OAuth and Invoke-RestMethod RRS feed

  • Question

  • Hello,

    I'm extremely new to using Powershell to script, so bear with me if this may be an easy question.  I'm also extremely new to using APIs and how to interact with them.  This question combines both of these things, PowerShell and using the Invoke-RestMethod to interact with an API.

    My goal is to connect to our eCommerce platform so I can pull sales order data.  I've setup an integration point with the platform and I have the consumer key, consumer secret, access token, and access token secret information readily available.  A lot of the information I have seen talks about sending a POST command to get the access token, but seeing as how I already have that information, I shouldn't need to do that step right?  

    To connect to our ecommerce platform there are a list of requirements that need to be passed in the Authorization header and they are:

    I found out how to make the authorization header in PowerShell, but I'm unsure of the rest of it.  So I was hoping someone could help me out in the best way to get all of the information needed in the Authorization header so I can get the information I need.  I think once I can get authorized, I should be able to query what I need.  

    Here is a link to dev docs for where I'm trying to get access: https://devdocs.magento.com/guides/v2.2/get-started/authentication/gs-authentication-oauth.html

    Thank You,
    Trevor Bensen

    • Moved by Bill_Stewart Wednesday, September 4, 2019 7:19 PM This is not "hand holding for each step from afar" forum
    Tuesday, March 19, 2019 9:21 PM

All replies

  • There are numerous examples on that site.  You will have to learn to use OAuth to determine how to do what you need.

    Here is a PowerShell discussion of using OAuth with PS.



    Tuesday, March 19, 2019 10:29 PM
  • Thanks for the link.  I'll wade through all the code in that script to see if I can piece together all of the requirements needed for the Magento API.  More than likely it's just my inexperience, but reading through the Magento documentation was clear as mud and I couldn't piece together what I needed to do.  I thought I had the right information, but whenever I run the PowerShell script I created, I get a status code of 404: Not Found, so I must not have all of the required information in the header section of the script.


    Wednesday, March 20, 2019 3:40 PM
  • 404 means your url is wrong.


    Wednesday, March 20, 2019 3:43 PM
  • I knew a 404 was an incorrect URL when trying to visit a webpage, but for some reason it didn't register with me when trying to construct this API call in PowerShell.  Well after closer inspection of the URL, I had a lowercase letter where there should have been an uppercase letter.  Now I feel like an idiot....lol.  

    After correcting that mistake, I've moved on to a different error: 400 - Bad Request, so I'm guessing this has to do with how the headers are structured and the fact they are missing information.


    Wednesday, March 20, 2019 4:03 PM
  • I've gone through this code example and I tried to modify it based on what I need, and I think i'm fairly close, but I'm getting a 401 Unauthorized response.  I'm using a try/catch method to capture the error response.  

    The catch has "Write-Host $_" which tells me the server returned an error (401 Unauthorized).  I'm wondering if there is a way to capture more information from the server response because looking at the Magento site, it has specific error codes that indicate why the authorization failed.  If I knew what that error code was, I should be able to fix the PowerShell script I'm using.

    Trevor Bensen

    Friday, March 22, 2019 6:58 PM
  • The result from the Invoke contains the detailed error if there is one. Try/CAtch prevents getting this result.


    Friday, March 22, 2019 7:26 PM
  • Doesn't look like it's returning anything extra in the response.  Is there any way to capture this or is it a limitation with the API endpoint I'm trying to access?


    Friday, March 22, 2019 7:53 PM
  • Then there will be no more info available.

    The error indicates that you are not authorized to use the service. It is not saying that the request is bad or missing anything.

    You need to contact the site to learn how to get your account authorized to use the API.  Even have a token may not be enough.  Usually you need to specify a login account and the key or subscription id.  After authenticating you will have a session that will work for each subsequent OAuth or Jason call.


    Friday, March 22, 2019 8:09 PM
  • We have the ability to manage "integrations" which provides integration details such as; Consumer Key, Consumer Secret, Access Token, Access Token Secret.  From the integration section, we can set access permissions to different resources and I have given myself access to all the API resources for this site.

    I'm wondering if I'm trying to over-complicate this API call by using OAuth.  If I already have a token, then I should be able to use Token Based authentication to access these APIs?


    Friday, March 22, 2019 8:23 PM
  • That very much depends on how the designers built the site and the site's security.  If the site doesn't use OAuth then you will not be able to use it.

    All of this is up to the vendor for the site.  We cannot answer these questions.


    Friday, March 22, 2019 8:27 PM
  • I was trying to make things a little too complicated, I don't need to use OAuth to access the API.  Because we are able to create an integration account on the website, I am given the Access token, so there is no need to run through the process of logging in and getting an access token.

    Knowing the access token, I store it's value in a variable like $token.  From here I can put this variable into another variable $headers.  Then I set the $header data like this:

    $header = @{    "Authorization" = "Bearer $token"    "Accept" = "application/json"}

    And here is the powershell command to bring it all together:

      Invoke-RestMethod -uri $uri -Headers $header


    Monday, March 25, 2019 3:46 PM