2

Magento 2 Rest API have many default methods. I want to use those method and display data.

For that i have create one new user and assigned full admin access.

Trying to get the product information by SKU using default method: GET /V1/products/:sku which is given here

Now i am running following url:

http://127.0.0.1/M224/index.php/rest/V1/products/240-LV09

When i run this url in browser it

<response>
    <message>Consumer is not authorized to access %resources</message>
         <parameters>
              <resources>Magento_Catalog::products</resources>
          </parameters>
</response>

if i use curl code like this:

   $apiURL="http://127.0.0.1/M224/rest/V1/integration/admin/token";

   //parameters passing with URL

     $data = array("username" => "wuser", "password" => "admin@123");

     $data_string = json_encode($data);

        $ch = curl_init($apiURL);

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");

    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json","Content-Length: ".strlen($data_string)));


         $token = curl_exec($ch);

      //decoding generated token and saving it in a variable

      $token=  json_decode($token); 

   //decoding generated token and saving it in a variable

    $headers = array("Authorization: Bearer ".$token);

//API URL to get all Magento 2 modules

     $requestUrl='http://127.0.0.1/M224/index.php/rest/V1/products/240-LV09';


     $ch = curl_init($requestUrl);
   curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");

 curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

 $result = curl_exec($ch);

             //decoding result

             $result=  json_decode($result);

    //printing result
            echo "<pre>";
   print_r($result);

Which works!

How can i access the default methods and show output? Do i need to curl for this?

For standard practice and MobileAPP output is it good to use CURL to get there?

Is it necessary to write entire token code to get response?

using token it takes time to reponse. Is there any better way?

Any help would be apprecaited.

Chirag Patel
  • 6,126
  • 2
  • 23
  • 65
jack
  • 920
  • 4
  • 15
  • 35
  • @patel please answer. – jack Jun 21 '18 at 13:35
  • Hello Jack, Yes you need to pass Access token for Specific API, But here in your case GET /V1/products/:sku is accessed by admin only, that's why you're facing an error when you don't use admin's token – Aditya Shah Jun 21 '18 at 14:03
  • you can change resource for the solution. – Aditya Shah Jun 21 '18 at 14:03
  • Hey Aditya, Thanks for reply. But don;t you think it will give perfomance hit using token way? Do i need to create my custom api and have anonymous resource along with the same code to give access to guest and customer?

    I want to make sure it doesn't hit performance

     – jack Jun 22 '18 at 04:48
  • no i have a solution and it will not affect security and performance :) – Aditya Shah Jun 22 '18 at 05:00
  • then please answer to help me. – jack Jun 23 '18 at 04:56
  • Hello @jack, If any answer helpful to you or solves your concern then please make right mark, it will help future readers. – Aditya Shah Jun 24 '18 at 19:18

1 Answers1

2

There are two way for this solution -

1) First let's go to the way where you're facing an issue.

  • You created the admin user and give all access but still not abel to fetch the product details.

So,here's is the solution and it's working fine in my Magento Version 2.2.4

I created an Admin User.

enter image description here

  • Now i need to fetch the token for that admin user, so i did it using POSTMAN.

Url request type POST

<host>/rest/V1/integration/admin/token?username=aditya&password=aditya@123

which returns token.

"xcph3thmoaiyt0ylm58lf2dn150qlkfr" something like this.

Now using this token we'll fetch the product by SKU for your URL.

URL request type GET

http://127.0.0.1/M224/index.php/rest/V1/products/240-LV09

Payload - Headers

Authorization Bearer xcph3thmoaiyt0ylm58lf2dn150qlkfr

You need pass token in header, that is authntication process which checks the user access in Magento.

In response you'll get Product data

Solution 2

This path of magento catalog API's

vendor/magento/module-catalog/etc/webapi.xml

To fetch products using SKU.

<route url="/V1/products/:sku" method="GET">
        <service class="Magento\Catalog\Api\ProductRepositoryInterface" method="get"/>
        <resources>
            <resource ref="Magento_Catalog::products" />
        </resources>
    </route>

In here, there's resource defined. it means whichever user have access of "Magento_Catalog::products" Only those user can access this API.

<resource ref="Magento_Catalog::products" />

So, if you want to use this API for other users like customer then you can change the resource to self.

Again it will require of token for the same, We don't compromise the security of course

<route url="/V1/products/:sku" method="GET">
            <service class="Magento\Catalog\Api\ProductRepositoryInterface" method="get"/>
            <resources>
                <resource ref="self" />
            </resources>
        </route>

Now, it means we can access it.

  • Using Admin's Token
  • Using Admin User's Token
  • Using Customer's Token.

Yeah,You need to override this file in your module

/vendor/magento/module-catalog/etc/webapi.xml

and then you can access it from customer's token too.

Let me know if you have any query.

Aditya Shah
  • 7,617
  • 3
  • 39
  • 77
  • https://magento.stackexchange.com/questions/228815/get-all-orders-of-customer-using-customers-token-in-magento-2-api/228968#228968 – Aditya Shah Jun 23 '18 at 06:43
  • Thanks for your reply aditya. I have one question like, i am developing this APIS to given json data for android app so to get the response using rest api I need to use token everytime? for ex: To fetch the product i need to write the admin token code and fetch the response. for category list i need to write the admin token code along with category code and so. so don't you think everytime token generation will delay in response? Or there is some best methodologies? – jack Jun 25 '18 at 04:46
  • No @jack Token is for security purpose and it's essential and every admin token expires in 4 hours and it's configurable from admin side. and you can achieve all this using customer Token too as per solution 2. – Aditya Shah Jun 25 '18 at 04:49
  • Let me know if you have any query. – Aditya Shah Jun 25 '18 at 04:49
  • Yes have one query it means we need to pass token with every response we send and we need to pass the token in to response we get? Also, Do i need to write curl code everytime to get response of all apis? what's use of this? – jack Jun 25 '18 at 04:59
  • Yes you need to pass token for that – Aditya Shah Jun 25 '18 at 05:01
  • get is a method and it's defines in this file Magento\Catalog\Api\ProductRepositoryInterface – Aditya Shah Jun 25 '18 at 05:02
  • go to this file path you will find the method <magento-host>/vendor/magento/module-catalog/Api/ProductRepositoryInterface.php – Aditya Shah Jun 25 '18 at 05:03
  • So now big question coming like i have created admin token at 10:00 Am and saved it in db. now when request from mobile will come they will pass the same token i send to them but after 4 hours means after 3 pm(after 4 hours of token generated) request i will recieve will be failed so how can i maintain this communication and prevent the api response? – jack Jun 25 '18 at 05:14
  • you can ask another question for this because it's a descriptive answer, and i am happy to answer it – Aditya Shah Jun 25 '18 at 05:17
  • Let us continue this discussion in chat. – Aditya Shah Jun 25 '18 at 05:19
  • Hi Aditya, will it be integration type ? – jack Jul 13 '18 at 09:45
  • Sorry, not able to understand your question. – Aditya Shah Jul 13 '18 at 09:46
  • I mean to create mobile app i need to create integration first ? like shown : https://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html#integration-tokens How mobile developer will use this token? – jack Jul 13 '18 at 10:04
  • Okay got you. Here is a solution – Aditya Shah Jul 13 '18 at 10:14
  • https://magento.stackexchange.com/questions/230005/unable-to-get-oauth-verifier-for-magento2-0/230016#230016 – Aditya Shah Jul 13 '18 at 10:14
  • Let me know if you have any query. – Aditya Shah Jul 13 '18 at 10:18
  • Yes, i know that steps to generate the tokens. My question is i need to create the integration or without creating token it will work? Is it necessary to generate the integration? Also, how communication will happen? I mean how mobile developer will make request to magento? and how i need to pass the tokens? – jack Jul 13 '18 at 10:25
  • Yes it is necessary and i think this is your concern, https://magento.stackexchange.com/questions/225636/magento-2-rest-api-how-to-manage-api-authentication-lifecycle-on-mobile-device – Aditya Shah Jul 13 '18 at 10:28
  • Can you answer this ticket: https://magento.stackexchange.com/questions/233485/magento-2-rest-api-get-model-data-in-response – jack Jul 13 '18 at 13:04
  • sure let me try – Aditya Shah Jul 14 '18 at 05:01