Commerce storefront api requests rejected with 403
Using Umbraco 13 with Commerce package.
I have enabled DeliveryApi and StorefrontApi with apikeys.
Also setup so that Swagger shows the two document sets.
Am attempting to use the Swagger UI to perform queries using the Storefront Api to check what is coming out.
But these fail always with a 403 error saying "The Umbraco Commerce Storefront API is not enabled"
This is plainly wrong as from the BO I can check all the settings to confirm that not only am I querying with the correct apikey but Swagger is showing the api methods.
There is a twist in that all the content requires member authentication so it took a bit for me to enable that feature in the swagger UI. But I can now Authorise a Member and the log file show several tokens being passed around with success messages. EG "The token request was successfully validated."
So I then attempt to Try it Out for any read-only method , eg Get a store by Id.
This is rejected with 403 always. :-(
If I observe the request in browser dev tools, I can see that there are lots of cookies flying around including the .aspNetCore.Identity.Application one with a couple of umbracoCommerce cookies also.
The Request Header shows my apikey value that should be accepted.
Now I am stumped. Does anyone have suggestions as to what is required for the storefront api to work?????
Ok replying here to my own question as I FINALLY found out what was wrong.
All my code for authentication was correct. The tricky part turned out to be exactly where the apikey was placed in the appsettings.json file.
Been looking at it so long I couldn't see what was wrong.
Commerce storefront api requests rejected with 403
Using Umbraco 13 with Commerce package.
I have enabled DeliveryApi and StorefrontApi with apikeys. Also setup so that Swagger shows the two document sets.
Am attempting to use the Swagger UI to perform queries using the Storefront Api to check what is coming out. But these fail always with a 403 error saying "The Umbraco Commerce Storefront API is not enabled"
This is plainly wrong as from the BO I can check all the settings to confirm that not only am I querying with the correct apikey but Swagger is showing the api methods.
There is a twist in that all the content requires member authentication so it took a bit for me to enable that feature in the swagger UI. But I can now Authorise a Member and the log file show several tokens being passed around with success messages. EG "The token request was successfully validated."
So I then attempt to Try it Out for any read-only method , eg Get a store by Id. This is rejected with 403 always. :-(
If I observe the request in browser dev tools, I can see that there are lots of cookies flying around including the .aspNetCore.Identity.Application one with a couple of umbracoCommerce cookies also. The Request Header shows my apikey value that should be accepted.
Now I am stumped. Does anyone have suggestions as to what is required for the storefront api to work?????
TIA.
Ok replying here to my own question as I FINALLY found out what was wrong. All my code for authentication was correct. The tricky part turned out to be exactly where the apikey was placed in the appsettings.json file. Been looking at it so long I couldn't see what was wrong.
I had to discover painfully that the Commerce apikey goes outside of the CMS block! and inside its own Commerce block.
Sigh.
is working on a reply...