Skip to content

Instantly share code, notes, and snippets.

@andre-redstage

andre-redstage/magento2_token_based_authentication.md

Last active March 23, 2020 16:22
Show Gist options
  • Save andre-redstage/1518a0da00c4198d42ff327a5190cee3 to your computer and use it in GitHub Desktop.
Save andre-redstage/1518a0da00c4198d42ff327a5190cee3 to your computer and use it in GitHub Desktop.
Download ZIP
Magento 2 Token based authentication example
Raw
magento2_token_based_authentication.md

Magento 2 Token based authentication:

Official docs: http://devdocs.magento.com/guides/v2.2/get-started/authentication/gs-authentication-token.html

Discussion about Magento 2 API authentication: https://community.magento.com/t5/Just-Ask-Alan/Magento-2-OAuth-authentication-and-REST-API-access/td-p/22528

Customer Token

  • Only works for customer related resource

Getting a new token:

curl -X POST "https://example.com/rest/V1/integration/customer/token" -H "Content-Type: application/json" -d '{"username":"customeremail@example.com","password": "customerpassword"}'

which returns a Token like this:

f3q8g1sb1l2n18ifknhbm5ufpa7lm8xg

With this token I'm able to request information about the customer only:

curl -X GET "https://example.com/rest/V1/customers/me" -H "Authorization: Bearer f3q8g1sb1l2n18ifknhbm5ufpa7lm8xg"

Which will return this:

{
   "id":186,
   "group_id":1,
   "created_at":"2017-06-28 16:47:21",
   "updated_at":"2018-02-02 14:20:23",
   "created_in":"Default Store View",
   "email":"asantos@redstage.com",
   "firstname":"Andre",
   "lastname":"Santos",
   "store_id":1,
   "website_id":1,
   "addresses":[
      {
         "id":17699,
         "customer_id":186,
         "region":{
            "region_code":"NJ",
            "region":"New Jersey",
            "region_id":41
         },
         "region_id":41,
         "country_id":"US",
         "street":[
            "Test Street"
         ],
         "company":"Test",
         "telephone":"3434344343",
         "postcode":"07030",
         "city":"Hoboken",
         "firstname":"Andre",
         "lastname":"Santos"
      }
   ],
   "disable_auto_group_change":0,
   "custom_attributes":[
      {
         "attribute_code":"authnetcim_profile_version",
         "value":"100"
      },
      {
         "attribute_code":"customer_type",
         "value":"94"
      }
   ]
}

Admin Token

  • An admin is able to request information of any resources it has permissions set on magento backend.

Getting a new token:

curl -X POST "https://example.com/rest/V1/integration/admin/token" -H "Content-Type: application/json" -d '{"username":"adminusernmae","password": "adminpassword"}'

which returns a token like this:

imq0hyqv996d1bxa6k6cl6770nefhl91

With this token I'm able to request any information of any resources I have permission.

Getting by customer ID

curl -X GET "https://example.com/rest/V1/customers/186" -H "Authorization: Bearer imq0hyqv996d1bxa6k6cl6770nefhl91"

Returns:

{
   "id":186,
   "group_id":1,
   "created_at":"2017-06-28 16:47:21",
   "updated_at":"2018-02-02 14:20:23",
   "created_in":"Default Store View",
   "email":"asantos@redstage.com",
   "firstname":"Andre",
   "lastname":"Santos",
   "store_id":1,
   "website_id":1,
   "addresses":[
      {
         "id":17699,
         "customer_id":186,
         "region":{
            "region_code":"NJ",
            "region":"New Jersey",
            "region_id":41
         },
         "region_id":41,
         "country_id":"US",
         "street":[
            "Test Street"
         ],
         "company":"Test",
         "telephone":"3434344343",
         "postcode":"07030",
         "city":"Hoboken",
         "firstname":"Andre",
         "lastname":"Santos"
      }
   ],
   "disable_auto_group_change":0,
   "custom_attributes":[
      {
         "attribute_code":"authnetcim_profile_version",
         "value":"100"
      },
      {
         "attribute_code":"customer_type",
         "value":"94"
      }
   ]
}

Search by customer email:

curl -g -X GET https://example.com/rest/V1/customers/search?searchCriteria[filter_groups][0][filters][0][field]=email&searchCriteria[filter_groups][0][filters][0][value]=asantos@redstage.com&searchCriteria[filter_groups][0][filters][0][condition_type]=eq -H "Authorization: Bearer imq0hyqv996d1bxa6k6cl6770nefhl91"

Returns:

{
   "items":[
      {
         "id":186,
         "group_id":1,
         "created_at":"2017-06-28 16:47:21",
         "updated_at":"2018-02-02 14:20:23",
         "created_in":"Default Store View",
         "email":"asantos@redstage.com",
         "firstname":"Andre",
         "lastname":"Santos",
         "store_id":1,
         "website_id":1,
         "addresses":[
            {
               "id":17699,
               "customer_id":186,
               "region":{
                  "region_code":"NJ",
                  "region":"New Jersey",
                  "region_id":41
               },
               "region_id":41,
               "country_id":"US",
               "street":[
                  "Test Street"
               ],
               "company":"Test",
               "telephone":"3434344343",
               "postcode":"07030",
               "city":"Hoboken",
               "firstname":"Andre",
               "lastname":"Santos"
            }
         ],
         "disable_auto_group_change":0,
         "custom_attributes":[
            {
               "attribute_code":"authnetcim_profile_version",
               "value":"100"
            },
            {
               "attribute_code":"customer_type",
               "value":"94"
            }
         ]
      }
   ],
   "search_criteria":{
      "filter_groups":[
         {
            "filters":[
               {
                  "field":"email",
                  "value":"asantos@redstage.com",
                  "condition_type":"eq"
               }
            ]
         }
      ]
   },
   "total_count":1
}

You can check the swagger in order to know all the resource URLs you can request. http://devdocs.magento.com/swagger/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment