epi commerce and service api

Vote:
 

We have installed serviceapi on a commerce site. Everything works as expected with api queries, token, admin catalog, admin marketing. But the order management does not work, all xhr requests get : 

"Message": "Authorization has been denied for this request.". Is there something I can do to fix this ?




versions
episerver.cms 11.20.6
episerver.commerce 13.30.0
episerver.serviceapi 5.4.5

Thanks




#254132
Apr 30, 2021 8:02
Vote:
 

It is a known issue, and a very long time one. ServiceAPI supresses the default host authentication (i.e. removing the authentication cookie from the request), which renders the Order Management (built on Web API) useless. Of course it's less than optimal, but the only way to work around this for now is to have ServiceAPI installed on a separate site. 

#254142
Apr 30, 2021 15:17
Vote:
 

Aha, thanks that explains a lot. Hopefully this will be fixed eventually.. But when I looked into this with the knowledge from your reply I saw that this has been an issue since 2016 so I guess we will have to live with it for a while. Is there an easy way to "remove" this in a azure build or do we have to have two brances or repos ?

Thanks again

#254333
Edited, May 04, 2021 11:16
Vote:
 

Good question, I don't know exactly how other customers do it, but technically you can just have another site (empty commerce + serviceapi) in your solution with a publish profile, pretty much like what you have commerce manager and cms/front end publish profiles 

#254334
May 04, 2021 11:57
Vote:
 

We are now running into this problem as well. However, a separate site is not so easy since we are hosting on DXC. (Where a separate site is quite costly too)

Is there any other way to fix this, or is there any clarity on when this will be fixed?

 

#254443
May 06, 2021 11:32
Vote:
 

It has been being discussed on and off for quite some time, but no decision has been made. 

#254444
May 06, 2021 11:46
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.