Page 1 of 1

Warning: You do not have permission to access the API!

Posted: Sat Oct 28, 2017 2:35 am
by bzark
I read for countless hours on this topic, specifically for version 2.3.0.2. Does anyone know a fix for this?

It seems like the issue is that in

Code: Select all

catalog/controller/api/login.php
:

Code: Select all

$this->session->data['api_id'] = $api_info['api_id'];
Is correctly set for the session but when you print the session variable in

Code: Select all

catalog/controller/api/order.php
in the history() function,

Code: Select all

api_id
isn't set any longer for that session. Seems like a lot of people posted to the forum about this for version 2.3.x.x and there really wasn't any resolution. Anyone know the fix?

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 4:37 am
by straightlight
Followed is a solution to fix the API for v2.x releases: viewtopic.php?f=191&t=165865

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:00 am
by bzark
straightlight wrote:
Tue Nov 14, 2017 4:37 am
Followed is a solution to fix the API for v2.x releases: viewtopic.php?f=191&t=165865
I already have this fix and it still doesn't work. Any other thoughts in regards to this?

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:07 am
by straightlight

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:13 am
by bzark
straightlight wrote:
Tue Nov 14, 2017 5:07 am
See if this solution is working: http://forum.opencart.com/viewtopic.php ... 14#p622081

Also try this: https://github.com/opencart/opencart/pull/4353/files
The solution at the first link didn't work and the Github link you sent was basically the first comment you made. It chained out to two different forum threads which ended up at the Github link you posted. Neither of these work. Anything else?

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:15 am
by straightlight
v3.x releases offers different strategies to validate APIs compared to v2.x releases. I would suggest to upgrade at this point.

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:18 am
by bzark
straightlight wrote:
Tue Nov 14, 2017 5:15 am
v3.x releases offers different strategies to validate APIs compared to v2.x releases. I would suggest to upgrade at this point.
I am staying on 2.3.0.2, I don't want all that cloud stuff. Can the session stuff in 3.x be back ported to 2.3.0.2? Not sure if it is a simple change or touches a lot of files.

Re: Warning: You do not have permission to access the API!

Posted: Tue Nov 14, 2017 5:22 am
by straightlight
Take note that the cloud version and the v3.x releases are still two separated releases. They do not function as one. Which means, it does not prevent anyone on testing a fresh installation of v3.x releases with the API in order to see if the enquiry you are reporting will be definitely resolved.

Re: Warning: You do not have permission to access the API!

Posted: Thu Nov 30, 2017 2:10 am
by ktae11
Here is the solution from TheKrotek
https://thekrotek.com/index.php?option= ... w&file=491

Credits to TheKrotek.
Thank you for providing free tool.

Re: Warning: You do not have permission to access the API!

Posted: Thu Nov 30, 2017 2:32 am
by bzark
ktae11 wrote:
Thu Nov 30, 2017 2:10 am
Here is the solution from TheKrotek
https://thekrotek.com/index.php?option= ... w&file=491

Credits to TheKrotek.
Thank you for providing free tool.
Thanks, I did discover all these hacks to basically disable the security checks. I ended up back-porting v3.x session management into the 2.3.0.2 code base.