"APIUser" requires authentication, and not currently authenticated.

Discussion for TimeTrex open source community developers.
Post Reply
torodev
Posts: 4
Joined: Mon Feb 20, 2023 5:58 pm

"APIUser" requires authentication, and not currently authenticated.

Post by torodev »

I can do a CRUD operation successfully on Postman, but when I try other platforms or another way like creating a script on PHP(using the PHP source code provided on TimeTrex API documentation) or sending a CURL command request on the terminal, I always get "APIUser" requires authentication, and not currently authenticated. But the inputs(like sessionId, class, and method) I used was the same as the Postman I used.

Here's a screenshot that working on Postman:
Successful request on postman
Successful request on postman
But when I try to run it on terminal using Curl command that I got from the postman snippet. I will get the "APIUser" requires authentication, and not currently authenticated error.
Code Snippet - Curl from Postman
Code Snippet - Curl from Postman
This same goes to the PHP file I copied from the documentation..

Code: Select all

<?php

//Build URL given a Class and Method to call.
//Format is: http://demo.timetrex.com/api/json/api.php?Class=&Method=&SessionID=
function buildURL( $class, $method ) {
	global $TIMETREX_URL;
	$url = $TIMETREX_URL . '?Class=' . $class . '&Method=' . $method;

	return $url;
}

//Handle complex result.
function handleResult( $result, $raw = false ) {
	if ( is_array( $result ) && isset( $result['api_retval'] ) ) {
		if ( $raw === true ) {
			return $result;
		} else {
			if ( $result['api_retval'] === false ) {
				if ( php_sapi_name() == 'cli' ) {
					$eol = "\n";
					$space = " ";
				} else {
					$eol = "<br>\n";
					$space = "-";
				}

				//Display any error messages that might be returned.
				$output[] = 'Returned:';
				$output[] = ( $result['api_retval'] === true ) ? '  IsValid: YES' : '    IsValid: NO';
				if ( $result['api_retval'] === true ) {
					$output[] = '  Return Value: ' . $result['api_retval'];
				} else {
					$output[] = '  Code: ' . $result['api_details']['code'];
					$output[] = '  Description: ' . $result['api_details']['description'];
					$output[] = '  Details: ';

					$details = $result['api_details']['details'];
					if ( is_array( $details ) ) {
						foreach ( $details as $row => $row_details ) {
							if ( isset( $row_details['error'] ) ) { //When importing data, each row has its own validation object, which could contain the "error" sub-element.
								$tmp_row_details = $row_details['error'];
							} else {
								$tmp_row_details = $row_details;
							}

							$output[] = '    Row: ' . $row;
							foreach ( $tmp_row_details as $field => $msgs ) {
								$output[] = str_repeat( $space, 2 ) .'Field: ' . $field;
								foreach ( $msgs as $msg ) {
									$output[] = str_repeat( $space, 4 ) .'Message: ' . $msg;
								}
							}
						}
					}
				}
				$output[] = '==============================================================';
				$output[] = '';

				echo implode( $eol, $output );
			}

			return $result['api_retval'];
		}
	}

	return $result;
}

//Post data (array of arguments) to URL
function postToURL( $url, $data = null, $raw_result = false ) {
	$curl_connection = curl_init();
	curl_setopt( $curl_connection, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1 );
	curl_setopt( $curl_connection, CURLOPT_URL, $url );
	curl_setopt( $curl_connection, CURLOPT_REFERER, $url ); //**IMPORTANT: Referer should always be sent to avoid requests being rejected due to CSRF security checks.
	curl_setopt( $curl_connection, CURLOPT_CONNECTTIMEOUT, 600 );
	curl_setopt( $curl_connection, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $curl_connection, CURLOPT_SSL_VERIFYPEER, false );
	curl_setopt( $curl_connection, CURLOPT_SSL_VERIFYHOST, false );
	curl_setopt( $curl_connection, CURLOPT_FOLLOWLOCATION, 0 );

	global $TIMETREX_API_KEY;
	curl_setopt( $curl_connection, CURLOPT_HTTPHEADER, [ 'Cookie: SessionID='. $TIMETREX_API_KEY ] ); //Send API Key as a cookie.

	//When sending JSON data to POST, it must be sent as: json=
	// should be an associative array with the first level being the number of arguments, where each argument can be of mixed type. ie:
	// array(
	//       0 => ,
	//		 1 => ,
	//		 2 => ,
	//       ...
	//      )

	echo "==============================================================\r\n";
	echo "Posting data to URL: " . $url . "\n";

	if ( $data !== null ) {
		$post_data = 'json=' . urlencode( json_encode( $data ) );
		curl_setopt( $curl_connection, CURLOPT_POSTFIELDS, $post_data );

		echo "  POST Data: " . $post_data . "\n";
	}
	echo "--------------------------------------------------------------\n";

	$result = curl_exec( $curl_connection );
	curl_close( $curl_connection );

	return handleResult( json_decode( $result, true ), $raw_result );
}

/*
 Global variables
*/
$TIMETREX_URL = 'http://localhost/timetrex/api/json/api.php';
$TIMETREX_API_KEY = 'APIb577e7a21a99d96f02bd66932fe5ddb37a110018'; //**IMPORTANT** Use the registered API key/Session ID from above.

$arguments = array( 'filter_data' => array(
    'id' => '0b8030ad-7c17-4fe4-b517-63f7a221b253'
    //'user_name' => 'john.doe567',
    )
);
$user_data = postToURL( buildURL( 'APIUser', 'getUser' ), array( $arguments ) );
?>
mikeb
Posts: 709
Joined: Thu Jul 27, 2006 11:58 am

Re: "APIUser" requires authentication, and not currently authenticated.

Post by mikeb »

Your API key is likely not correct or registered anymore. I changed your example script to point to our public demo and used a registration key from it and worked perfectly.

If you enable diagnostic logging in TimeTrex and check your server logs, (as described here: viewtopic.php?t=89 ) it will give you more information.
TimeTrex Community Edition is developed and supported by volunteers.
Help motivate us to continue by showing your appreciation!
torodev
Posts: 4
Joined: Mon Feb 20, 2023 5:58 pm

Re: "APIUser" requires authentication, and not currently authenticated.

Post by torodev »

Thanks, I found the problem on the server logs! enabling the diagnostic logging helps a lot! :D
mikeb
Posts: 709
Joined: Thu Jul 27, 2006 11:58 am

Re: "APIUser" requires authentication, and not currently authenticated.

Post by mikeb »

It would be appreciated if you post the details of the solution here so it may help others too.
TimeTrex Community Edition is developed and supported by volunteers.
Help motivate us to continue by showing your appreciation!
Post Reply