Re: Magento rest API - which type of authenticatio...

aditya_shah · ‎05-13-2018

In Magento [2.2.4] web API when i pass username and password then it generates token for that specific customer (Which is only valid for 1 hour - it's configurable from admin)

http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123

which returns token.

After generating token, when we pass that token in header.

Authorization :: Bearer *Token Value*

http://magento.host/index.php/rest/V1/customers/me

Which returns customer detail's.

In webapi.xml

<route url="/V1/customers/me" method="GET">
        <service class="Magento\Customer\Api\CustomerRepositoryInterface" method="getById"/>
        <resources>
            <resource ref="self"/>
        </resources>
        <data>
            <parameter name="customerId" force="true">%customer_id%</parameter>
        </data>
    </route>

The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.

Now the case is,

Every hour regeneration of token and after that login again every hour
is not logical for Mobile Application.
Then how Magento2 manages user login data and authentication in Mobile application, if it is developed API As per Service Contracts

Sunil Patel · ‎05-13-2018

Hello @aditya_shah

It is for the customer, for admin you can use the same key for all. You need to create integration point for same.

Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer

Magento rest API - which type of authentication it use in mobile application in backend

Magento rest API - which type of authentication it use in mobile application in backend

Re: Magento rest API - which type of authentication it use in mobile application in backend