Warning: Your IP * is not allowed to access this API!

[hectorhbto]

After upgrading to 2.1.0.1 when I try to work with orders "Warning: Your IP ... is not allowed to access esta API!" appears me

I deleted the tables related to the API and I have re-created, I've added my IP and continuous error.

[danielkerr]

fixed in latest commit

[xguntis]

what is the fix if i want to make it work without installing the latest (unstable) version from Github, but want to patch 2.1.0.1 ?

[jean-e]

BUMP- same as Guntis- what is the fix if i want to make it work without installing the latest (unstable) version from Github, but want to patch 2.1.0.1 ? Urgent help PLEASE!!!

[tambyq]

Its very simple first go into System > User > API
1 Give Name To Your API Example : " Main IP "
2 Click on Generate API
3 Make it Enable

Click on API Addressees
Click on ADD IP
Copy paste your IP

Click on Save

Then Go to System > Setting > Edit Your main Store > Click on Option tab
See here : API User
Select Your API USER Which was created in last Stage
For Example Select " main IP "

[mbaihaki]

i have a great solution about the order that cannot be edit and delete.

Actually the database was missing a file which is oc_api_session
So, you need to export that file on your database.

If you need that file, you have to install the latest version of Opencart. After that, EXPORT that file and IMPORT to your database.

So, its done!
i used on opencart 2.1.0.1

[siegerimport]

Warning: Your IP is not allowed to access this API!

Hello Guy I make like the tambyq said but it is no working.
I need help to fix this to sell. didn`t working.
Someone has the solution to this problem.

Help, please!!!!!!

Thanks for you attention me.
Best Wishes
Sieger Import

[alexiirj1]

Guys i cant believe how simple i solved this error. Just go to your hosting cPanel and scroll down to where it says select php version. set the version to 5.4. go back to your opencart dashboard delete all default orders and all the unnecessary sales. refresh page make sure they are all gone. then go back to your cPanel select the latest version of PHP which as of now is 5.6. many of opencart errors is only due to different php versions.

[alexiirj1]

Also this guy who provided this solution:

tambyq commented on Feb 1
Its very simple first go into System > User > API
1 Give Name To Your API Example : " Main IP "
2 Click on Generate API
3 Make it Enable

Click on API Addressees
Click on ADD IP
Copy paste your IP

Click on Save

Then Go to System > Setting > Edit Your main Store > Click on Option tab
See here : API User
Select Your API USER Which was created in last Stage
For Example Select " main IP "

Sir you solution is on every forum online and IT DOES NOT WORK

[thisuser]

tambyq's solution worked fine for me without changing to php version 5.6
the memory errors I encountered were resolved by moving the php.ini file from opencart folder to /public_html/ and changing the memorylimit to 128M. Works fine now.

Are you guys sure you did the last part? I thought it didnt work until I noticed I forgot that last part adding the API user in the store setting (option) page. Good luck!

Then Go to System > Setting > Edit Your main Store > Click on Option tab
See here : API User
Select Your API USER Which was created in last Stage
For Example Select " main IP "

[indefesso]

Hi! I have a little solution, you can do it better but it's good for a fast patch.

You can edit this file : admin/controller/common/login.php
and add after $this->session->data['token'] = token(32);
this query
$this->db->query(" insert into oc_api_ip (api_id, ip) VALUES ('1','".$_SERVER['REMOTE_ADDR']."') ");

OR , with vqmod:

Add this node to a existing or new vqmod xml
(I'm sorry but the editor break the code)

` <file name="admin/controller/common/login.php"> 
    <operation>
        <search position="replace"><![CDATA[  $this->session->data['token'] = token(32); ]]></search>
        <add><![CDATA[ 

$this->session->data['token'] = token(32);
$this->db->query(" insert into oc_api_ip (api_id, ip) VALUES ('1','".$_SERVER['REMOTE_ADDR']."') ");
]]>

`

;)

[GusAntoniassi]

@indefesso thanks! Updated the SQL query just a bit to avoid inserting duplicates:
$this->db->query("INSERT INTO oc_api_ip (api_id, ip) SELECT * FROM (SELECT '1', '".$_SERVER['REMOTE_ADDR'] ."') AS tmp WHERE NOT EXISTS (SELECT ip FROM oc_api_ip WHERE ip = '".$_SERVER['REMOTE_ADDR']."') LIMIT 1;");

[hackersfield]

Go to Users and then Under API section Name your api e.g., Main API and in IP tab put your current IP and then generate key and make sure to enable it. Viola.

[Nyrk0]

Hi.

I'm getting really tired of API/IP request several times every day: the internet here is ADSL so my IP is not fixed. Guess that too many OC's admin users share this situation.

Moreover, the API is almost unuseful today (but it could be a great feature... in the unknown future, I know) so... today, it is no really useful to ask for valid IP at each login.

Then, I was looking for an extension to disable the API/IP, but with no luck.

Some help?
A cool developer can set a mask for IP validate?

Since the ISP give us variable IP but in a range, guess than a practical solution will be to set up the OC allowed IPs in the mask form of [###.###.*.*]

Kindly,
Alex

[danielkerr]

ok coming up with a solution

…

On 11 March 2017 at 10:14, Nyrk0 ***@***.***> wrote: Hi. I'm getting really tired of API/IP request several times every day: the internet here is ADSL so my IP is not fixed. Guess that too many OC's admin users share this situation. Moreover, the API is almost unuseful today (but it could be a great feature... in the unknown future, I know) so... it is no really useful to ask for valid IP at each login. Then, I was looking for an extension to disable the API/IP, but with no luck. Some help? A cool developer can set a mask for IP validate? Since the ISP give us variable IP but in a range, guess than a practical fix will be to set up OC IP in the mask form of ###.###.*.* Kindly, Alex — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#3554 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AE2CzINIYEajgjFQLrHybjRwEZ63cladks5rkgOdgaJpZM4GVcfa> .

[cartbinder]

@Nyrk0

Hello Alex,

This is quick fix which i have added myself on my store. Basically when i login and login is successful i add ip to database. So i am never asked again on order list page.

Go to this file via ftp:
admin/controller/common/login.php

And find this line:
$this->session->data['token'] = token(32);

After that add below code:

$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api_ip` WHERE api_id = '" . (int)$this->config->get('config_api_id') . "'");
			
			foreach ($query->rows as $result) {
				$ip_data[] = $result['ip'];
			}

			if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$this->db->query("INSERT INTO `" . DB_PREFIX . "api_ip` SET api_id = '" . (int)$this->config->get('config_api_id') . "', ip = '" . $this->request->server['REMOTE_ADDR'] . "'");
			}

[arnisjuraga]

API IP check is something, which should be removed at all. With DSL IP's - if it changes multiple times a day and you are switching workplaces, then at the end your admin API sections will be filled with millions of IP's anyway.

API permissions check should have different approach to check permissions, not IP's in the future.

E.g. How about:

• on admin login, save the Admin IP or Session token and validate API access by that?

[kabircse]

I am getting "Error permission" on live server but local is ok. What is the problem ? I am using shared server for shop and other site for displaying product using api calling.

[sament]

You can check out this OpenCart OCMOD extension named Disable API checks
https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=30437&filter_search=API%20REST

[affan2]

You can check out this OpenCart OCMOD extension named Disable API checks
https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=30437&filter_search=API%20REST

@danielkerr is this considered safe to use?

thanks