Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • AJ Murray 13 posts 122 karma points
    Jun 05, 2024 @ 05:37
    AJ  Murray
    0

    Commerce storefront api requests rejected with 403

    Using Umbraco 13 with Commerce package.

    I have enabled DeliveryApi and StorefrontApi with apikeys. Also setup so that Swagger shows the two document sets.

    Am attempting to use the Swagger UI to perform queries using the Storefront Api to check what is coming out. But these fail always with a 403 error saying "The Umbraco Commerce Storefront API is not enabled"

    This is plainly wrong as from the BO I can check all the settings to confirm that not only am I querying with the correct apikey but Swagger is showing the api methods.

    There is a twist in that all the content requires member authentication so it took a bit for me to enable that feature in the swagger UI. But I can now Authorise a Member and the log file show several tokens being passed around with success messages. EG "The token request was successfully validated."

    So I then attempt to Try it Out for any read-only method , eg Get a store by Id. This is rejected with 403 always. :-(

    If I observe the request in browser dev tools, I can see that there are lots of cookies flying around including the .aspNetCore.Identity.Application one with a couple of umbracoCommerce cookies also. The Request Header shows my apikey value that should be accepted.

    Now I am stumped. Does anyone have suggestions as to what is required for the storefront api to work?????

    TIA.

  • AJ Murray 13 posts 122 karma points
    Jun 05, 2024 @ 07:26
    AJ  Murray
    100

    Ok replying here to my own question as I FINALLY found out what was wrong. All my code for authentication was correct. The tricky part turned out to be exactly where the apikey was placed in the appsettings.json file. Been looking at it so long I couldn't see what was wrong.

      {  "Umbraco": {
        "CMS": {......},
        "Commerce": {
             "StorefrontApi": {
                   "ApiKey": "dummyapikey12345"
              }
         },
        ....etc etc
     }
    

    I had to discover painfully that the Commerce apikey goes outside of the CMS block! and inside its own Commerce block.

    Sigh.

Please Sign in or register to post replies

Write your reply to:

Draft