REST API - You are not authorized to use the API.

183 views
Skip to first unread message

erik van den vondel

unread,
Jan 17, 2020, 12:40:59 AM1/17/20
to Easy!Appointments - Support Group
Hello,

When i want to use the "rest api" , i always get the error "You are not authorized to use the API."

A test via  "soapUI 5.5.0" , where i send out a rest call with basic authorization (user & pswd of the admin in the backend) gives me this error.

Do i have to enable this rest-api somewhere?

any idea?


thanks a lot!!

erik

erik van den vondel

unread,
Jan 19, 2020, 2:22:46 AM1/19/20
to Easy!Appointments - Support Group

it seems that $_SERVER['PHP_AUTH_USER'] is always empty ?


  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "GET /test/index.php/api/v1/appointments?q=erik HTTP/1.1[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Authorization: Basic YXV0b2F1dG86YXV0b2F1dG8=[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Host: www.planjeafspraak.be[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Date: Sun, 19 Jan 2020 07:21:28 GMT[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Server: Apache/2.4.25 (Debian)[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "X-Powered-By: PHP/7.1.28[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "WWW-Authenticate: Basic realm="Easy!Appointments"[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Set-Cookie: csrfCookie=e20298a9083e2453c7c4e6050df94eae; expires=Sun, 19-Jan-2020 09:21:28 GMT; Max-Age=7200; path=/[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Keep-Alive: timeout=5, max=100[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Connection: Keep-Alive[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Transfer-Encoding: chunked[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Content-Type: text/html; charset=UTF-8[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "26[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "You are not authorized to use the API."
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "0[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "GET /test/index.php/api/v1/appointments?q=erik HTTP/1.1[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Authorization: Basic YXV0b2F1dG86YXV0b2F1dG8=[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Host: www.planjeafspraak.be[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Cookie: csrfCookie=e20298a9083e2453c7c4e6050df94eae[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "Cookie2: $Version=1[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:>> "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Date: Sun, 19 Jan 2020 07:21:28 GMT[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Server: Apache/2.4.25 (Debian)[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "X-Powered-By: PHP/7.1.28[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "WWW-Authenticate: Basic realm="Easy!Appointments"[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Set-Cookie: csrfCookie=e20298a9083e2453c7c4e6050df94eae; expires=Sun, 19-Jan-2020 09:21:28 GMT; Max-Age=7200; path=/[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Keep-Alive: timeout=5, max=99[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Connection: Keep-Alive[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Transfer-Encoding: chunked[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "Content-Type: text/html; charset=UTF-8[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "26[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "You are not authorized to use the API."
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "0[\r][\n]"
  • Sun Jan 19 08:21:28 CET 2020:DEBUG:<< "[\r][\n]" 



------------------------------------------------------------------------------------------------------------------------------
application/controllers/api/v1/API_V1_Controller.php
-------------------------------------------------------------------------------------------------------------------------------
class API_V1_Controller extends CI_Controller {
    /**
     * Class Constructor
     *
     * This constructor will handle the common operations of each API call.
     *
     * Important: Do not forget to call the this constructor from the child classes.
     *
     * Notice: At the time being only the basic authentication is supported. Make sure
     * that you use the API through SSL/TLS for security.
     */

    public function __construct()
    {
        if ( ! isset($_SERVER['PHP_AUTH_USER']))
        {
            $this->_requestAuthentication();
            return;
        }

        parent::__construct();

        try
        {
            $username = new NonEmptyText($_SERVER['PHP_AUTH_USER']);
            $password = new NonEmptyText($_SERVER['PHP_AUTH_PW']);
            $authorization = new \EA\Engine\Api\V1\Authorization($this);
            $authorization->basic($username, $password);
        }
        catch (\Exception $exception)
        {
            exit($this->_handleException($exception));
        }
    }

    /**
     * Sets request authentication headers.
     */
    protected function _requestAuthentication()
    {
        header('WWW-Authenticate: Basic realm="Easy!Appointments"');
        header('HTTP/1.0 401 Unauthorized');
        exit('You are not authorized to use the API.');
    }

erik van den vondel

unread,
Jan 20, 2020, 10:17:34 AM1/20/20
to Easy!Appointments - Support Group

my webhosting didn't support CGI.


solution is :

i had to create a  .htaccess file with containing 2 lines  

RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]

Fernando Guarino

unread,
Mar 6, 2023, 3:04:27 PM3/6/23
to Easy!Appointments - Support Group
Hi I'm facing the same error, where did you place the .htaaccess file?

Alex Tselegidis

unread,
Mar 13, 2023, 2:37:05 AM3/13/23
to Easy!Appointments - Support Group
Hello! 

That's right, some servers will by default remove the authorization header, something that blocks the app from accessing the credentials. 

This is also mentioned in the rest api docs here (towards the end): 







Alex Tselegidis, Easy!Appointments Creator
Need a customization? Get a free quote!
Reply all
Reply to author
Forward
0 new messages