Magento – How to access REST APIs as guest in Magento 2.1.x

magento-2.1rest

I am building a mobile application for a Magento instance. I can use Token Based Authentication to make the API calls. However I want to enable guest access in my app. The users should be able to browse the categories and products and add to card without signing in, and only need to sign in when they are checking out. Is this possible?

Best Answer

I think you can use the anonymous resource for your api method, like:

<routes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Webapi:etc/webapi.xsd">
    <route url="/V1/path/to/method" method="POST">
        <service class="Vendor\Module\Api\OwnInterface" method="methodName"/>
        <resources>
            <resource ref="anonymous" />
        </resources>
    </route>
</routes>

Because:

Use the token in a Web API request

Any web API call that accesses a resource that requires a permission level higher than anonymous must contain the authentication token in the header To do this, specify a HTTP header in the following format:

Authorization: Bearer

Source: Token-based authentication

You can find example here: magento/module-quote/etc/webapi.xml

Related Solutions

Magento – REST api call for Guest user

Try magento 2 it gives more support to api.it uses rest api and is most suitable for apps

Magento – Restricting access to anonymous web APIs

To disable Anonymous Guest Access Go to

Admin > Menu > Store > Configration > Services > Magento Web API > Web API Security

Allow Anonymous Guest Access set to No

If you Set Allow Anonymous Guest Access set to No, Magento Website will not function properly as some API is used by Magento Checkout Process. You have to disable Guest Checkout.

Check http://devdocs.magento.com/guides/v2.0/rest/anonymous-api-security.html

Best Answer

Related Solutions

Magento – REST api call for Guest user

Magento – Restricting access to anonymous web APIs

Related Topic