[Bug]: API request with x-medusa-access-token header always returns Unauthorized #10691
Comments
|
I'm having kind of the same issue here. I'm following along the Medusa tutorial in the docs. I'm at the stage where a brand is add via curl. curl -X POST 'http://localhost:9000/admin/brands' |
you need to use only the token in the header, without " or {}. |
Hello, can you specify exactly how you created this api key? |
|
The token should be passed like this Intead of using @shahednasser not sure if this is documented well, I couldn't find info on how to use the secret API keys. I'll reassign to you so check it out when you can. |
It was generated through the Admin application by following these steps:
@sradevski Ah, I see the issue, I was following the v1 instructions at https://docs.medusajs.com/v1/api/admin. It would be great to have a warning message at the top of the page, if possible. I'll be mindful to use the v2 docs in the future. |
|
You should also update the OpenAPI specs, because they all use the v1 headers, still. I'd love a notification when that update takes place, I'll keep notifications for this thread on, in case it's possible to get a ping! |
|
Hey, we've updated it in the place it was used. Can you verify if there were other places it was used in? |
|
That's the only spot I found it, but if I see another I'll definitely ping ya! |
Package.json file
{ "name": "medusa-starter-default", "version": "0.0.1", "description": "A starter for Medusa projects.", "author": "Medusa (https://medusajs.com)", "license": "MIT", "keywords": [ "sqlite", "postgres", "typescript", "ecommerce", "headless", "medusa" ], "scripts": { "build": "medusa build", "seed": "medusa exec ./src/scripts/seed.ts", "start": "medusa start", "dev": "medusa develop", "test:integration:http": "TEST_TYPE=integration:http NODE_OPTIONS=--experimental-vm-modules jest --silent=false --runInBand --forceExit", "test:integration:modules": "TEST_TYPE=integration:modules NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit", "test:unit": "TEST_TYPE=unit NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit" }, "dependencies": { "@medusajs/admin-sdk": "2.1.2", "@medusajs/cli": "2.1.2", "@medusajs/framework": "2.1.2", "@medusajs/medusa": "2.1.2", "@mikro-orm/core": "5.9.7", "@mikro-orm/knex": "5.9.7", "@mikro-orm/migrations": "5.9.7", "@mikro-orm/postgresql": "5.9.7", "@nostrify/nostrify": "npm:@jsr/nostrify__nostrify", "awilix": "^8.0.1", "nostr-tools": "^2.10.4", "pg": "^8.13.0", "ws": "^8.18.0" }, "devDependencies": { "@medusajs/test-utils": "2.1.2", "@mikro-orm/cli": "5.9.7", "@swc/core": "1.5.7", "@swc/jest": "^0.2.36", "@types/jest": "^29.5.13", "@types/node": "^20.0.0", "@types/react": "^18.3.2", "@types/react-dom": "^18.2.25", "@types/ws": "^8.5.13", "jest": "^29.7.0", "prop-types": "^15.8.1", "react": "^18.2.0", "react-dom": "^18.2.0", "ts-node": "^10.9.2", "typescript": "^5.6.2", "vite": "^5.2.11" }, "engines": { "node": ">=20" } }Node.js version
v20.10.0
Database and its version
PostgreSQL (default with npx create-medusa-app@latest on 12/17/24)
Operating system name and version
MacOS Sonoma 14.5 (23F79)
Browser name
Arc
What happended?
The API Keys that I generate via the Medusa Admin web app do not authorize my Admin API requests.
Expected behavior
❯ curl --request GET
--url http://localhost:9000/admin/custom
--header 'x-medusa-access-token: REDACTED' \
Should respond 200
Actual behavior
❯ curl --request GET
--url http://localhost:9000/admin/custom
--header 'x-medusa-access-token: REDACTED' \
{"message":"Unauthorized"}%
Link to reproduction repo
https://github.com/amunrarara/medusa-auth-header-bug
The text was updated successfully, but these errors were encountered: