Skip to content

The consumer isn’t authorized to access %resources. Magento 2.4.5-p1 on staging environment

In the testing environment, it gives below errors,

{
"message": "The consumer isn't authorized to access %resources.",
"parameters": {
    "resources": "Magento_Sales::actions_view"
},
"trace": "#0 /var/www/html/vendor/magento/module-webapi/Controller/Rest/RequestValidator.php(68): Magento\Webapi\Controller\Rest\RequestValidator->checkPermissions()n#1 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest\RequestValidator->validate()n#2 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->___callParent('validate', Array)n#3 /var/www/html/vendor/paypal/module-braintree-core/Plugin/RestValidationPlugin.php(86): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->Magento\Framework\Interception\{closure}()n#4 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(135): PayPal\Braintree\Plugin\RestValidationPlugin->aroundValidate(Object(Magento\Webapi\Controller\Rest\RequestValidator\Interceptor), Object(Closure))n#5 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->Magento\Framework\Interception\{closure}()n#6 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/RequestValidator/Interceptor.php(23): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->___callPlugins('validate', Array, NULL)n#7 /var/www/html/vendor/magento/module-webapi/Controller/Rest/InputParamsResolver.php(108): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->validate()n#8 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest\InputParamsResolver->resolve()n#9 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->___callParent('resolve', Array)n#10 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->Magento\Framework\Interception\{closure}()n#11 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/InputParamsResolver/Interceptor.php(23): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->___callPlugins('resolve', Array, Array)n#12 /var/www/html/vendor/magento/module-webapi/Controller/Rest/SynchronousRequestProcessor.php(85): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->resolve()n#13 /var/www/html/vendor/magento/module-webapi/Controller/Rest.php(195): Magento\Webapi\Controller\Rest\SynchronousRequestProcessor->process(Object(Magento\Framework\Webapi\Rest\Request\Proxy))n#14 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest->dispatch(Object(Magento\Framework\App\Request\Http))n#15 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\Interceptor->___callParent('dispatch', Array)n#16 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))n#17 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/Interceptor.php(23): Magento\Webapi\Controller\Rest\Interceptor->___callPlugins('dispatch', Array, Array)n#18 /var/www/html/vendor/magento/framework/App/Http.php(116): Magento\Webapi\Controller\Rest\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))n#19 /var/www/html/vendor/magento/framework/App/Bootstrap.php(264): Magento\Framework\App\Http->launch()n#20 /var/www/html/pub/index.php(30): Magento\Framework\App\Bootstrap->run(Object(Magento\Framework\App\Http\Interceptor))n#21 {main}"

}

Its already Yes in: Allow OAuth Access Tokens.

I tried it in PHP script with Integration user as well as bearer token and not working in both scenario. The main thing is that live and local environment looks fine with same code file and DB setup.

So my concern is that, Is any configuration on server can impact on this?

PHP script:

<?php  

function sign($method, $url, $data, $consumerSecret, $tokenSecret)
{
$url = urlEncodeAsZend($url);
$data = urlEncodeAsZend(http_build_query($data, ”, ‘&’));
$data = implode(‘&’, [$method, $url, $data]);
$secret = implode(‘&’, [$consumerSecret, $tokenSecret]);
return base64_encode(hash_hmac(‘sha256’, $data, $secret, true));
}
function urlEncodeAsZend($value)
{
$encoded = rawurlencode($value);
$encoded = str_replace(‘%7E’, ‘~’, $encoded);
return $encoded;
}
// REPLACE WITH YOUR ACTUAL DATA OBTAINED WHILE CREATING NEW INTEGRATION

$consumerKey = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$consumerSecret = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$accessToken = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$accessTokenSecret = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$method = ‘GET’;
$url = ‘http://xxxx.staging.com/rest/V1/orders/38024’;

$data = [
‘oauth_consumer_key’ => $consumerKey,
‘oauth_nonce’ => md5(uniqid(rand(), true)),
‘oauth_signature_method’ => ‘HMAC-SHA256’,
‘oauth_timestamp’ => time(),
‘oauth_token’ => $accessToken,
‘oauth_version’ => ‘1.0’,
];
$data[‘oauth_signature’] = sign($method, $url, $data, $consumerSecret, $accessTokenSecret);
//print_r($data);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => [
‘Authorization: OAuth ‘ . http_build_query($data, ”, ‘,’)
]
]);
$result = curl_exec($curl);
$orderData = json_decode($result,true);
curl_close($curl);
echo ‘

';
print_r($result);
echo '

‘;

?>
POSTMAN:
enter image description here