Shopware 6 API call error: "The user credentials were incorrect"

Question

we have an issue with API calls. As the subject says, we cannot access the backend API with credentials.

Our customer's production and staging instances run Shopware 6.2.3 and we program plugins for Shopware. So now we want to update the customer's instances to 6.4.x.x. We also have a freshly instaled dev instance (6.4.13.0) which we use for testing our own plugins for SW 6.4.

Now we are facing an issue we cannot explain. We took a copy of the production and updated it from 6.2.3 to 6.4.13.0 which worked without any major issues. But our API call always fail with this error:

{"errors":[{"code":"6","status":"400","title":"The user credentials were incorrect.","detail":null}]}

The credentials are definitely correct, we can use them for logging into the backend.

The same error occurs when we use Curl with the same payload. On our 6.4 dev instance (see above) the Curl command and our plugin both work flawlessly and are able to get an access token.

This is the Curl command we used for testing:

curl --request POST --url https://our-domain.example/api/oauth/token --header 'Authorization: ' --header 'Content-Type: application/json' --data '{"grant_type": "password", "username": "xxxxx", "password": "xxxxxxxx", "client_id": "administration"}'

This is the code our developer wrote; it works perfectly on the 6.4 dev instance:

private function _getToken($domain, $username, $pass)
{
    if ($domain[strlen($domain)-1] !== "/")
    {
        $domain .= "/";
    }
    $endpoint = $domain . "api/oauth/token";
    $config = [];
    if (strpos($endpoint, "https") > -1) {
        $config = ['verify' => false];
    }
    $client = new Client($config);
    $json_encode = json_encode([
        'username' => $username,
        'password' => $pass,
        'grant_type' => 'password',
        "client_id" => "administration",
    ]);
    $response = $client->request('POST', $endpoint, [
        'body' => $json_encode,
        "headers" => ["Content-Type" => "application/json"]
    ]);

    return json_decode($response->getBody())->access_token;

}

To rule out there was a problem with the Shopware update to 6.4, we tested the API call on the untouched production and staging instances and voilà: same error, but with a small difference. It throws an error 401 except 400.

So something is obviously wrong with the 6.2.3 instances.

Any idea what we can check? Is there anything inside the Shopware core or database that prevents API authentication?

Any help is greatly appreciated! Thanks in advance!

Answer 1

Nevermind, we found out what the problem was. Curl had an issue with verifying the (still valid) SSL certificate. So we tried to renew it and Let'sEncrypt failed because the web server was lacking an IPv6 address. So we added it to the virtual host, renewed the certificate and now the API call gives us the token.