cancel
Showing results for 
Search instead for 
Did you mean: 

Magento rest API - which type of authentication it use in mobile application in backend

Magento rest API - which type of authentication it use in mobile application in backend

In Magento [2.2.4] web API when i pass username and password then it generates token for that specific customer (Which is only valid for 1 hour - it's configurable from admin)

 

http://magento.host/index.php/rest/V1/integration/customer/token?username=test.user@test.com&password=test@123

which returns token.

After generating token, when we pass that token in header.

Authorization :: Bearer *Token Value*

 

http://magento.host/index.php/rest/V1/customers/me

Which returns customer detail's.

In webapi.xml

 

<route url="/V1/customers/me" method="GET">
        <service class="Magento\Customer\Api\CustomerRepositoryInterface" method="getById"/>
        <resources>
            <resource ref="self"/>
        </resources>
        <data>
            <parameter name="customerId" force="true">%customer_id%</parameter>
        </data>
    </route>


The above case i explained is working fine for webAPI in magento2 which i tested in POSTMAN.

 

Now the case is,

Every hour regeneration of token and after that login again every hour
is not logical for Mobile Application.
Then how Magento2 manages user login data and authentication in Mobile application, if it is developed API As per Service Contracts

1 REPLY

Re: Magento rest API - which type of authentication it use in mobile application in backend

Hello @aditya_shah

 

Access Token Expiration

 

 

It is for the customer, for admin you can use the same key for all. You need to create integration point for same.