OpenCart Community

We have a two server setup behind an AWS elastic load balancer, sessions are being shared using a central Redis node.

The elastic load balancer has an SSL certificate loaded on it and we are forwarding all traffic to HTTPS within the .htaccess file. The config files have been setup on both nodes to reflect https.

We have encountered a strange issue in the last few days that we are unable to fix. When we log into the back end admin and click to edit an order, we get the message "Warning: You do not have permission to access the API!". This is only happening 50% of the time and will be ok the next time you edit the same order.

Both IP's from the load balancer have been added to the allowed IP's.

Does anyone know what the issue is?

No solution, but I have the same problem, too.

Hi moka88,

I have seen this error a few times before and sometimes it had to do with store URLs in the order table. If you have changed servers or domain names and the orders from the old store are still in the orders table; when you attempt to edit the order the API attempts to login using the orders URL and it does not exist anymore so you get an API error. Now the really strange thing is if the domain still existed and OpenCart was still there it would attempt to run the code from that site... Actually any index.php file on that domain root would be contacted run run...

Ref: http://www.randemsystems.com/support/op ... d-to-know/

Thanks for the reply.

Our store URL hits an ELB load balancer, if you ping the URL it will return one of two IP addresses (from the ELB). These appear to alternate on each new ping request 50/50. Are you saying that it needs to return just one IP?

Well, it's attempting to run code from the other IP on API login. Can this happen and everything continue to go correctly? At the very least the two IPs would need to be in the same API table in each server if you have two copies of OpenCart running. One OpenCart operation is attempting to login to the other, Is this allowed?

I have been having the same problem. If I try to update the history of an order, I get a message that I do not have permission to access the API. I only have one store and have not switched nor modified my domain or server. The only thing I can think of that has changed was that I added the Amazon login/checkout mod shortly before the problem first occurred. Could this be related?

Hi ShariB23,

There is one way to find out, remove the mod and test...

Also check the URLs in the order table...

Thanks for the suggestions. I tried removing the mod and it did nothing, so I guess that was a coincidence. I did check the orders table, and found some urls were http and some https. I corrected them all to https but I still get the api error. Any one have any other thoughts or suggestions?

Are all the URL's in the order table resolving to your current store's IP address?

They are all corrected to my proper store url.

I just changed the url to http instead of https and it worked for one order. The second order I tried to update I got the API message again.

Perhaps something here will help you - http://www.randemsystems.com/support/op ... d-to-know/

ShariB23 wrote:I just changed the url to http instead of https and it worked for one order. The second order I tried to update I got the API message again.

Are you using a load balancer?