OMS client cancelOrder unauthorized 401

In the context of a service IO app, when calling the method cancelOrder of the OMS client (io-clients/oms.ts at bbd92cded44645b7fba9512be0b6cc9d0ec8bbca · vtex/io-clients · GitHub), I get back the following error:

23:31:38.302 - info: App running service-node@6.34.3
23:31:41.838 - info: Error: Request failed with status code 401
    at createError (/usr/local/data/service/node_modules/axios/lib/core/createError.js:16:15)
    at settle (/usr/local/data/service/node_modules/axios/lib/core/settle.js:17:12)
    at IncomingMessage.handleStreamEnd (/usr/local/data/service/node_modules/axios/lib/adapters/http.js:260:11)
    at IncomingMessage.emit (events.js:323:22)
    at endReadableNT (_stream_readable.js:1204:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  config: {
    url: '/api/oms/pvt/orders/1161443189014-01/cancel',
    method: 'post',
    data: '{"headers":{"VtexIdclientAutCookie":"REDACTED"},"metric":"oms-cancelOrder","tracing":{"requestSpanNameSuffix":"oms-cancelOrder"}}',
    headers: {
      Accept: 'application/json, text/plain, */*',
      'Content-Type': 'application/json;charset=utf-8',
      'proxy-authorization': 'REDACTED',
      'accept-encoding': 'gzip',
      'user-agent': 'syatt.vtex-to-mach@0.2.1',
      'x-forwarded-host': 'jeremworkspace--syatt.myvtex.com',
      'x-vtex-operation-id': 'd092a0b7-dcae-45ec-8410-b2f29c9973db',
      'x-vtex-segment': 'eyJjYW1wYWlnbnMiOm51bGwsImNoYW5uZWwiOiIxIiwicHJpY2VUYWJsZXMiOm51bGwsInJlZ2lvbklkIjpudWxsLCJ1dG1fY2FtcGFpZ24iOm51bGwsInV0bV9zb3VyY2UiOm51bGwsInV0bWlfY2FtcGFpZ24iOm51bGwsImN1cnJlbmN5Q29kZSI6IlVTRCIsImN1cnJlbmN5U3ltYm9sIjoiJCIsImNvdW50cnlDb2RlIjoiVVNBIiwiY3VsdHVyZUluZm8iOiJlbi1VUyIsImFkbWluX2N1bHR1cmVJbmZvIjoiZW4tVVMiLCJjaGFubmVsUHJpdmFjeSI6InB1YmxpYyJ9',
      'x-vtex-session': 'eyJhbGciOiJFUzI1NiIsImtpZCI6IjRCQTk1Q0ZFQkUwMkZDRDMwQjJDOUI5QzgyRjcyRDJCREE4RTBEM0MiLCJ0eXAiOiJqd3QifQ.eyJhY2NvdW50LmlkIjoiZmM2ZDlhOTYtNTkxNC00MDIzLWJjZjctZGQ2ZGVmNWY0MTQxIiwiaWQiOiI5MTZiNGQ5Zi02ZjI0LTQyZTUtYjE5ZC0yY2M1MDM2ZDAzZTgiLCJ2ZXJzaW9uIjoyLCJzdWIiOiJzZXNzaW9uIiwiYWNjb3VudCI6InNlc3Npb24iLCJleHAiOjE2MzQ3NjAwNTUsImlhdCI6MTYzNDA2ODg1NSwiaXNzIjoidG9rZW4tZW1pdHRlciIsImp0aSI6IjZkMzU2ZDc3LWJjNTktNDAxZC1iNjRmLTc5MDY3NmE0NjU5MyJ9.0i0bDbGD3tksfAqnobGSTJJisDBsgySqZd0ijMjYPJ1DiQWer3oIgwsfNBKidx3lFj1R0K4FORNbafj5H9jJpQ',
      'Content-Length': 973
    },
    params: { an: 'syatt' },
    baseURL: 'http://portal.vtexcommercestable.com.br',
    transformRequest: [ [Function: transformRequest] ],
    transformResponse: [ [Function: transformResponse] ],
    paramsSerializer: [Function: paramsSerializer],
    timeout: 60000,
    adapter: [Function: httpAdapter],
    xsrfCookieName: 'XSRF-TOKEN',
    xsrfHeaderName: 'X-XSRF-TOKEN',
    maxContentLength: -1,
    maxBodyLength: -1,
    maxRedirects: 0,
    httpAgent: Agent {
      _events: [Object: null prototype],
      _eventsCount: 2,
      _maxListeners: undefined,
      defaultPort: 80,
      protocol: 'http:',
      options: [Object],
      requests: {},
      sockets: {},
      freeSockets: [Object],
      keepAliveMsecs: 1000,
      keepAlive: true,
      maxSockets: Infinity,
      maxFreeSockets: 256,
      createSocketCount: 1,
      createSocketCountLastCheck: 0,
      createSocketErrorCount: 0,
      createSocketErrorCountLastCheck: 0,
      closeSocketCount: 0,
      closeSocketCountLastCheck: 0,
      errorSocketCount: 0,
      errorSocketCountLastCheck: 0,
      requestCount: 1,
      requestCountLastCheck: 0,
      timeoutSocketCount: 0,
      timeoutSocketCountLastCheck: 0,
      [Symbol(kCapture)]: false,
      [Symbol(agentkeepalive#currentId)]: 1
    },
    validateStatus: [Function: validateStatus],
    retries: 0,
    tracing: {
      isSampled: false,
      logger: [Logger],
      rootSpan: [Span],
      tracer: [UserLandTracer]
    },
    retryCount: 0
  },
  request: ClientRequest {
    _events: [Object: null prototype] {
      socket: [Function],
      error: [Function: handleRequestError],
      timeout: [Function],
      prefinish: [Function: requestOnPrefinish]
    },
    _eventsCount: 4,
    _maxListeners: undefined,
    outputData: [],
    outputSize: 0,
    writable: true,
    _last: false,
    chunkedEncoding: false,
    shouldKeepAlive: true,
    useChunkedEncodingByDefault: true,
    sendDate: false,
    _removedConnection: false,
    _removedContLen: false,
    _removedTE: false,
    _contentLength: 973,
    _hasBody: true,
    _trailer: '',
    finished: true,
    _headerSent: true,
    socket: Socket {
      connecting: false,
      _hadError: false,
      _parent: null,
      _host: 'portal.vtexcommercestable.com.br',
      _readableState: [ReadableState],
      readable: true,
      _events: [Object: null prototype],
      _eventsCount: 6,
      _maxListeners: undefined,
      _writableState: [WritableState],
      writable: true,
      allowHalfOpen: false,
      _sockname: null,
      _pendingData: null,
      _pendingEncoding: '',
      server: null,
      _server: null,
      timeout: 30000,
      parser: null,
      _httpMessage: null,
      [Symbol(asyncId)]: -1,
      [Symbol(kHandle)]: [TCP],
      [Symbol(lastWriteQueueSize)]: 0,
      [Symbol(timeout)]: Timeout {
        _idleTimeout: 30000,
        _idlePrev: [TimersList],
        _idleNext: [TimersList],
        _idleStart: 4490,
        _onTimeout: [Function: bound ],
        _timerArgs: undefined,
        _repeat: null,
        _destroyed: false,
        [Symbol(refed)]: false,
        [Symbol(asyncId)]: 81,
        [Symbol(triggerId)]: 80
      },
      [Symbol(kBuffer)]: null,
      [Symbol(kBufferCb)]: null,
      [Symbol(kBufferGen)]: null,
      [Symbol(kCapture)]: false,
      [Symbol(kBytesRead)]: 0,
      [Symbol(kBytesWritten)]: 0,
      [Symbol(agentkeepalive#socketCreatedTime)]: 1634070701407,
      [Symbol(agentkeepalive#socketName)]: 'sock[0#portal.vtexcommercestable.com.br:80:]',
      [Symbol(agentkeepalive#socketRequestCount)]: 1,
      [Symbol(agentkeepalive#socketRequestFinishedCount)]: 1
    },
    connection: Socket {
      connecting: false,
      _hadError: false,
      _parent: null,
      _host: 'portal.vtexcommercestable.com.br',
      _readableState: [ReadableState],
      readable: true,
      _events: [Object: null prototype],
      _eventsCount: 6,
      _maxListeners: undefined,
      _writableState: [WritableState],
      writable: true,
      allowHalfOpen: false,
      _sockname: null,
      _pendingData: null,
      _pendingEncoding: '',
      server: null,
      _server: null,
      timeout: 30000,
      parser: null,
      _httpMessage: null,
      [Symbol(asyncId)]: -1,
      [Symbol(kHandle)]: [TCP],
      [Symbol(lastWriteQueueSize)]: 0,
      [Symbol(timeout)]: Timeout {
        _idleTimeout: 30000,
        _idlePrev: [TimersList],
        _idleNext: [TimersList],
        _idleStart: 4490,
        _onTimeout: [Function: bound ],
        _timerArgs: undefined,
        _repeat: null,
        _destroyed: false,
        [Symbol(refed)]: false,
        [Symbol(asyncId)]: 81,
        [Symbol(triggerId)]: 80
      },
      [Symbol(kBuffer)]: null,
      [Symbol(kBufferCb)]: null,
      [Symbol(kBufferGen)]: null,
      [Symbol(kCapture)]: false,
      [Symbol(kBytesRead)]: 0,
      [Symbol(kBytesWritten)]: 0,
      [Symbol(agentkeepalive#socketCreatedTime)]: 1634070701407,
      [Symbol(agentkeepalive#socketName)]: 'sock[0#portal.vtexcommercestable.com.br:80:]',
      [Symbol(agentkeepalive#socketRequestCount)]: 1,
      [Symbol(agentkeepalive#socketRequestFinishedCount)]: 1
    },
    _header: 'POST /api/oms/pvt/orders/1161443189014-01/cancel?an=syatt HTTP/1.1\r\n' +
      'Accept: application/json, text/plain, */*\r\n' +
      'Content-Type: application/json;charset=utf-8\r\n' +
      'proxy-authorization: REDACTED\r\n' +
      'accept-encoding: gzip\r\n' +
      'user-agent: syatt.vtex-to-mach@0.2.1\r\n' +
      'x-forwarded-host: jeremworkspace--syatt.myvtex.com\r\n' +
      'x-vtex-operation-id: d092a0b7-dcae-45ec-8410-b2f29c9973db\r\n' +
      'x-vtex-segment: eyJjYW1wYWlnbnMiOm51bGwsImNoYW5uZWwiOiIxIiwicHJpY2VUYWJsZXMiOm51bGwsInJlZ2lvbklkIjpudWxsLCJ1dG1fY2FtcGFpZ24iOm51bGwsInV0bV9zb3VyY2UiOm51bGwsInV0bWlfY2FtcGFpZ24iOm51bGwsImN1cnJlbmN5Q29kZSI6IlVTRCIsImN1cnJlbmN5U3ltYm9sIjoiJCIsImNvdW50cnlDb2RlIjoiVVNBIiwiY3VsdHVyZUluZm8iOiJlbi1VUyIsImFkbWluX2N1bHR1cmVJbmZvIjoiZW4tVVMiLCJjaGFubmVsUHJpdmFjeSI6InB1YmxpYyJ9\r\n' +
      'x-vtex-session: eyJhbGciOiJFUzI1NiIsImtpZCI6IjRCQTk1Q0ZFQkUwMkZDRDMwQjJDOUI5QzgyRjcyRDJCREE4RTBEM0MiLCJ0eXAiOiJqd3QifQ.eyJhY2NvdW50LmlkIjoiZmM2ZDlhOTYtNTkxNC00MDIzLWJjZjctZGQ2ZGVmNWY0MTQxIiwiaWQiOiI5MTZiNGQ5Zi02ZjI0LTQyZTUtYjE5ZC0yY2M1MDM2ZDAzZTgiLCJ2ZXJzaW9uIjoyLCJzdWIiOiJzZXNzaW9uIiwiYWNjb3VudCI6InNlc3Npb24iLCJleHAiOjE2MzQ3NjAwNTUsImlhdCI6MTYzNDA2ODg1NSwiaXNzIjoidG9rZW4tZW1pdHRlciIsImp0aSI6IjZkMzU2ZDc3LWJjNTktNDAxZC1iNjRmLTc5MDY3NmE0NjU5MyJ9.0i0bDbGD3tksfAqnobGSTJJisDBsgySqZd0ijMjYPJ1DiQWer3oIgwsfNBKidx3lFj1R0K4FORNbafj5H9jJpQ\r\n' +
      'Content-Length: 973\r\n' +
      'Host: portal.vtexcommercestable.com.br\r\n' +
      'Connection: keep-alive\r\n' +
      '\r\n',
    _onPendingData: [Function: noopPendingOutput],
    agent: Agent {
      _events: [Object: null prototype],
      _eventsCount: 2,
      _maxListeners: undefined,
      defaultPort: 80,
      protocol: 'http:',
      options: [Object],
      requests: {},
      sockets: {},
      freeSockets: [Object],
      keepAliveMsecs: 1000,
      keepAlive: true,
      maxSockets: Infinity,
      maxFreeSockets: 256,
      createSocketCount: 1,
      createSocketCountLastCheck: 0,
      createSocketErrorCount: 0,
      createSocketErrorCountLastCheck: 0,
      closeSocketCount: 0,
      closeSocketCountLastCheck: 0,
      errorSocketCount: 0,
      errorSocketCountLastCheck: 0,
      requestCount: 1,
      requestCountLastCheck: 0,
      timeoutSocketCount: 0,
      timeoutSocketCountLastCheck: 0,
      [Symbol(kCapture)]: false,
      [Symbol(agentkeepalive#currentId)]: 1
    },
    socketPath: undefined,
    method: 'POST',
    insecureHTTPParser: undefined,
    path: '/api/oms/pvt/orders/1161443189014-01/cancel?an=syatt',
    _ended: true,
    res: IncomingMessage {
      _readableState: [ReadableState],
      readable: false,
      _events: [Object: null prototype],
      _eventsCount: 3,
      _maxListeners: undefined,
      socket: [Socket],
      connection: [Socket],
      httpVersionMajor: 1,
      httpVersionMinor: 1,
      httpVersion: '1.1',
      complete: true,
      headers: [Object],
      rawHeaders: [Array],
      trailers: {},
      rawTrailers: [],
      aborted: false,
      upgrade: false,
      url: '',
      method: null,
      statusCode: 401,
      statusMessage: 'Unauthorized',
      client: [Socket],
      _consuming: false,
      _dumped: false,
      req: [Circular],
      [Symbol(kCapture)]: false
    },
    aborted: false,
    timeoutCb: null,
    upgradeOrConnect: false,
    parser: null,
    maxHeadersCount: null,
    reusedSocket: false,
    [Symbol(kCapture)]: false,
    [Symbol(kNeedDrain)]: false,
    [Symbol(corked)]: 0,
    [Symbol(kOutHeaders)]: [Object: null prototype] {
      accept: [Array],
      'content-type': [Array],
      'proxy-authorization': [Array],
      'accept-encoding': [Array],
      'user-agent': [Array],
      'x-forwarded-host': [Array],
      'x-vtex-operation-id': [Array],
      'x-vtex-segment': [Array],
      'x-vtex-session': [Array],
      'content-length': [Array],
      host: [Array]
    }
  },
  response: {
    status: 401,
    statusText: 'Unauthorized',
    headers: {
      date: 'Tue, 12 Oct 2021 20:31:41 GMT',
      'content-type': 'application/json; charset=utf-8',
      server: 'VTEX IO',
      'content-length': '74',
      'cache-control': 'no-cache',
      pragma: 'no-cache',
      expires: '-1',
      'set-cookie': [Array],
      'x-vtex-error-code': '1',
      'x-vtex-error-message': 'Acesso%20n%C3%A3o%20autorizado',
      'x-vtex-janus-router-backend-app': 'omsapi-v1.79.2+2546',
      'x-vtex-operation-id': 'd092a0b7-dcae-45ec-8410-b2f29c9973db',
      'x-request-id': '4b33bea2f28c4b19b2cda393131cf497',
      'x-vtex-router-version': '9.11.5',
      'x-vtex-backend-status-code': 'Unauthorized',
      'x-vtex-backend-elapsed-time': '00:00:00.0978548',
      'x-vtex-router-elapsed-time': '00:00:00.1848723',
      'x-vtex-io-cluster-id': 'devs-c'
    },
    config: {
      url: '/api/oms/pvt/orders/1161443189014-01/cancel',
      method: 'post',
      data: '{"headers":{"VtexIdclientAutCookie":"REDACTED"},"metric":"oms-cancelOrder","tracing":{"requestSpanNameSuffix":"oms-cancelOrder"}}',
      headers: [Object],
      params: [Object],
      baseURL: 'http://portal.vtexcommercestable.com.br',
      transformRequest: [Array],
      transformResponse: [Array],
      paramsSerializer: [Function: paramsSerializer],
      timeout: 60000,
      adapter: [Function: httpAdapter],
      xsrfCookieName: 'XSRF-TOKEN',
      xsrfHeaderName: 'X-XSRF-TOKEN',
      maxContentLength: -1,
      maxBodyLength: -1,
      maxRedirects: 0,
      httpAgent: [Agent],
      validateStatus: [Function: validateStatus],
      retries: 0,
      tracing: [Object],
      retryCount: 0
    },
    request: ClientRequest {
      _events: [Object: null prototype],
      _eventsCount: 4,
      _maxListeners: undefined,
      outputData: [],
      outputSize: 0,
      writable: true,
      _last: false,
      chunkedEncoding: false,
      shouldKeepAlive: true,
      useChunkedEncodingByDefault: true,
      sendDate: false,
      _removedConnection: false,
      _removedContLen: false,
      _removedTE: false,
      _contentLength: 973,
      _hasBody: true,
      _trailer: '',
      finished: true,
      _headerSent: true,
      socket: [Socket],
      connection: [Socket],
      _header: 'POST /api/oms/pvt/orders/1161443189014-01/cancel?an=syatt HTTP/1.1\r\n' +
        'Accept: application/json, text/plain, */*\r\n' +
        'Content-Type: application/json;charset=utf-8\r\n' +
        'proxy-authorization: REDACTED\r\n' +
        'accept-encoding: gzip\r\n' +
        'user-agent: syatt.vtex-to-mach@0.2.1\r\n' +
        'x-forwarded-host: jeremworkspace--syatt.myvtex.com\r\n' +
        'x-vtex-operation-id: d092a0b7-dcae-45ec-8410-b2f29c9973db\r\n' +
        'x-vtex-segment: eyJjYW1wYWlnbnMiOm51bGwsImNoYW5uZWwiOiIxIiwicHJpY2VUYWJsZXMiOm51bGwsInJlZ2lvbklkIjpudWxsLCJ1dG1fY2FtcGFpZ24iOm51bGwsInV0bV9zb3VyY2UiOm51bGwsInV0bWlfY2FtcGFpZ24iOm51bGwsImN1cnJlbmN5Q29kZSI6IlVTRCIsImN1cnJlbmN5U3ltYm9sIjoiJCIsImNvdW50cnlDb2RlIjoiVVNBIiwiY3VsdHVyZUluZm8iOiJlbi1VUyIsImFkbWluX2N1bHR1cmVJbmZvIjoiZW4tVVMiLCJjaGFubmVsUHJpdmFjeSI6InB1YmxpYyJ9\r\n' +
        'x-vtex-session: eyJhbGciOiJFUzI1NiIsImtpZCI6IjRCQTk1Q0ZFQkUwMkZDRDMwQjJDOUI5QzgyRjcyRDJCREE4RTBEM0MiLCJ0eXAiOiJqd3QifQ.eyJhY2NvdW50LmlkIjoiZmM2ZDlhOTYtNTkxNC00MDIzLWJjZjctZGQ2ZGVmNWY0MTQxIiwiaWQiOiI5MTZiNGQ5Zi02ZjI0LTQyZTUtYjE5ZC0yY2M1MDM2ZDAzZTgiLCJ2ZXJzaW9uIjoyLCJzdWIiOiJzZXNzaW9uIiwiYWNjb3VudCI6InNlc3Npb24iLCJleHAiOjE2MzQ3NjAwNTUsImlhdCI6MTYzNDA2ODg1NSwiaXNzIjoidG9rZW4tZW1pdHRlciIsImp0aSI6IjZkMzU2ZDc3LWJjNTktNDAxZC1iNjRmLTc5MDY3NmE0NjU5MyJ9.0i0bDbGD3tksfAqnobGSTJJisDBsgySqZd0ijMjYPJ1DiQWer3oIgwsfNBKidx3lFj1R0K4FORNbafj5H9jJpQ\r\n' +
        'Content-Length: 973\r\n' +
        'Host: portal.vtexcommercestable.com.br\r\n' +
        'Connection: keep-alive\r\n' +
        '\r\n',
      _onPendingData: [Function: noopPendingOutput],
      agent: [Agent],
      socketPath: undefined,
      method: 'POST',
      insecureHTTPParser: undefined,
      path: '/api/oms/pvt/orders/1161443189014-01/cancel?an=syatt',
      _ended: true,
      res: [IncomingMessage],
      aborted: false,
      timeoutCb: null,
      upgradeOrConnect: false,
      parser: null,
      maxHeadersCount: null,
      reusedSocket: false,
      [Symbol(kCapture)]: false,
      [Symbol(kNeedDrain)]: false,
      [Symbol(corked)]: 0,
      [Symbol(kOutHeaders)]: [Object: null prototype]
    },
    data: { error: [Object] }
  },
  isAxiosError: true,
  toJSON: [Function: toJSON]
}

Here’s the content of my manifest.json:

{
  "name": "vtex-to-mach",
  "vendor": "syatt",
  "version": "0.2.1",
  "title": "Vtex to Mach",
  "description": "An IO service to export vtex orders to mach",
  "categories": [],
  "dependencies": {},
  "builders": {
    "node": "6.x",
    "docs": "0.x"
  },
  "scripts": {
    "prereleasy": "bash lint.sh"
  },
  "credentialType": "absolute",
  "policies": [
    {
      "name": "AcessaTodosPedidos"
    },
    {
      "name": "ADMIN_DS"
    },
    {
      "name": "OMSViewer"
    },
    {
      "name": "colossus-fire-event"
    },
    {
      "name": "colossus-write-logs"
    },
    {
      "name": "ShippingAction"
    },
    {
      "name": "WorkflowAction"
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "mach.rebellwrap.com",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "api.vtex.com",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "portal.vtexcommercestable.com.br",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "{{account}}.vtexcommercestable.com.br",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "www.ornamentshop.com",
        "path": "*"
      }
    }
  ],
  "$schema": "https://raw.githubusercontent.com/vtex/node-vtex-api/master/gen/manifest.schema",
  "settingsSchema": {
    "title": "Vtex To Mach",
    "type": "object",
    "properties": {
      "machEndpoint": {
        "title": "Mach endpoint",
        "description": "The url given by Mach to communicate with the API (ie. https://mach.rebellwrap.com:8183/machws)",
        "type": "string"
      },
      "machSecurityCode": {
        "title": "Mach security code",
        "description": "The access token given by Mach to communicate with the API (ie. 3176045015)",
        "type": "string"
      },
      "machKeyCode": {
        "title": "Mach key code",
        "description": "Key code to use when exporting an order (ie. OS)",
        "type": "string"
      },
      "xmpieEndpoint": {
        "title": "Xmpie endpoint",
        "description": "The xmpie base url (ie. https://xmp.ornamentshop.com/)",
        "type": "string"
      }
    }
  }
}

It’s worth noting that:

What am I missing? Thanks for any help you can provide :slight_smile:

1 Like

Hey @georgebrindeiro, I sincerely apologize for the ping.

You’ve been very helpful the last time regarding the following post Setup custom IO client with app settings - #3 by georgebrindeiro and I was wondering if you could provide any guidance on the matter. I’ve tried everything I could think of … without success.

1 Like

No worries, @Jeremie! I will dig deeper into this as soon as possible, but while I do that it might be useful for you to take a look at our doc on policies.

When we talk about users or application keys, we usually need go give them permissions to perform certain actions through roles and their resources. The equivalent concept for IO apps, as far as I’m aware, are policies.

Hi, @Jeremie , it looks like George is right.

Besides CancelAction, there is a specific resource called CancelaPedidos, which may be what you’re looking for.