403 Error, API Basic Auth Access

Product Support
1

Your software
My Mautic version is: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
My PHP version is: 7.3.15

My problem is:
I’m getting 403 error when trying to connect to the Api Using the Basic Auth ,and it says that i dont have permission, and i’m quite sure that i’m using the right credentials, and i’m trying to do a call to get contacts,
and the same Credentials are working fine to access the mautic platform,
get …/api/contacts

<title>403 Forbidden</title>

<h1>Forbidden</h1>

<p>You don't have permission to access /api/contacts

    on this server.</p>

image
image1187×382 16.6 KB

These errors are showing in the log: when i do the call to the API

Steps I have tried to fix the problem:
I have restarted my comptuer , and removed all the cash and cookies

1 Like
2

You need to refresh Mautic cache after basic auth is turned on.

3

Hello, Thank you for your prompt reply,
we have cleared the Mautic cache but still getting same error,

5

Hi mouadallah, by any chance you managed to resolve this? I got similar problem. i have read all the htaccess posts and tried all of them, but still encountered the same 403 errors. I’m using the latest mautic.

6

Hi, if you turn on basic auth + cleared mautic cache, this should be working.

7

Hey joeyk, thanks a lot. I turned on basic auth + cleared the cache. And did all the tips I can find in this forum about 403 error. But none of them work for me :frowning:

  1. removed the whole <IfModule
  2. modify line 113 of

<If “%{REQUEST_URI} =~ m#^/(index|index_dev|upgrade/upgrade).php#”>

to

<FilesMatch “^(index|index_dev|filemanager|upgrade).php$”>

  1. add my Mautic installation folder in the path
    <FilesMatch “^/email/(index|index_dev|filemanager/upgrade).php$”>

  2. commented out
    <FilesMatch “.php$”>
    Require all denied

  3. CHMOD 777 to all my Mautic installation directories.

What I’ve noticed is that, I can access the API from Postman desktop, but not Postman browsers. I ensured the headers are the same. It just never work on browser version and it gives me 403 error.

I am on the latest Mautic, 4.4.3.
PHP Version 8.0.24

Please help me… i am stuck for 2 days already. Tried any way i can. Thanks so much.

8

oh yes, I also tried using OAUTH2 authentication. Same behavior. I can do it successfully from Postman desktop, but not Postman browser (or any other API tools)

9

Hi,
ok. What is your exact call in PHP? (replace psw and login with some chars.)

10

Here you go. Authorization key has been obfuscated. This will work on Desktop Postman, but not on Browser Postman. Thanks so much for looking into this.

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('https://email.saidhasyim.com/api/contacts/16');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Authorization' => 'Basic XXXXXXXXXXXXXXXXXXXXXXXXXX'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
11

What if you try
$request->setUrl('login:psw@https://email.saidhasyim.com/api/contacts/16');

?

12

I get invalid protocol error in Postman desktop. Could not send request.

<?php
$client = new http\Client;
$request = new http\Client\Request;
$request->setRequestUrl('XXXXXX:XXXX@https://email.saidhasyim.com/api/contacts/16');
$request->setRequestMethod('GET');
$request->setOptions(array());
$request->setHeaders(array(
  'Authorization' => 'Basic XXXXXXX'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();