OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

Forums Forums OroPlatform OroPlatform – How do I? Questions How to access REST API using API Key

This topic contains 6 replies, has 2 voices, and was last updated by  seddonm1 6 years, 10 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
  • #35575


    I have installed the OroCRM suite and am able to generate an API key (in the User configruation).

    I can see that there are multiple pre-defined REST interface routes for example:

    Route Name: oro_api_get_contactgroups
    Route: /api/rest/{version}/contactgroups.{_format}

    I can call the route (and can see in the debugger that the route is being matched) using the Chrome Advanced Rest Client Application which results in a 401 Unauthorized with this command:

    Can you give advice on how to call the Oro REST interfaces with the API key for authentication?


Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
  • #35576

    Alexandr Smaga


    We decided to use WSSE authorization for REST and SOAP APIs, so you have to generate WSSE header.

    You can user app/console oro:wsse:generate-header command for this.
    If you want to dive deeper, this article will be useful.



    Thanks asmaga.

    I have used an online javascript wsse generator and used Chrome Advanced Rest Client to call them.

    I have done some testing and found if I call this one (for example):

    If I pass a malformed X-WSSE I get a 401 Unauthorised response: ‘Response does not contain any data.’ This is the correct behaviour.

    If I call the same interface with a correctly formatted X-WSSE header e.g.:
    UsernameToken Username=”admin”, PasswordDigest=”ku+0N+DYrfnY6RntxilDPQ8kzwA=”, Nonce=”NTBiYTNhZDk5ZjRiNGM2MQ==”, Created=”2013-10-29T17:05:11Z”

    I receive this warning back:
    <b>Warning</b>: Missing argument 5 for Escape\WSSEAuthenticationBundle\Security\Core\Authentication\Provider\Provider::validateDigest() on line 45

    Argument 5 is:

    Which calls:
    protected function getSecret($user)
    return $user->getPassword();

    When I look at the code I can see that my IDE (PhpStorm) thinks that the getPassword() method is not defined.

    Have you managed to actually call one of these interfaces?



    Alexandr Smaga

    Please update you CRM/Platform version to latest (current is BETA 2), and make sure that your composer up to date. If not please run

    This issue already fixed.




    Thanks asmaga.

    I have just completely rebuilt my environment from the latest git (BETA 2).

    I am still struggling to use the REST API.

    Today, whilst playing with a semi-upgraded OroCRM, I managed to get one response by sending a null nonce.

    With the upgraded installation and using this site to generate the WSSE header it is still not working.

    Maybe that site is generating incompatible headers (changed algorithm). Are you able to generate a WSSE header and successfully retrieve /api/rest/current/contacts.json with it?

    I have also tried setting: nonce_dir: “%kernel.root_dir%/cache/nonce” and can see the nonce files in that path so it is receiving the data correctly just failing authentication.



    Alexandr Smaga

    Hey, I’ve just tried to generate header using console command

    and tried to retrieve data from bash using

    It works as expected!

    After that I tried to generate using http://www.teria.com/~koseki/tools/wssegen/
    and it works for me as well.

    Whence you get “password” in ORO database ? It should comes from oro_user_api table…



    Thanks asmaga.

    I have got it working. I was sending the user password which, in hindsight, makes no sense because it could (relatively) easily be brute force attacked if a hacker captured the messages. The API Key is much more complex and offers very good security. I had also forgotten to regenerate the API Key after the reinstall.

    Thanks for your help and great work.


Viewing 6 replies - 1 through 6 (of 6 total)

The forum ‘OroPlatform – How do I? Questions’ is closed to new topics and replies.

You will be redirected to [title]. Would you like to continue?

Yes No