Jump to content

API request failing for sandbox environment without username and password combination


silkyfish

Recommended Posts

Hoping someone can assist me, I haven't been able to find a resolution on the community or by following the documentation.

I'm developing  an integration for client via API requests and am facing an authentication issue with my requests..

The  issue is that any request that doesn't include a Basic authorization header which has my actual admin username and password fails on my sandbox (dev) instance. When I test the integration on my clients Production instance, I only need to submit the identifier and secret  in the request body and do not need to include any username and password and it is successful.

For example (request made against my dev instance of WHMCS): 

If I submit only my username and password as the Basic authentication in the request, the request fails with a "403 - Authentication Failed"

If I only submit my identifier and secret like described here: https://developers.whmcs.com/api/authentication/#authenticating-with-api-credentials , it fails with "401 (Unauthorized)" and the response is  (in html) "<p>Proper authorization is required to access this resource!</p>"

If I include both the basic authorization header with my login credentials and submit the identifier and secret in the body of the request I receive a successful "200 (OK)" response.

My question is, are there any specific configurations that need to happen in order for my instance of WHMCS to allow me to ONLY use the secret + identifier to authenticate requests? It just seems strange that my development environment gives me the issue and my clients production instance doesn't give me the same issue. The only thing I alter when making requests against my clients production instance is using my clients production secret and identifier and not submitting a basic authorization header and the requests are successful, however if I try the same against my dev instance then the requests fail.

We are both on version 8.2.1.

I've created the relevant API role with the correct permissions for the 'actions' of my request.

I've Whitelisted the IP address.

Thanks

Link to comment
Share on other sites

  • 9 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated