How to integrate magento REST API with third party?

The question:

I was just trying to find information about REST API. There are some examples at Magento resource and some private blogs. All are the same!!

As basic info, I found if I want to update products through REST API I need to use the admin authorization endpoint. (/admin/oauth_authorize) and if I use customer or guest I can just retrieve data.

I tried to create sample code and check and I found when I run code through the browser I need to first login admin and then I need to accept access and then I can use API resources.

I don’t know why it is asking me to login into admin first. And if I just need to log in to access it then how it would work internally between servers.

I tried to create sample code using below blog

and it is working fine and giving a response also.

Actually, I am looking for how it will work internally between two servers and how the client will call REST API to Magento how it would be authenticated and how Magento would return a response.

Looking for advice.

The Solutions:

Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.

Method 1

You can find a good explanation of the Magento REST API here. There is also an example on how to retrieve the products as a logged in customer. I will reproduce it here, to make the answer longer.

 * Example of products list retrieve using Customer account via Magento REST API. OAuth authorization is used
$callbackUrl = "http://yourhost/oauth_customer.php";
$temporaryCredentialsRequestUrl = "http://magentohost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://magentohost/oauth/authorize';
$accessTokenRequestUrl = 'http://magentohost/oauth/token';
$apiUrl = 'http://magentohost/api/rest';
$consumerKey = 'yourconsumerkey';
$consumerSecret = 'yourconsumersecret';

if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
    $_SESSION['state'] = 0;
try {
    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);

    if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
        $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
        $_SESSION['secret'] = $requestToken['oauth_token_secret'];
        $_SESSION['state'] = 1;
        header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
    } else if ($_SESSION['state'] == 1) {
        $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
        $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
        $_SESSION['state'] = 2;
        $_SESSION['token'] = $accessToken['oauth_token'];
        $_SESSION['secret'] = $accessToken['oauth_token_secret'];
        header('Location: ' . $callbackUrl);
    } else {
        $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
        $resourceUrl = "$apiUrl/products";
        $productsList = json_decode($oauthClient->getLastResponse());
} catch (OAuthException $e) {

Method 2

From the above code, you can token and token secret, just copy it:

echo 'token:---'.$_SESSION['token'].'----secret----'.$_SESSION['secret'];

So, you can prepare a code like below to create/edit a product:

$apiUrl = 'APIURL';
$consumerKey = 'CONSUMERKEY';
$consumerSecret = 'CONSUMERSECRED';
$token = 'TOCKEN';
$tokensecret = 'TOKENSCRET';

try {

    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1);
    $oauthClient->setToken($token, $tokensecret);

    $productData = json_encode(array(           
            'name'              => 'TEST PRODUCT',           
            'price'             => 11.11          

    $resourceUrl = "$apiUrl/products/222";
    $oauthClient->fetch($resourceUrl, $productData , 'PUT',  array('Content-Type' => 'application/json'));
    $responseArr = json_decode($oauthClient->getLastResponse());

} catch (OAuthException $e) {


All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Comment