The question:
I was just trying to find information about REST API. There are some examples at Magento resource and some private blogs. All are the same!!
As basic info, I found if I want to update products through REST API I need to use the admin authorization endpoint. (/admin/oauth_authorize) and if I use customer or guest I can just retrieve data.
I tried to create sample code and check and I found when I run code through the browser I need to first login admin and then I need to accept access and then I can use API resources.
I don’t know why it is asking me to login into admin first. And if I just need to log in to access it then how it would work internally between servers.
I tried to create sample code using below blog
and it is working fine and giving a response also.
Actually, I am looking for how it will work internally between two servers and how the client will call REST API to Magento how it would be authenticated and how Magento would return a response.
Looking for advice.
The Solutions:
Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.
Method 1
You can find a good explanation of the Magento REST API here. There is also an example on how to retrieve the products as a logged in customer. I will reproduce it here, to make the answer longer.
<?php
/**
* Example of products list retrieve using Customer account via Magento REST API. OAuth authorization is used
*/
$callbackUrl = "http://yourhost/oauth_customer.php";
$temporaryCredentialsRequestUrl = "http://magentohost/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://magentohost/oauth/authorize';
$accessTokenRequestUrl = 'http://magentohost/oauth/token';
$apiUrl = 'http://magentohost/api/rest';
$consumerKey = 'yourconsumerkey';
$consumerSecret = 'yourconsumersecret';
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/products";
$oauthClient->fetch($resourceUrl);
$productsList = json_decode($oauthClient->getLastResponse());
print_r($productsList);
}
} catch (OAuthException $e) {
print_r($e);
}
Method 2
From the above code, you can token and token secret, just copy it:
...........
echo 'token:---'.$_SESSION['token'].'----secret----'.$_SESSION['secret'];
........
So, you can prepare a code like below to create/edit a product:
<?php
$apiUrl = 'APIURL';
$consumerKey = 'CONSUMERKEY';
$consumerSecret = 'CONSUMERSECRED';
$token = 'TOCKEN';
$tokensecret = 'TOKENSCRET';
try {
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1);
$oauthClient->setToken($token, $tokensecret);
$oauthClient->enableDebug();
$productData = json_encode(array(
'name' => 'TEST PRODUCT',
'price' => 11.11
));
$resourceUrl = "$apiUrl/products/222";
$oauthClient->fetch($resourceUrl, $productData , 'PUT', array('Content-Type' => 'application/json'));
$responseArr = json_decode($oauthClient->getLastResponse());
print_r($responseArr);
} catch (OAuthException $e) {
print_r($e);
}
?>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0