Forgive me in advance for what is probably a basic overall question. I'm still learning Magento 2 (v.2.4.5-p1) and need some hand holding at times.
I've inherited this project with several endpoints that the client is hitting to post data into the system. When testing one such endpoint via Postman, we are getting "401 Unauthorized" errors. Here's an (obfuscated) route in the webapi.xml file:
<route method="POST" url="/V1/etl/import">
<service class="ClientName\EtlServer\Api\ImportManagementInterface" method="postImport"/>
<resources>
<resource ref="admin"/>
</resources>
</route>
When we POST a single block of JSON to it through Postman, the status (as noted above) is a 401 with the following message:
{
"message": "The consumer isn't authorized to access %resources.",
"parameters": {
"resources": "admin"
}
}
PM is using the POST method, Authorization is set to "No Auth" and the Body just has the JSON raw blob. I'm guessing it has to do with the <resource ref="admin"/> bit in the xml node... would changing it to anonymous allow all access? Or is there a better / more secure way to allow access to this endpoint?
I knew this would be a dumb question, that I'd eventually be able to answer on my own. Posting this here in case someone else has the same issues now or in the future. :-p
I'm keeping the <resource ref="admin"/> for obvious reasons (we don't want this open to the world). Long story short, I need a Bearer token that I can get by posting back to the server. Here's the documentation that I had been missing prior to my posted question: