Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

I managed to make an api call without token. why?

SOLVED
Go to solution
‎01-04-2018 02:56 AM
‎01-04-2018 02:56 AM

I managed to make an api call without token. why?

Hello

 

I just did the following api without needing a token. I am really suprised now. Is it a security issue?

 

curl --request POST \
  --url http://magento.xxxx.com/index.php/rest/V1/customers \
  --header 'content-type: application/json' \
  --data '{"customer" : {"email" : "user3@example.com","firstname" : "John","lastname" : "Doe","storeId" : 1,"websiteId": 1},"password" : "Demo1234"}'

I saw my store and the customer was successfully created!

I tested this code on two places. 1- my computer, 2- a random digital ocean server

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
‎01-04-2018 05:34 AM
‎01-04-2018 05:34 AM

Re: I managed to make an api call without token. why?

Some of the rest API endpoints are available anonymously, including the create account functionality - this mimics the fact that anyone can create a customer account on the frontend of the website. 

 

It's actually one of the examples on this page http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication.html

----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!

View solution in original post

0 Kudos
Reply
2 REPLIES 2
‎01-04-2018 05:34 AM
‎01-04-2018 05:34 AM

Re: I managed to make an api call without token. why?

Some of the rest API endpoints are available anonymously, including the create account functionality - this mimics the fact that anyone can create a customer account on the frontend of the website. 

 

It's actually one of the examples on this page http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication.html

----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!
0 Kudos
Reply
a month ago
a month ago

Re: I managed to make an api call without token. why?

I successfully made an API call without a token, and that highlights the kind of smooth, efficient integration our platform delivers. By connecting directly with your existing systems and AI agents call2.io/ , we enable frictionless communication and seamless data flow — so your tools work together effortlessly, saving time and reducing complexity.

0 Kudos
Reply