The consumer isn't authorized to access %resources

Question

Magento version 2.3.3

Admin token is successfully obtained using the API, however, when trying to fetch any resource using that token, I get this message: "The consumer isn't authorized to access %resources."

The user is Administrator and has access to all of the resources. There's no field labeled "Allow OAuth Access Tokens to be used as standalone Bearer tokens" so that I can enable it.

What else can be done ?

I'm using Postman.

Using OAuth with the integration details in Magento admin to get the admin token from rest/V1/integration/admin/token

Then using the access token in response as a Bearer token to access resources, for example from rest/V1/products

Authorization: "Bearer <admin access token obtained>"

Answer 1

Are you passing the token correctly?

Section Authorization: Choose Type: Bearer Token

Paste the token like

Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...

Or from Magento2 docs (Adobe)

To disable this feature, log in to the Admin panel and navigate to Stores > Settings > Configuration > Services > Magento Web API > Web API Security. Then select Yes from the Allow Anonymous Guest Access menu.

A setting you should be careful with.

Answer 2

Please, log in to the Admin Panel and

• Consider adding a new integration under SYSTEM > Extensions > Integrations > "Add New Integration".
  • Don't forget to select "All" or select "Resource Access" to your integration under "Add New Integration" > API and save.
  • Once saved, activate your integration to get the consumer key, access token, etc.
• Under STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings" > set "Allow OAuth Access Tokens to be used as standalone Bearer tokens" to "Yes.
• Clear the cache under SYSTEM > Tools > Cache Management > "Flush Cache Storage"

Now, you can use your integration's Access Token as Bearer Token.
However, you should never use it in client-side code but only in a server-side one to keep it secure.