Rest API Authentication Error

Rest API Authentication Error

Nathan Loudon
Number of replies: 15

Hi, I am very new to Moodle, trying to use the rest API with postman. I have:

Enable web services in Site administration > Advanced features

Enabled Rest in Site administration > Server > Web services > Manage protocols

Created new service in Site administration > Server > Web services > External Services

Added function to service - core_course_get_courses_by_field

Users -> All Users (just to get it working, will be a username "web-api")

Created a token for username "web-api"

Send PostMan request:

https://lms.XXXXX.com/webservice/rest/server.php?wstoken=XXXX&moodlewsrestformat=json&wsfunction=core_course_get_courses_by_field&field=id&value=1


But am receiving:

{
    "exception": "webservice_access_exception",
    "errorcode": "accessexception",
    "message": "Access control exception"
}

I have also tried enrolling that user in the course, but nadda.

Any idea what I'm missing?

Cheers!



평균 등급 : -
In reply to Nathan Loudon

Re: Rest API Authentication Error

Nathan Loudon

So the bit I missed was "Enabling capabilities". I had to create a new role, then assign that role to the user. This page made it clearer:


/admin/category.php?category=webservicesettings



평균 등급 : -
In reply to Nathan Loudon

Re: Rest API Authentication Error

David Ramirez
Hello, I'm having the same issue, but I don't understand your solution. Can you please give me a hand. 

Cheers
평균 등급 : -
In reply to David Ramirez

Re: Rest API Authentication Error

Nathan Loudon
I think it was this line that guided me to the solution:

Check user capability: The user should have appropriate capabilities according to the protocols used, for example webservice/rest:use, webservice/soap:use. To achieve this, create a web services role with protocol capabilities allowed and assign it to the web services user as a system role.

If you go here /admin/roles/manage.php and add a role, and give it the capabilities you require, mine is currently:

usersmoodle/user:create
tokenmoodle/webservice:createtoken
settingsmoodle/course:update
participationmoodle/course:view
coursesmoodle/course:viewhiddencourses
protocolwebservice/rest:use

But only give it what it needs for your application.

Then assign that role to your API user.
평균 등급 : -
In reply to Nathan Loudon

Re: Rest API Authentication Error

Jonathan Baird
Hi,
I am encountering the same error you did and I do think I have created all of the pieces...

I created a role that has been given the necessary 'capabilities' (including "Use REST protocol").  A user has been given this role.
I created a service that has been given all of the same 'functions' as the role.  Of course, I have also enabled REST protocol on the server settings.
I also created a token that links the service and the user.

I must be missing something though since I am still getting a connection failure when trying to connect to the service.  Any insights would be greatly appreciated.
평균 등급 : -
In reply to Jonathan Baird

Re: Rest API Authentication Error

Nathan Loudon
It was some time ago sorry, I'd suggest going through this page step by step, guaranteeing you haven't missed anything:
평균 등급 : -
In reply to Jonathan Baird

Re: Rest API Authentication Error

Brian Merritt
Particularly helpful Moodlers 사진
Is it possible to share the connection or error messages? You can blur any sensitive material.

Are you using Postman or some other method?
평균 등급 : -
In reply to Brian Merritt

Re: Rest API Authentication Error

Jonathan Baird
It just says "Authentication Error".
Connecting to the REST API via ColdFusion.  I've done this with earlier versions of Moodle.
평균 등급 : -
In reply to Jonathan Baird

Re: Rest API Authentication Error

Nathan Loudon
If you go to: https://www.example.com/admin/roles/manage.php and click on your web access role, you should see the functions that you've added to that role? Note mine includes the create user function as that's what I'm doing on my app. 

Attachment moodle.jpg
평균 등급 : -
In reply to Nathan Loudon

Re: Rest API Authentication Error

Brian Merritt
Particularly helpful Moodlers 사진
I just did a test by the way of an API request not in the permissions list and get a very different error

{'exception': 'webservice_access_exception', 'errorcode': 'accessexception', 'message': 'Access control exception'}

And if the parameter is wrong

{'exception': 'invalid_parameter_exception', 'errorcode': 'invalidparameter', 'message': 'Invalid parameter value detected'}

So I suspect the issue is with the wstoken and/or an admin user
평균 등급 : -
In reply to Jonathan Baird

Re: Rest API Authentication Error

Brian Merritt
Particularly helpful Moodlers 사진
Is this for an admin user? Or have you created a user with appropriate permissions.

Do you have database access? Can you see the webservice token for the appropriate user?

What does the actual rest api request look like? Do you have a full url & parameters? Again, hide any actual sensitive data like wstoken
평균 등급 : -
In reply to Brian Merritt

Re: Rest API Authentication Error

Jonathan Baird
I have created a user with permissions that is also an admin 미소
I have made a token that connects the user with the service.
Yes, attempting to connect with a full url and parameters:
[moodle_server]&webservice/rest/server.php?wstoken='&[moodle_token]&'&wsfunction=core_user_get_users_by_field

I am getting the response:
<EXCEPTION class="webservice_access_exception"> <ERRORCODE>accessexception</ERRORCODE> <MESSAGE>Access control exception</MESSAGE> </EXCEPTION>
평균 등급 : -
In reply to Jonathan Baird

Re: Rest API Authentication Error

Nathan Loudon
Are you missing the:


From the query string perhaps?

Also I'm not sure if you're including the single quotes around the token, but maybe try without those?
평균 등급 : -
In reply to Nathan Loudon

Re: Rest API Authentication Error

Jonathan Baird
Hmm, I haven't needed that parameter in previous versions of Moodle, is this new?
Also, I'm looking to get an XML response, not JSON.  Not sure if this makes a difference?
Thanks
평균 등급 : -