Magento 2 Token based authentication:
Official docs: http://devdocs.magento.com/guides/v2.2/get-started/authentication/gs-authentication-token.html
Discussion about Magento 2 API authentication: https://community.magento.com/t5/Just-Ask-Alan/Magento-2-OAuth-authentication-and-REST-API-access/td-p/22528
Customer Token
- Only works for customer related resource
Getting a new token:
curl -X POST "https://example.com/rest/V1/integration/customer/token" -H "Content-Type: application/json" -d '{"username":"customeremail@example.com","password": "customerpassword"}'
which returns a Token like this:
f3q8g1sb1l2n18ifknhbm5ufpa7lm8xg
With this token I'm able to request information about the customer only:
curl -X GET "https://example.com/rest/V1/customers/me" -H "Authorization: Bearer f3q8g1sb1l2n18ifknhbm5ufpa7lm8xg"
Which will return this:
{
"id":186,
"group_id":1,
"created_at":"2017-06-28 16:47:21",
"updated_at":"2018-02-02 14:20:23",
"created_in":"Default Store View",
"email":"asantos@redstage.com",
"firstname":"Andre",
"lastname":"Santos",
"store_id":1,
"website_id":1,
"addresses":[
{
"id":17699,
"customer_id":186,
"region":{
"region_code":"NJ",
"region":"New Jersey",
"region_id":41
},
"region_id":41,
"country_id":"US",
"street":[
"Test Street"
],
"company":"Test",
"telephone":"3434344343",
"postcode":"07030",
"city":"Hoboken",
"firstname":"Andre",
"lastname":"Santos"
}
],
"disable_auto_group_change":0,
"custom_attributes":[
{
"attribute_code":"authnetcim_profile_version",
"value":"100"
},
{
"attribute_code":"customer_type",
"value":"94"
}
]
}
Admin Token
- An admin is able to request information of any resources it has permissions set on magento backend.
Getting a new token:
curl -X POST "https://example.com/rest/V1/integration/admin/token" -H "Content-Type: application/json" -d '{"username":"adminusernmae","password": "adminpassword"}'
which returns a token like this:
imq0hyqv996d1bxa6k6cl6770nefhl91
With this token I'm able to request any information of any resources I have permission.
Getting by customer ID
curl -X GET "https://example.com/rest/V1/customers/186" -H "Authorization: Bearer imq0hyqv996d1bxa6k6cl6770nefhl91"
Returns:
{
"id":186,
"group_id":1,
"created_at":"2017-06-28 16:47:21",
"updated_at":"2018-02-02 14:20:23",
"created_in":"Default Store View",
"email":"asantos@redstage.com",
"firstname":"Andre",
"lastname":"Santos",
"store_id":1,
"website_id":1,
"addresses":[
{
"id":17699,
"customer_id":186,
"region":{
"region_code":"NJ",
"region":"New Jersey",
"region_id":41
},
"region_id":41,
"country_id":"US",
"street":[
"Test Street"
],
"company":"Test",
"telephone":"3434344343",
"postcode":"07030",
"city":"Hoboken",
"firstname":"Andre",
"lastname":"Santos"
}
],
"disable_auto_group_change":0,
"custom_attributes":[
{
"attribute_code":"authnetcim_profile_version",
"value":"100"
},
{
"attribute_code":"customer_type",
"value":"94"
}
]
}
Search by customer email:
curl -g -X GET https://example.com/rest/V1/customers/search?searchCriteria[filter_groups][0][filters][0][field]=email&searchCriteria[filter_groups][0][filters][0][value]=asantos@redstage.com&searchCriteria[filter_groups][0][filters][0][condition_type]=eq -H "Authorization: Bearer imq0hyqv996d1bxa6k6cl6770nefhl91"
Returns:
{
"items":[
{
"id":186,
"group_id":1,
"created_at":"2017-06-28 16:47:21",
"updated_at":"2018-02-02 14:20:23",
"created_in":"Default Store View",
"email":"asantos@redstage.com",
"firstname":"Andre",
"lastname":"Santos",
"store_id":1,
"website_id":1,
"addresses":[
{
"id":17699,
"customer_id":186,
"region":{
"region_code":"NJ",
"region":"New Jersey",
"region_id":41
},
"region_id":41,
"country_id":"US",
"street":[
"Test Street"
],
"company":"Test",
"telephone":"3434344343",
"postcode":"07030",
"city":"Hoboken",
"firstname":"Andre",
"lastname":"Santos"
}
],
"disable_auto_group_change":0,
"custom_attributes":[
{
"attribute_code":"authnetcim_profile_version",
"value":"100"
},
{
"attribute_code":"customer_type",
"value":"94"
}
]
}
],
"search_criteria":{
"filter_groups":[
{
"filters":[
{
"field":"email",
"value":"asantos@redstage.com",
"condition_type":"eq"
}
]
}
]
},
"total_count":1
}
You can check the swagger in order to know all the resource URLs you can request. http://devdocs.magento.com/swagger/