Mobile app is not allowed to access the user API

Discuss Technical Queries about OrangeHRM
Post Reply
Posts: 5
Joined: Sun Apr 18, 2021 7:25 pm

Mobile app is not allowed to access the user API

Post by xpuser8334 » Sun Apr 18, 2021 7:29 pm

Hi - I have two 4.6 installations of OrangeHRM I can login in to one of them using the mobile app ok.
the second installation I get the message shown in the subject after I add my username and password.

I have copied this second installation to another database and installed the 4.8version and upgraded the backup database - but - the problem persists.

could anyone help please?
I have also added a new employee and set an account up for the employee to test, but the same problem persists.

Thank You.

Posts: 64
Joined: Thu Mar 15, 2018 8:24 am

Re: Mobile app is not allowed to access the user API

Post by kavitha » Fri Apr 23, 2021 12:03 pm

can you share the screenshot of the error message that you are getting? Can you login to the system in mobile browser?
Kavitha G

Posts: 1
Joined: Thu Apr 29, 2021 8:31 pm

Re: Mobile app is not allowed to access the user API

Post by erwinmusky » Thu Apr 29, 2021 10:56 pm

I am having the same problem. OrangeHRM 4.8
Here is the full message in the phone app screen:

"Please Contact System Administrator. (Mobile app is not allowed to access the user API)"

My issue is resolved, please see following link: ... /issues/41

This happens when the mobile app is trying to access APIs but getting 401 Unauthorized response.
Actually by default APIs are enabled, you don't need to do anything.

We are using OAuth2 to authenticate OrangeHRM APIs. So Mobile application sends Authorization HTTP header with grant token to the OrangeHRM web application once you logged in. Here what happened was the header missing the middle of the Mobile application and the OrangeHRM web application. Most probably it's missing from the Apache webserver.
Some reference [1], [2].

You can try adding SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 in to the virtualhost conf, But if you are not the server administrator, better get the recommendation from the system administrator.

If you have more issues reach us via

Post Reply