Get order list from Shopware 5 via API

Question

I'm in the process of building a small (python) tool to retrieve orders from my SW5 store via API.

For this, I combined the username and the API key into a string (separated by ":") and then converted the whole thing as a bytestring. This bytestring was then base64 "encoded" and specified as a header as follows:

`

def get_order_shopware5():
    
    header = {"Authorization": "Basic NjE2NDZkNjk2ZTNhNTM2ZTY1NzA0OTZlNmI2YzRhNjQ2YzY0NTA1MTM1Mzg0NjdhN2E0ODRlMzk3OTZiNGU2NDZlNzA2ODM1Nzk2YzU0NWEzODM2NjQ1MDZkNTM"}
    print(header)
    
    res = requests.get("https://shopname.de/api/orders", headers=header)
    
    print(res.content)

` But when I call the function, I always get a "b'{"success":false, "message": "Invalid or missing auth"}'" as a response.

When I manually access www.shopname.de/api/orders via the browser and enter the credentials, everything works fine. So I'm assuming that there's something hanging on the synthax or the credential conversion. But I can't figure out what exactly.

I am grateful for any hints!

Greetz, Lama

P.S.: I've tried multiple versions of the header synthax as well as different ways of converting the original string to a bytestring (with/without whitespaces, with/without using full bytes). But nothing worked so far.

Answer 1

If anyone is interested:

The first thing is an error in the URL -> "https://shopname.de/api/orders/" instead of "https://shopname.de/api/orders". The devil is in the detail :D.

The second thing is a slight confusion by the Shopware documentation. It says:

1. Combine user and key in a string - separated by ":".
2. Convert this to an octet (byte) string
3. Convert the resulting string to a base64 string and prepend "Basic ".
4. Create a header like this -> Authorization : Basic [KEY_VALUE]

3/4 are correct. If you skip step 2 everything works fine.

Greetz