We have a two server setup behind an AWS elastic load balancer, sessions are being shared using a central Redis node.
The elastic load balancer has an SSL certificate loaded on it and we are forwarding all traffic to HTTPS within the .htaccess file. The config files have been setup on both nodes to reflect https.
We have encountered a strange issue in the last few days that we are unable to fix. When we log into the back end admin and click to edit an order, we get the message "Warning: You do not have permission to access the API!". This is only happening 50% of the time and will be ok the next time you edit the same order.
Both IP's from the load balancer have been added to the allowed IP's.
Does anyone know what the issue is?
Hi moka88,
I have seen this error a few times before and sometimes it had to do with store URLs in the order table. If you have changed servers or domain names and the orders from the old store are still in the orders table; when you attempt to edit the order the API attempts to login using the orders URL and it does not exist anymore so you get an API error. Now the really strange thing is if the domain still existed and OpenCart was still there it would attempt to run the code from that site... Actually any index.php file on that domain root would be contacted run run...
Ref: http://www.randemsystems.com/support/op ... d-to-know/
I have seen this error a few times before and sometimes it had to do with store URLs in the order table. If you have changed servers or domain names and the orders from the old store are still in the orders table; when you attempt to edit the order the API attempts to login using the orders URL and it does not exist anymore so you get an API error. Now the really strange thing is if the domain still existed and OpenCart was still there it would attempt to run the code from that site... Actually any index.php file on that domain root would be contacted run run...
Ref: http://www.randemsystems.com/support/op ... d-to-know/
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Thanks for the reply.
Our store URL hits an ELB load balancer, if you ping the URL it will return one of two IP addresses (from the ELB). These appear to alternate on each new ping request 50/50. Are you saying that it needs to return just one IP?
Our store URL hits an ELB load balancer, if you ping the URL it will return one of two IP addresses (from the ELB). These appear to alternate on each new ping request 50/50. Are you saying that it needs to return just one IP?
Well, it's attempting to run code from the other IP on API login. Can this happen and everything continue to go correctly? At the very least the two IPs would need to be in the same API table in each server if you have two copies of OpenCart running. One OpenCart operation is attempting to login to the other, Is this allowed?
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
I have been having the same problem. If I try to update the history of an order, I get a message that I do not have permission to access the API. I only have one store and have not switched nor modified my domain or server. The only thing I can think of that has changed was that I added the Amazon login/checkout mod shortly before the problem first occurred. Could this be related?
Hi ShariB23,
There is one way to find out, remove the mod and test...
Also check the URLs in the order table...
There is one way to find out, remove the mod and test...
Also check the URLs in the order table...
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Thanks for the suggestions. I tried removing the mod and it did nothing, so I guess that was a coincidence. I did check the orders table, and found some urls were http and some https. I corrected them all to https but I still get the api error. Any one have any other thoughts or suggestions?
Are all the URL's in the order table resolving to your current store's IP address?
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Perhaps something here will help you - http://www.randemsystems.com/support/op ... d-to-know/
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Who is online
Users browsing this forum: patterson123, paulfeakins, SohBH and 16 guests
