OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

Forums OroPlatform OroPlatform – Security Status Code 401 Unauthorized in api/rest/latest/workflow/transit

This topic contains 4 replies, has 5 voices, and was last updated by  amit5 8 months ago.

  • Creator
    Topic
  • #35515

    mirche
    Participant

    Hello,

    We are getting this issue on our production application. I can not fin out what is goind wrong. IN development works everything fine.

    Anybody that can help?

    Request Method:GET
    Status Code:401 Unauthorized
    Response Headers
    view source
    Cache-Control:no-cache
    Connection:Keep-Alive
    Content-Length:0
    Content-Type:application/json
    Date:Tue, 08 Sep 2015 12:00:49 GMT
    Keep-Alive:timeout=5, max=100
    Server:Apache/2.4.7
    WWW-Authenticate:WSSE realm=”Secured API”, profile=”UsernameToken”
    X-Debug-Token:230ca9
    X-Debug-Token-Link:/app_dev.php/_profiler/230ca9
    X-Powered-By:PHP/5.5.9-1ubuntu4.11
    Request Headers
    view source
    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Encoding:gzip, deflate, sdch
    Accept-Language:nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
    Connection:keep-alive
    Cookie:optimizelyEndUserId=oeu1434028538083r0.2690520395990461; cbar_uid=758347353; cbar_sess=1; optimizelySegments=%7B%222490450268%22%3A%22false%22%2C%222498560541%22%3A%22referral%22%2C%222509670107%22%3A%22gc%22%7D; optimizelyBuckets=%7B%7D; _ga=GA1.2.1680981856.1434028538; cbar_lvt=1440494410; CRMID=fmhs8b1kqe9bbtskgumm51r3k1

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • #35516

    Rodolfo
    Participant

    Hi @mirche,

    I had the same issue here. The time between both server and your application requesting the WSSE authentication should be in sync. I solved adding NTP Sync every hour on my linux crontab.

    If you are running on a server based on debian/ubuntu, you can use this command:
    sudo ntpdate -s time.nist.gov

    This is an example that you can use to add on ROOT crontab:


    #!/bin/bash
    ntpdate -s time.nist.gov

    Hope this can help you,
    good luck!

    #35517

    kparmar
    Participant

    Hello,

    when i try to access api from code or command line it gives below error:
    curl -i -H “Content-Type: application/vnd.api+json” -H ‘Authorization: WSSE profile=”UsernameToken” X-WSSE: UsernameToken Username=”admin”, PasswordDigest=”sjDbR9wUR2L6DaBveYzkY0cMAF4=”, Nonce=”ODhmMTcxNzVlYWMwZWU4OA==”, Created=”2018-04-18T18:37:23+05:30″‘ http://localhost/Aakron/orocrm/aakroncrm/web/app_dev.php/api/contacts
    HTTP/1.1 401 Unauthorized
    Date: Wed, 18 Apr 2018 13:17:30 GMT
    Server: Apache/2.4.27 (Ubuntu)
    Cache-Control: must-revalidate, no-cache, no-store, private
    WWW-Authenticate: WSSE realm=”Secured API”, profile=”UsernameToken”
    Expires: 0
    Pragma: no-cache
    X-Debug-Token: b4439d
    X-Debug-Token-Link: http://localhost/Aakron/orocrm/aakroncrm/web/app_dev.php/_profiler/b4439d
    Content-Length: 0
    Content-Type: application/json
    ——

    and also when i try to use api from api doc it works perfectly.

    Please advice.

    #35519

    Yurii Muratov
    Participant

    Hello, @kparmar.
    You have an error at your request. You set the string Authorization: WSSE profile=”UsernameToken” X-WSSE: UsernameToken Username=”admin”, PasswordDigest=”sjDbR9wUR2L6DaBveYzkY0cMAF4=”, Nonce=”ODhmMTcxNzVlYWMwZWU4OA==”, Created=”2018-04-18T18:37:23+05:30″ as a single header, but here should be two headers: Authorization and X-WSSE, so the right request should be like:

    P.S. Before you will try this request, please regenerate WSSE header data and change this header with new values.

    #38336

    amit5
    Participant

    When I am trying to access api through curl it shows below error

    curl -i -H “Accept: application/json” -H ‘Authorization: WSSE profile=”UsernameToken” X-WSSE: UsernameToken Username=”Amit”, PasswordDigest=”BeND9C7CnhmsA2WtqkLYHeQQWW0=”, Nonce=”MTZkMTg0ZmZlNWVhM2M0ZQ==”, Created=”2019-03-13T11:18:13+01:00″‘ http://dev.orocommerce.com/app_dev.php/admin/api/rest/latest/countries.json
    sudo: unable to resolve host amit
    HTTP/1.1 401 Unauthorized
    Date: Wed, 13 Mar 2019 10:29:14 GMT
    Server: Apache/2.4.7 (Ubuntu)
    Set-Cookie: BAPID=5juqh39mmokqlesdrflt93qi7k; path=/; HttpOnly
    Cache-Control: max-age=0, no-store
    WWW-Authenticate: WSSE realm=”Secured API”, profile=”UsernameToken”
    X-Debug-Token: e7b126
    X-Debug-Token-Link: http://dev.orocommerce.com/app_dev.php/_profiler/e7b126
    Content-Length: 0
    Content-Type: application/json

    Please help me for this.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

You will be redirected to [title]. Would you like to continue?

Yes No