Eglobe IT Solutions
open

How to access Magento 1.X REST and oAuth settings for REST API

  • How to access Magento 1.X REST and oAuth settings for REST API

    Magento authentication is based on OAuth, an open standard for secure API authentication. It uses a token-passing mechanism that allows users to control which applications have access to their data without revealing their passwords or other credentials. This article helps you to get consumer key, consumer secret, oAuth token, oAuth token secret which are added as Authentication headers for accessing Magento REST API’s.

    How to get consumer key, Consumer secret and configuring Magento REST & oAuth settings for REST API access:


    Terms and Definitions:


    • User - A customer who has an account with Magento and can use the services via the Magento API.
    • Consumer - A third-party application that uses oAuth to access the Magento API. This application must be registered in the Magento system to receive the Consumer Key and Consumer Secret.
    • Consumer KeyA value used by the Consumer to identify itself with Magento.
    • Consumer SecretA secret used by the Consumer to guarantee the ownership of the Consumer Key. This value is not passed in requests.
    • Request TokenA value used by the Consumer to obtain authorization from the User (when needed). The Request Token is exchanged for an Access Token when permission is granted.
    • Access TokenA value used by the Consumer to call Magento APIs on behalf of the User.


    Magento backend (Admin panel) configuration

    Step1: Creating oAuth Consumer

    Step2: Creating and configuring Admin roles

    Step3: Assigning configured Admin REST Role to admin user

    Step4: Configuring resource attributes and access permissions


    Step1: Creating oAuth Consumer

    System-> Web Services-> Rest oAuth Consumers-> Add New-> Enter the consumer information queried and password if probed. Save (Note down the consumer key and consumer secret)

    Sample Response:
    Consumer_key: 1cc517b6cb934b5***************7a596

    Consumer_secret: 2dfbb639a15c235***************47cf4



    Step2: Creating and configuring Admin roles

    System-> Web Services -> Rest Roles->Add Admin-> Enter a Role Name->Select Role API

    Resources from left tab->Set Resource Access to All. Save

     

     



    Step3: Assigning configured Admin REST Role to admin user

    System-> Web Services-> Rest Attributes-> Select Admin-> Set Resource Access to All Save

     



    Step4: Configuring resource attributes and access permissions

    System-> Permissions -> Users -> Select any ADMIN user->Click on REST Role from left

       Tab->Check the Radio Button for the App and save.

     

     

    2.How to get oAuth token and final oAuth token secret using REST client

    The authentication endpoints include the following steps:

    • /oauth/initiate - this endpoint is used for retrieving the Request Token.
    • /admin/oauth_authorize - this endpoint is used for user authorization (Admin).
    • /oauth/token - this endpoint is used for retrieving the Access Token.

    All steps listed below are tested using REST CLIENTS such as MOZILLA REST CLIENT EXTENSION (Recommended), POSTMAN and ADVANCED REST CLIENT



    1. 1.oauth/initiate

     

     

    Method: POST

    URL: http://your-url.com/oauth/initiate?oauth_callback=http://example.com

    Oauth 1.0 headers: Consumer key and secret obtained from step 1.

    Sample Response: oauth_token=ff1469e90aa*****868c8ed4865aa8ecb&oauth_token_secret=d11447b004681*****c86accae032cc4c&oauth_callback_confirmed=true

    The below image shows generating temporary oAuth token and oAuth token secret



      2. admin/oauth_authorize

     

    URL: http://your-url.com/admin/oauth_authorize?oauth_token=oauth_token received from above step

    Running the url in your browser opens Magento admin panel. Login and then authorize the request.

    Once authorized note down the URL in address bar:

    https://yoururl.com/?oauth_token=1419892709e9941*******8d84d7f5bb5&oauth_verifier=613de3bf584d2***8c2dd2af4fb26c0

     

    *oAuth_verifier is the required value.



    3.oauth/token  

     

    Method: POST

    URL: http://your-url.com/oauth/token?oauth_verifier=oauth_verifier from above step.

    oAuth 1.0 headers: consumer key and secret received from backend, token and token secret from step 1.

    Sample Response:
    oauth_token=5aac4eac998*****646c680375f4a724&oauth_token_secret=0256cbbdc79432066*****bd7684d6da4

    (Final permanent token and token secret to be used to access Magento Rest API Resources)

     

    Final Tokens:

    consumer_key: 1cc517b6cb*********7594c7fc5d57a596

    consumer_secret: 2dfbb639*********db9d15bee86e47cf4

    oauth_token: 5aac4eac990c*********c680375f4a724

    oauth_token_secret: 0256cb*********206666e8bd7684d6da4

     

    The above tokens are to be sent as Oauth1.0 Authorization Headers along Oauth_version as 1.0 and randomly generated nonce, timestamp and oauth_signature.

    For example:

    Method: GET

    Url:http://your-url.com/api/rest/products


    Header:

    'content-type':'application/json'

    Auth_headers:

       'Authorization': 'OAuth oauth_signature_method="HMAC-SHA1",

        oauth_nonce="rltCs",

        oauth_timestamp="1533556177",

        oauth_consumer_key="1cc517b6cb****597594c7fc5d57a596",

        oauth_token="24471d629f7ce06ba****527fc5f520b4",

        oauth_version="1.0",

        oauth_signature="G0NsWh0BEeZh****wCY6xESrdfQ%3D"'


    Note: nonce and timestamp are randomly generated unique values.


    Response:

     

  • Post Comments

    Submit Comment




    * Required Fields