OpenCart Community

Posted: **Tue Nov 29, 2016 11:05 pm**

Error message (when updating order status):
Warning: Your IP XXXXXXX is not allowed to access this API!

Version: 2.3.0.2

I have a number of users of the Shop admin but one of my users is getting this error.

What can I do to fix this?

I have API "json" enabled. Should i switch all this off?

I just want admins to be able to login and update order status. One of my admins used a 3G dongle and his IP address changes regularly so its becoming quite a pain.

Posted: **Tue Nov 29, 2016 11:25 pm**

For starters, check that this IP is present in IP-addresses list for your current API. Usually, this should help.

Posted: **Tue Nov 29, 2016 11:48 pm**

Yeah it's not there.

Do i have to add the IP to "whitelist" it every time?

Posted: **Tue Nov 29, 2016 11:54 pm**

Nope, just once.

Posted: **Wed Nov 30, 2016 12:04 am**

But what happens if the users IP changes? Then they won't be able to do the order modifications?

Posted: **Wed Nov 30, 2016 1:20 am**

Yes, every new IP also has to be added. That's how it works.

Posted: **Wed Nov 30, 2016 1:30 am**

Hopefully this is something they leave as an opt-in feature in future.

It's not ideal, especially if someone's IP keeps changing as some ISPs do this.

Posted: **Wed Nov 30, 2016 6:22 am**

declanc wrote:Hopefully this is something they leave as an opt-in feature in future.

Don't even count on this. Will never happen, I'm pretty sure. You can disable API check with VQMod, if you know some coding. Not too hard to implement.

Posted: **Thu Dec 01, 2016 9:03 pm**

Interesting! Do you have a guide for this or a link?

I'd be able to handle moderate coding edits but not very inventive!

Posted: **Fri Dec 02, 2016 5:22 pm**

In catalog/controller/api/login.php a getApiIps() function is called and the a simple check is made:

Code: Select all

$results = $this->model_account_api->getApiIps($this->config->get('config_api_id'));

		foreach ($results as $result) {
			$ip_data[] = $result['ip'];
		}

		if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
			$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
		}

You can simply comment the check:

Code: Select all

//$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

Boom! Done!

Posted: **Thu Dec 08, 2016 7:33 pm**

My hero! I'll give it a try. Thank you.

Will this also work for order modifications? I've seen the API error too when changing an order to "Shipped" or "Complete".

Posted: **Sat Dec 10, 2016 10:34 pm**

Does anyone know how to disable this API check when editing order statuses?

Posted: **Sun Dec 11, 2016 5:54 am**

Just open all files on catalog/controller/api folder and replace this entry:

Code: Select all

if (!isset($this->session->data['api_id'])) {

To some stupid check:

Code: Select all

if (isset($this->session->data['me_loves_taco'])) {

Do this replacement everywhere you find this stupid check for api_id and you're saved.

API sessions in OC 2.3 are bugged, there's nothing you can do about it. Hopefully it'll be fixed in next release.

Posted: **Sun Dec 11, 2016 7:34 pm**

Thanks a lot. Made all the changes, hopefully that sorts it now!

Posted: **Mon Dec 12, 2016 4:24 pm**

Still no joy!

The user with the 3G connection is still getting this error when trying to edit order statuses:

"Warning: You do not have permission to access the API!"

I did a Find/Replace on the API folder to swap everything with the check for api_id with "me_loves_taco" but still not working!

Any other ideas?

Thanks for the help so far.

Posted: **Mon Dec 12, 2016 9:39 pm**

Files in "api" folder are the only ones, which display this message. This means, you did something wrong or didn't refresh the cache.

Or... you have "me_loves_taco" variable magically set by fairy.

Posted: **Mon Dec 12, 2016 10:40 pm**

I'll double check again once I'm back at a computer, thanks.

I'll also ask the user to clear the cache. Cheers.

Posted: **Tue Dec 13, 2016 6:04 pm**

Okay, now I'm having issues myself.

When changing order status (from the top level admin account), I get this message:
Warning: You do not have permission to access the API!

1. I double checked all the API files - I made the changes as advised above.
2. I tried different admin accounts - having the same issue.
3. I just the API settings and it's enabled, and my current IP address is logged on the list.

Head scratcher!

Any possible solutions to this?

OpenCart Community

IP ADDRESS is not allowed to access this API!

IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!

Re: IP ADDRESS is not allowed to access this API!