0

Forgive me in advance for what is probably a basic overall question. I'm still learning Magento 2 (v.2.4.5-p1) and need some hand holding at times.

I've inherited this project with several endpoints that the client is hitting to post data into the system. When testing one such endpoint via Postman, we are getting "401 Unauthorized" errors. Here's an (obfuscated) route in the webapi.xml file:

<route method="POST" url="/V1/etl/import">
    <service class="ClientName\EtlServer\Api\ImportManagementInterface" method="postImport"/>
    <resources>
        <resource ref="admin"/>
    </resources>
</route>

When we POST a single block of JSON to it through Postman, the status (as noted above) is a 401 with the following message:

{
  "message": "The consumer isn't authorized to access %resources.",
  "parameters": {
      "resources": "admin"
  }
}

PM is using the POST method, Authorization is set to "No Auth" and the Body just has the JSON raw blob. I'm guessing it has to do with the <resource ref="admin"/> bit in the xml node... would changing it to anonymous allow all access? Or is there a better / more secure way to allow access to this endpoint?

Improve this question

1 Answer 1

Reset to default
2

I knew this would be a dumb question, that I'd eventually be able to answer on my own. Posting this here in case someone else has the same issues now or in the future. :-p

I'm keeping the <resource ref="admin"/> for obvious reasons (we don't want this open to the world). Long story short, I need a Bearer token that I can get by posting back to the server. Here's the documentation that I had been missing prior to my posted question:

https://devdocs.magento.com/guides/v2.3/get-started/authentication/gs-authentication-token.html#admin-and-customer-access-tokens

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You should accept your own answer so this question is marked as resolved.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.