Integration API not working after upgrading to Magento 2.4.4+

0
1894
Integration API not working after upgrading to Magento 2.4.4+
Integration API not working after upgrading to Magento 2.4.4+

There is an update that make integration API not working after upgrading to Magento 2.4.4+. I will give you some notes to fix the integration API connection in this article.

After upgrading to any Magento version equal or above 2.4.4, the API response would return to something like this:

{
  "message": "The consumer isn't authorized to access %resources.",
  "parameters": {
    "resources": "Magento_Sales::actions_view"
  }
}

Let read the note from official Magento documentation:

In previous versions of Commerce, the access token could be used on its own for token-based authentication. This behavior has been disabled by default due to the security implications of a never-expiring access token. Namely, if the access token is compromised it provides undetected persistent access to a store.Adobe Commerce Documentation

That means if you use the token from the integration API, which never expires, this error will show up because Magento 2.4.4 and above disables this bearer token by default.

To resolve this, there is an temporary solution.

Visit Admin > Stores > Configuration > Services > OAuth.

Scroll down to the option “Allow OAuth Access Tokens to be used as standalone Bearer tokens” and select “Yes“.

Then flush the cache. The integration API should go back to normal, the bear token will continue to work as before upgrade.

You can execute a command to set this option as well.

$ bin/magento config:set oauth/consumer/enable_integration_as_bearer 1

However, this never-expired token method is not secured, the recommendation is to upgrade to use OAuth to generate token for limited time, default to 4 hours. Magento will probably remove this option in some future versions.

Make sure your Magento 2 app is always up-to-date.