Magento REST API – Solution for 400 Bad Request

Hello guys, its been so long I wrote a blog here. I’ve been so busy. ¬†Coming to the post, this bug has been haunting me for the past 1 week. Finally I have cracked it ūüėõ

I was trying to set up REST api with some Magento stores. In Oauth Initiate step I was getting 400 Bad request (Access Denied) on all stores hosted on our optimized servers. Magento was responding with the following error:

Also POST requests were not working even with correct oauth credentials. I was getting the following error:

I cross-checked Oauth library installation on our server, made sure the consumer key & secrets are correct, checked the Roles and Attributes and WHAT NOT! But nothing helped.¬†However this¬†was¬†working properly on Hostgator Shared Hosting. I couldn”t figure out what our servers were missing. We had Ubuntu 14.04, Apache2 and PHP-FPM.

After debugging for past many days, I found the culprit. The issue was with FastCGI and php-fpm. (We use Apache + php-fpm on our optimized servers to boost Magento performance, see¬† if you’re looking for Magento Optimization services)

It seems Apache was stripping the Authorization and Content-Type  header to improve security. So there was no headers given to php-fpm from FastCGI. The solution is to explicitly tell FastCGi to pass the Authorization header to php-fpm. In your fastcgi configuration file, make the following change (on Ubuntu it lies in /etc/apache2/mods-available)

So my fastcgi.conf now looks like:

Yes that was the fix!

Also check the following to prevent other bugs related to REST API:

  1. Make sure oauth library is installed and activated on your server.
  2. On some environments, you have to uncomment the below line in .htaccess (or Virtual Host conf if you have disabled htaccess)


That’s all for now! See ya soon with another bug (hopefully not :P)

The following two tabs change content below.
Hardcore programmer! Been playing with Magento for a while now!

Leave a Reply

Your email address will not be published. Required fields are marked *