Magento authentication is based on OAuth, an open standard for secure API authentication. It uses a token-passing mechanism that allows users to control which applications have access to their data without revealing their passwords or other credentials. This article helps you to get consumer key, consumer secret, oAuth token, oAuth token secret which are added as Authentication headers for accessing Magento REST API’s.
A customer who has an account with Magento and can use the services via the Magento API.
A third-party application that uses oAuth to access the Magento API. This application must be registered in the Magento system to receive the Consumer Key and Consumer Secret.
A value used by the Consumer to identify itself with Magento.
A secret used by the Consumer to guarantee the ownership of the Consumer Key. This value is not passed in requests.
A value used by the Consumer to obtain authorization from the User (when needed). The Request Token is exchanged for an Access Token when permission is granted.
A value used by the Consumer to call Magento APIs on behalf of the User.
System-> Web Services-> Rest oAuth Consumers-> Add New-> Enter the consumer information queried and password if probed. Save (Note down the consumer key and consumer secret)
The authentication endpoints include the following steps:
All steps listed below are tested using REST CLIENTS such as MOZILLA REST CLIENT EXTENSION (Recommended), POSTMAN and ADVANCED REST CLIENT
oauth_token=ff1469e90aa*****868c8ed4865aa8ecb& oauth_token_secret=d11447b004681*****c86accae032cc4c& oauth_callback_confirmed=true
The below image shows generating temporary oAuth token and oAuth token secret
URL: http://your-url.com/admin/oauth_authorize?oauth_token=oauth_token received from above step
Running the url in your browser opens Magento admin panel. Login and then authorize the request.
Once authorized note down the URL in address bar:
*oAuth_verifier is the required value.
URL: http://your-url.com/oauth/token?oauth_verifier=oauth_verifier from above step.
(Final permanent token and token secret to be used to access Magento Rest API Resources)
The above tokens are to be sent as Oauth1.0 Authorization Headers along Oauth_version as 1.0 and randomly generated nonce, timestamp and oauth_signature.
'Authorization': 'OAuth oauth_signature_method="HMAC-SHA1",
Note: nonce and timestamp are randomly generated unique values.