Contao Manager API rejects Token

Question

Contao Manager API rejects Token

Closed this issue 8 months ago · 5 comments

M-Zoldak commented 8 months ago

I can't read data from Contao manager API after retrieving token. API returns Access denied - 403 for any call.

It's still working with tokens retrieved old way, saved in DB for other websites.

Answer 1 · 2024-01-09T08:43:05.000Z

Please explain exactly what you're doing. What does your request look like?

Answer 2 · 2024-01-09T09:00:06.000Z

I'm saving token which comes with access_token parameter.
Making curl request to example.com/contao-manager.phar.php/api/server/php-web with headers, including Authorization: Bearer "previously saved token", and some more.

And at this point, for Tokens created before (I assume) contao-manager < ~1.8.0 this call works perfectly, and for calls with tokens received from contao-manager > 1.8.0, it returns 403 response.

Answer 3 · 2024-01-09T10:15:30.000Z

Are you sure you‘re saving the token? The token return URL has changed, there is no query parameter for the token, it is in the URL hash only!

Answer 4 · 2024-01-09T10:28:59.000Z

Yes, I'm sure whole Token is saved - from hash, and not from parameter.

Answer 5 · 2024-01-09T11:02:23.000Z

Ok, my big mistake.

I made a request to my own website instead of client website.