9

I was just trying to find information about REST API. There are some examples at Magento resource and some private blogs. All are the same!!

As basic info, I found if I want to update products through REST API I need to use the admin authorization endpoint. (/admin/oauth_authorize) and if I use customer or guest I can just retrieve data.

I tried to create sample code and check and I found when I run code through the browser I need to first login admin and then I need to accept access and then I can use API resources.

I don't know why it is asking me to login into admin first. And if I just need to log in to access it then how it would work internally between servers.

I tried to create sample code using below blog

http://inchoo.net/ecommerce/magento/consuming-magento-rest-zend_oauth_consumer/comment-page-1/#comment-66775

and it is working fine and giving a response also.

Actually, I am looking for how it will work internally between two servers and how the client will call REST API to Magento how it would be authenticated and how Magento would return a response.

Looking for advice.

Improve this question
1
  • The REST API is meant for OAuth access, i.e. user interaction, so for your case it's probably not the right choice. If you don't want to use the SOAP API, maybe this question+answer helps you: magento.stackexchange.com/questions/510/… Commented Feb 25, 2015 at 12:58

2 Answers 2

Reset to default
6

You can find a good explanation of the Magento REST API here. There is also an example on how to retrieve the products as a logged in customer. I will reproduce it here, to make the answer longer.

<?php
/**
 * Example of products list retrieve using Customer account via Magento REST API. OAuth authorization is used
 */
$callbackUrl = "http://yourhost/oauth_customer.php";
$temporaryCredentialsRequestUrl = "http://magentohost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://magentohost/oauth/authorize';
$accessTokenRequestUrl = 'http://magentohost/oauth/token';
$apiUrl = 'http://magentohost/api/rest';
$consumerKey = 'yourconsumerkey';
$consumerSecret = 'yourconsumersecret';

session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
    $_SESSION['state'] = 0;
}
try {
    $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
    $oauthClient->enableDebug();

    if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
        $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
        $_SESSION['secret'] = $requestToken['oauth_token_secret'];
        $_SESSION['state'] = 1;
        header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
        exit;
    } else if ($_SESSION['state'] == 1) {
        $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
        $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
        $_SESSION['state'] = 2;
        $_SESSION['token'] = $accessToken['oauth_token'];
        $_SESSION['secret'] = $accessToken['oauth_token_secret'];
        header('Location: ' . $callbackUrl);
        exit;
    } else {
        $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
        $resourceUrl = "$apiUrl/products";
        $oauthClient->fetch($resourceUrl);
        $productsList = json_decode($oauthClient->getLastResponse());
        print_r($productsList);
    }
} catch (OAuthException $e) {
    print_r($e);
}
Improve this answer
5
  • I already tested this code. when I am using $adminAuthorizationUrl = 'magentohost/oauth/authorize' it is redirecting me first to customer login and when I am using $adminAuthorizationUrl = 'magentohost/admin/oauth_authorize' it is redirecting me to admin login first and then I need to authenticate it first. how can third party can access this things. means If I am setting one cron from third party to do this job like create new product or update existing one how can it authenticate it. Commented Jan 18, 2014 at 9:30
  • @Marius, do know any solution for the last OP comment to your answer? TO use oAuth and REST without redirecting and logging procces Commented Jan 13, 2015 at 13:37
  • @sergio. Sorry, I don't Commented Jan 13, 2015 at 13:40
  • I'm fairly new to this oAuth business, but as I understand it, the whole point of it is to force an interactive login. A registered website customer or administrator needs to physically authorise the app. If you don't want that, you could try using the "Guest" role which I believe doesn't require the oAuth step (not tried this myself); or use the SOAP/XML-RPC API instead of REST. Commented Jul 15, 2015 at 1:04
  • @DougMcLean or you can implement custom authentication adapter snowcore.net/magento-rest-without-oauth Commented Jan 4, 2017 at 7:41
2

From the above code, you can token and token secret, just copy it:

...........
echo 'token:---'.$_SESSION['token'].'----secret----'.$_SESSION['secret'];
........

So, you can prepare a code like below to create/edit a product:

<?php
$apiUrl = 'APIURL';
$consumerKey = 'CONSUMERKEY';
$consumerSecret = 'CONSUMERSECRED';
$token = 'TOCKEN';
$tokensecret = 'TOKENSCRET';

try {

    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1);
    $oauthClient->setToken($token, $tokensecret);
    $oauthClient->enableDebug();          

    $productData = json_encode(array(           
            'name'              => 'TEST PRODUCT',           
            'price'             => 11.11          
        ));       

    $resourceUrl = "$apiUrl/products/222";
    $oauthClient->fetch($resourceUrl, $productData , 'PUT',  array('Content-Type' => 'application/json'));
    $responseArr = json_decode($oauthClient->getLastResponse());
    print_r($responseArr);

} catch (OAuthException $e) {
    print_r($e);
}

?>
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.