You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can go to the API in the admin panel and click the getUsers and it gives results to the browser just fine. Same token_auth in the URL as well. If you simply modify misc/api_internal_call.php to call UsersManager.getUsers and remove the extra data it loads when in the same browser (probably because I am logged in as admin). If I try a different browser it will not work. The token_auth appears to have no effect on authorizing the request.
In my specific implementation, I do not even want Piwik handling my sessions when using the internal API.
I have tested this on 0.2.9 as well as Release 634 from svn.
The text was updated successfully, but these errors were encountered:
Thank you for the report. This bug was harder to fix than I initially thought.
please use latest SVN and report any pb.
patched in 661
rules:
- calling from any module (except module=API), cookie will be checked
- calling from module=API, cookie won’t be checked.
- calling from any module= (or no module= for example the case of misc/api_internal_call.php)
*_if using API_Request without specifying a token_auth, API_Request will use existing access (cookie if available, otherwise show permission error)
*_if using API_Request specifying a token_auth, API_Request will reload access for this token_auth
I am using a basic internal request and continue to receive the follow error despite the use of the correct token_auth:
“You can’t access this resource as it requires a ‘superuser’ access.”
```
$request = new Piwik_API_Request(’
method=UsersManager.getUsers
&token_auth=c11c87e44b5c98a387e2968dc22fa4dc’);
$result = $request→process();
```
I can go to the API in the admin panel and click the getUsers and it gives results to the browser just fine. Same token_auth in the URL as well. If you simply modify misc/api_internal_call.php to call UsersManager.getUsers and remove the extra data it loads when in the same browser (probably because I am logged in as admin). If I try a different browser it will not work. The token_auth appears to have no effect on authorizing the request.
In my specific implementation, I do not even want Piwik handling my sessions when using the internal API.
I have tested this on 0.2.9 as well as Release 634 from svn.
The text was updated successfully, but these errors were encountered: