Presta API keep asking for Username + Password (Authentication Required)

[sibrodo]

I have prestashop 1.5 installed on my server, and currently have 1 API Token for testing.

Whenever i try to access it via http://myshopdomain.com/api/ it keep asking for a username + password with a message "Authentication Required" (see attachment)

But when i try to access it directly via: http://myshopdomain.com/api/?ws_key=XXXXX it displays all available endpoints.

I already set the "Active mode CGI for PHP" to TRUE I have a feeling that this has got to do with my .htaccess, but i am not sure what to do with it. Can anyone please help me

 

 

EDIT #1: 

 

I've tried to add this solution (DOES NOT WORK) : http://forge.prestashop.com/browse/PSCFV-7266#comment-48727

 

File: webservice/dispatcher.php

 

Add this code on line #47

if(strpos(@php_sapi_name(), 'CGI')){
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}

Just before this code:

if (isset($_SERVER['PHP_AUTH_USER']))
	$key = $_SERVER['PHP_AUTH_USER'];
elseif (isset($_GET['ws_key']))
	$key = $_GET['ws_key'];
else
{
	header($_SERVER['SERVER_PROTOCOL'].' 401 Unauthorized');
	header('WWW-Authenticate: Basic realm="Welcome to PrestaShop Webservice, please enter the authentication key as the login. No password required."');
	die;
}

Edited March 16, 2015 by sibrodo (see edit history)

[jesydeepu]

Pls try the following

You need to pass the key like explained in our documentation as

 http://yourshop.com/api/?ws_key=YOUR_KEY

Edited February 25, 2017 by jesydeepu (see edit history)

[ricardo21ferreira]

Hi. 

Have you solved your issue?

thanks

[robertamsw]

Hello,

i have the same problem.

If i use http://yourshop.com/api/?ws_key=YOUR_KEY works fine but from http://yourshop.com/api/ no.

But shippypro says me that i need to use http://yourshop.com/api/ to integration.

 

How can i solve?

thanks

[andersburn]

Use the key as both the user and pass.

[rayrodriguezg]

Hello, to access yourwebsite.com/api you only need to register as a user the password generated from Advanced Parameters -> webservice.

If you can not access in this way, activate the CGI mode for PHP from Advanced parameters -> webservice

If you still can not connect, you can pass as a parameter to the url yourwebsite.com/api?ws_key=YOURKEY and you can connect.

Regards!

[burakpresta3]

On 3/16/2015 at 10:02 AM, sibrodo said:

I have prestashop 1.5 installed on my server, and currently have 1 API Token for testing.

Whenever i try to access it via http://myshopdomain.com/api/ it keep asking for a username + password with a message "Authentication Required" (see attachment)

But when i try to access it directly via: http://myshopdomain.com/api/?ws_key=XXXXX it displays all available endpoints.

I already set the "Active mode CGI for PHP" to TRUE I have a feeling that this has got to do with my .htaccess, but i am not sure what to do with it. Can anyone please help me

 

 

EDIT #1: 

 

I've tried to add this solution (DOES NOT WORK) : http://forge.prestashop.com/browse/PSCFV-7266#comment-48727

 

File: webservice/dispatcher.php

 

Add this code on line #47

if(strpos(@php_sapi_name(), 'CGI')){
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}

Just before this code:

if (isset($_SERVER['PHP_AUTH_USER']))
	$key = $_SERVER['PHP_AUTH_USER'];
elseif (isset($_GET['ws_key']))
	$key = $_GET['ws_key'];
else
{
	header($_SERVER['SERVER_PROTOCOL'].' 401 Unauthorized');
	header('WWW-Authenticate: Basic realm="Welcome to PrestaShop Webservice, please enter the authentication key as the login. No password required."');
	die;
}

Too many time, yes.. 

but did you fixed this ? i have almost same problem. 

[Petr Müller]

It look like feature, not a problem.

All works, if you put ws_key into query. No other authorization way forks for now. From my point of view it is worse then basic auth, but what to do?!

All works fine, if there is &ws_key=KEY at the end of reuquest.

In Postman like this: