2 REST API Authorization failed while creating product

[Taral-Patoliya]

I am trying to create a simple product using REST Api. The client is a node.js script,

I have created an admin user with access to all the resources, and used the credentials to request a token which i am getting successfully in a response. but when i try to use that token and post the product data, i get following response

Consumer is not authorized to access %resources
{ resources: 'Magento_Catalog::products' }
#0 /var/www/html/magento2/vendor/magento/module-webapi/Controller/Rest.php(286): Magento\Webapi\Controller\Rest->checkPermissions()
#1 /var/www/html/magento2/vendor/magento/module-webapi/Controller/Rest.php(255): Magento\Webapi\Controller\Rest->validateRequest()
#2 /var/www/html/magento2/vendor/magento/module-webapi/Controller/Rest.php(160): Magento\Webapi\Controller\Rest->processApiRequest()
#3 /var/www/html/magento2/var/generation/Magento/Webapi/Controller/Rest/Interceptor.php(24): Magento\Webapi\Controller\Rest->dispatch(Object(Magento\Framework\App\Request\Http))
#4 /var/www/html/magento2/vendor/magento/framework/App/Http.php(115): Magento\Webapi\Controller\Rest\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))
#5 /var/www/html/magento2/vendor/magento/framework/App/Bootstrap.php(258): Magento\Framework\App\Http->launch()
#6 /var/www/html/magento2/index.php(40): Magento\Framework\App\Bootstrap->run(Object(Magento\Framework\App\Http))
#7 {main}

1. I have given access of all the resources to the user.
2. I am getting the token from this endpoint integration/admin/token
3. The request i am sending in the post is like following

{ method: 'post', encoding: 'utf8', username: 'node_rest', password: 'test@123', headers: { Accept: 'application/json', 'Content-Type': 'application/json', Authorization: 'Bearer pyd825eg8xho1f4q4lxko4lmejlwhulx' },
data: '{"sku":["24-MB01-DUP"],"store_view_code":[""],"attribute_set_code":["Bag"],"product_type":["simple"],"categories":["Default Category/Gear,Default Category/Gear/Bags"],"product_websites":["base"],"name":["Joust Duffle Bag Duplicate"],"description":["The sporty Joust Duffle Bag can\'t be beat - not in the gym, not on the luggage carousel, not anywhere. Big enough to haul a basketball or soccer ball and some sneakers with plenty of room to spare, it\'s ideal for athletes with places to go.

\\n\\n
Dual top handles.</li>\\n
Adjustable shoulder strap.</li>\\n
Full-length zipper.</li>\\n
L 29\\" x W 13\\" x H 11\\".</li>\\n</ul>]]>"],"short_description":[""],"weight":[""],"product_online":["1"],"tax_class_name":["Taxable Goods"],"visibility":["Catalog, Search"],"price":["34.0000"],"special_price":[""],"special_price_from_date":[""],"special_price_to_date":[""],"url_key":["joust-duffle-bag"],"meta_title":[""],"meta_keywords":[""],"meta_description":[""],"base_image":["/m/b/mb01-blue-0.jpg"],"base_image_label":[""],"small_image":["/m/b/mb01-blue-0.jpg"],"small_image_label":[""],"thumbnail_image":["/m/b/mb01-blue-0.jpg"],"thumbnail_image_label":[""],"swatch_image":[""],"swatch_image_label":[""],"created_at":["3/15/16, 10:41 AM"],"updated_at":["3/15/16, 10:41 AM"],"new_from_date":[""],"new_to_date":[""],"display_product_options_in":["Block after Info Column"],"map_price":[""],"msrp_price":[""],"map_enabled":[""],"gift_message_available":[""],"custom_design":[""],"custom_design_from":[""],"custom_design_to":[""],"custom_layout_update":[""],"page_layout":[""],"product_options_container":[""],"msrp_display_actual_price_type":[""],"country_of_manufacture":[""],"additional_attributes":["activity=Gym|Overnight|Trail|Travel,features_bags=Waterproof|TSA Approved|Lockable,material=Nylon|Polyester,strap_bags=Adjustable|Cross Body|Detachable|Double|Padded|Shoulder,style_bags=Luggage|Duffel|Exercise"],"qty":["100.0000"],"out_of_stock_qty":["0.0000"],"use_config_min_qty":["1"],"is_qty_decimal":["0"],"allow_backorders":["0"],"use_config_backorders":["1"],"min_cart_qty":["1.0000"],"use_config_min_sale_qty":["1"],"max_cart_qty":["0.0000"],"use_config_max_sale_qty":["1"],"is_in_stock":["1"],"notify_on_stock_below":[""],"use_config_notify_stock_qty":["1"],"manage_stock":["0"],"use_config_manage_stock":["1"],"use_config_qty_increments":["1"],"qty_increments":["0.0000"],"use_config_enable_qty_inc":["1"],"enable_qty_increments":["0"],"is_decimal_divided":["0"],"website_id":["1"],"related_skus":[""],"crosssell_skus":[""],"upsell_skus":["24-MB03,24-MB05,24-MB06,24-MB02,24-UB02,24-WB03,24-WB07,24-WB04"],"additional_images":["/m/b/mb01-blue-0.jpg"],"additional_image_labels":["Image"],"hide_from_product_page":[""],"bundle_price_type":[""],"bundle_sku_type":[""],"bundle_price_view":[""],"bundle_weight_type":[""],"bundle_values":[""],"associated_skus":[""]}' }

I know that the data in the request is disoriented and not structured but i don't think that it should have anything to do with authorization, the data format deserves its own error :D

Sorry for the bad formatting of the request data but the Editor's functionality could not reformat the data

[mazhalai]

@Taral-Patoliya thank you for reporting, we have created MAGETWO-52424 to investigate and fix.

[hshar7]

Hi @Taral-Patoliya have you tried using any different api call? Did you get a resource permission issue for those as well?

[Taral-Patoliya]

Hello @hshar7 I have tried other api calls using GET method to retrive categories, products/:sku but they all worked fine, even when i created the token using integrations and used it was successful, the problem arises when i try to create a token from integration/admin/token endpoint and use it to create the product

[hshar7]

You are 2.0 or develop?

[Taral-Patoliya]

@hshar7 I am using 2.0.2

[hshar7]

Okay thanks! Investigating.

[Taral-Patoliya]

@hshar7 , @mazhalai thanks for the support. i appreciate it.

[hshar7]

@Taral-Patoliya It seems to be working for me on both 2.0.2 and develop. You should look at your ACL for the user node_rest

[Taral-Patoliya]

@hshar7 i granted all the resources to the user. let me check once again. thanks for testing.

[hshar7]

Any updates? Can I close?