.
  2. Check Tools -> Advanced Settings -> API access time after login. Make sure that it is set to 0.
Top
mobhar
User
Posts: 11726

Post by mobhar »

Perhaps this would help, too: hkvforums.com/viewtopic.php?f=4&t=43868

Top
Post Reply

Return to “General Discussion (PHPMaker)”