Page 1 of 1

Mobile app is not allowed to access the user API

Posted: Sun Apr 18, 2021 7:29 pm
by xpuser8334
Hi - I have two 4.6 installations of OrangeHRM I can login in to one of them using the mobile app ok.
the second installation I get the message shown in the subject after I add my username and password.

I have copied this second installation to another database and installed the 4.8version and upgraded the backup database - but - the problem persists.

could anyone help please?
I have also added a new employee and set an account up for the employee to test, but the same problem persists.

Thank You.

Re: Mobile app is not allowed to access the user API

Posted: Fri Apr 23, 2021 12:03 pm
by kavitha
can you share the screenshot of the error message that you are getting? Can you login to the system in mobile browser?

Re: Mobile app is not allowed to access the user API

Posted: Thu Apr 29, 2021 10:56 pm
by erwinmusky
I am having the same problem. OrangeHRM 4.8
Here is the full message in the phone app screen:

"Please Contact System Administrator. (Mobile app is not allowed to access the user API)"

My issue is resolved, please see following link: ... /issues/41

This happens when the mobile app is trying to access APIs but getting 401 Unauthorized response.
Actually by default APIs are enabled, you don't need to do anything.

We are using OAuth2 to authenticate OrangeHRM APIs. So Mobile application sends Authorization HTTP header with grant token to the OrangeHRM web application once you logged in. Here what happened was the header missing the middle of the Mobile application and the OrangeHRM web application. Most probably it's missing from the Apache webserver.
Some reference [1], [2].

You can try adding SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 in to the virtualhost conf, But if you are not the server administrator, better get the recommendation from the system administrator.

If you have more issues reach us via

Re: Mobile app is not allowed to access the user API

Posted: Mon Sep 13, 2021 2:43 pm
by cosniko
I have 4.6 and i still cant connect from mobile.

I put the setinvif in the httpd-ssl and i restarted the server.

I can i access from browser but i cant login from my mobile. A message appears : OrangeHRM system is not accessible.

I copy paste the address in my safari browser on mobile phone and it connects like this. I got a selfsigned certificate on server, i dont know if this takes part.