Rest API Authentication Error

Rest API Authentication Error

by Nathan Loudon -
Number of replies: 15

Hi, I am very new to Moodle, trying to use the rest API with postman. I have:

Enable web services in Site administration > Advanced features

Enabled Rest in Site administration > Server > Web services > Manage protocols

Created new service in Site administration > Server > Web services > External Services

Added function to service - core_course_get_courses_by_field

Users -> All Users (just to get it working, will be a username "web-api")

Created a token for username "web-api"

Send PostMan request:

https://lms.XXXXX.com/webservice/rest/server.php?wstoken=XXXX&moodlewsrestformat=json&wsfunction=core_course_get_courses_by_field&field=id&value=1


But am receiving:

{
    "exception": "webservice_access_exception",
    "errorcode": "accessexception",
    "message": "Access control exception"
}

I have also tried enrolling that user in the course, but nadda.

Any idea what I'm missing?

Cheers!



Average of ratings: -
In reply to Nathan Loudon

Re: Rest API Authentication Error

by Nathan Loudon -

So the bit I missed was "Enabling capabilities". I had to create a new role, then assign that role to the user. This page made it clearer:


/admin/category.php?category=webservicesettings



Average of ratings: -
In reply to Nathan Loudon

Re: Rest API Authentication Error

by David Ramirez -
Hello, I'm having the same issue, but I don't understand your solution. Can you please give me a hand. 

Cheers
Average of ratings: -
In reply to David Ramirez

Re: Rest API Authentication Error

by Nathan Loudon -
I think it was this line that guided me to the solution:

Check user capability: The user should have appropriate capabilities according to the protocols used, for example webservice/rest:use, webservice/soap:use. To achieve this, create a web services role with protocol capabilities allowed and assign it to the web services user as a system role.

If you go here /admin/roles/manage.php and add a role, and give it the capabilities you require, mine is currently:

usersmoodle/user:create
tokenmoodle/webservice:createtoken
settingsmoodle/course:update
participationmoodle/course:view
coursesmoodle/course:viewhiddencourses
protocolwebservice/rest:use

But only give it what it needs for your application.

Then assign that role to your API user.
Average of ratings: -
In reply to Nathan Loudon

Re: Rest API Authentication Error

by Jonathan Baird -
Hi,
I am encountering the same error you did and I do think I have created all of the pieces...

I created a role that has been given the necessary 'capabilities' (including "Use REST protocol").  A user has been given this role.
I created a service that has been given all of the same 'functions' as the role.  Of course, I have also enabled REST protocol on the server settings.
I also created a token that links the service and the user.

I must be missing something though since I am still getting a connection failure when trying to connect to the service.  Any insights would be greatly appreciated.
Average of ratings: -
In reply to Jonathan Baird

Re: Rest API Authentication Error

by Nathan Loudon -
It was some time ago sorry, I'd suggest going through this page step by step, guaranteeing you haven't missed anything:
Average of ratings: -
In reply to Jonathan Baird

Re: Rest API Authentication Error

by Brian Merritt -
Picture of Particularly helpful Moodlers
Is it possible to share the connection or error messages? You can blur any sensitive material.

Are you using Postman or some other method?
Average of ratings: -
In reply to Brian Merritt

Re: Rest API Authentication Error

by Jonathan Baird -
It just says "Authentication Error".
Connecting to the REST API via ColdFusion.  I've done this with earlier versions of Moodle.
Average of ratings: -
In reply to Jonathan Baird

Re: Rest API Authentication Error

by Nathan Loudon -
If you go to: https://www.example.com/admin/roles/manage.php and click on your web access role, you should see the functions that you've added to that role? Note mine includes the create user function as that's what I'm doing on my app. 

Attachment moodle.jpg
Average of ratings: -
In reply to Nathan Loudon

Re: Rest API Authentication Error

by Brian Merritt -
Picture of Particularly helpful Moodlers
I just did a test by the way of an API request not in the permissions list and get a very different error

{'exception': 'webservice_access_exception', 'errorcode': 'accessexception', 'message': 'Access control exception'}

And if the parameter is wrong

{'exception': 'invalid_parameter_exception', 'errorcode': 'invalidparameter', 'message': 'Invalid parameter value detected'}

So I suspect the issue is with the wstoken and/or an admin user
Average of ratings: -
In reply to Jonathan Baird

Re: Rest API Authentication Error

by Brian Merritt -
Picture of Particularly helpful Moodlers
Is this for an admin user? Or have you created a user with appropriate permissions.

Do you have database access? Can you see the webservice token for the appropriate user?

What does the actual rest api request look like? Do you have a full url & parameters? Again, hide any actual sensitive data like wstoken
Average of ratings: -
In reply to Brian Merritt

Re: Rest API Authentication Error

by Jonathan Baird -
I have created a user with permissions that is also an admin smile
I have made a token that connects the user with the service.
Yes, attempting to connect with a full url and parameters:
[moodle_server]&webservice/rest/server.php?wstoken='&[moodle_token]&'&wsfunction=core_user_get_users_by_field

I am getting the response:
<EXCEPTION class="webservice_access_exception"> <ERRORCODE>accessexception</ERRORCODE> <MESSAGE>Access control exception</MESSAGE> </EXCEPTION>
Average of ratings: -
In reply to Jonathan Baird

Re: Rest API Authentication Error

by Nathan Loudon -
Are you missing the:


From the query string perhaps?

Also I'm not sure if you're including the single quotes around the token, but maybe try without those?
Average of ratings: -
In reply to Nathan Loudon

Re: Rest API Authentication Error

by Jonathan Baird -
Hmm, I haven't needed that parameter in previous versions of Moodle, is this new?
Also, I'm looking to get an XML response, not JSON.  Not sure if this makes a difference?
Thanks
Average of ratings: -