Support

Admin Tools

#39015 Admin Tools Blocking API Authentication for GET & POST

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.2.8
PHP version
8.0.28
Admin Tools version
7.2.3

Latest post by attiii on Thursday, 25 May 2023 13:29 CDT

attiii

Hi!

I am trying to test (and eventually launch in production) making API calls to post weblinks and articles automatically into my Joomla instance. When testing basic connectivity with Postman, we get Forbidden errors when attempting to use the Bearer Token authentication process, and our custom error message generated by AdminTools when using X-Joomla-Token in the header. 

Can you please let me know the best path forward with opening up access for an external app (likely to be hosted on the same web server, fyi) to make API calls into Joomla with Admin Tools enabled. I am sure there is an exception we can write, but not sure how to do so.

Thanks!

nicholas
Akeeba Staff
Manager

First of all, you are using an ancient version of Admin Tools. While there used to be a problem with the .htaccess Maker blocking the Authorization header, this was addressed in Admin Tools 7.3.0. So, one option is to install Admin Tools 7.3.0, go to .htaccess Maker, and click on Save & Create .htaccess to refresh your .htaccess file to the new version.

No version of Admin Tools, however, is blocking the X-Joomla-Token header. This is what we are using ourselves, very extensively. At the most basic level, we're using the Joomla API with the X-Joomla-Token header to publish the new releases to our site. We are of course using Admin Tools and the .htaccess Maker to protect our site as well. If Admin Tools or its .htaccess Maker blocked the X-Joomla-Token header we would have been unable to publish any software the last 15 months this site is on Joomla 4.

Which brings us to your second problem. The order of operations matters for understanding what happened; thank for describing thoroughly what you did, it helped a lot.

The message you get from Admin Tools is because you failed the authentication too many times when trying to use the Authentication header and you've enabled the option in Admin Tools to treat logins as blocked requests. Therefore the multitude of failed logins resulted in your IP address becoming temporarily banned by Admin Tools, hence the message about your IP being blocked. You need to unblock your IP to stop that message from appearing.

TL;DR: Install the latest version of Admin Tools. Regenerate your .htaccess Maker. Unblock your IP address. You're good to go!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

attiii

Much like when in doubt, restart....here when in doubt, check versions haha!

Everything seems to work smoothly now with the upgrade and new htaccess. THANK YOU.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!