I need to access the Magento API from a local JavaScript based application (Titanium Desktop) and wondering what's the best way to do so.
What I found out so far:
- The only authentication mechanism is OAuth, so the user has to enter their credentials on site
- There is a JavaScript client library: https://code.google.com/p/oauth/source/browse/#svn%2Fcode%2Fjavascript
- For native apps as OAuth clients, the OAuth 2 User Agent Flow is recommended.
- The redirect URL has to point to a local page from where the token has to be extracted or copy&pasted
Questions:
- Is it feasible to exchange the authentication mechanism to something like HMAC based authentication with application key and secret? Are there even proven solutions?
- If not, is the OAuth User Agent Flow possible with Magento? The documentation does not mention it.
- Is it possible to submit the user credentials with AJAX (Cross-Origin-Policy is not an issue here) to hide most of the authorization process from the user? The access token could then possibly be extracted directly from the response.
Best Answer
As mentioned in the comment, the SOAP API is the way to go.
Solution 1:
Suds worked for me with slight modification (Usage of
Titanium.Network.HTTPClient
instead ofXMLHttpRequest
), but it does not much more than creating a SOAP envelope for the call and returning the whole XML response.Proof-of-Concept implementation, using jQuery Deferred for request chaining:
Usage example:
Solution 2:
Turned out that writing an own API adapter can be really easy. With the example of
this core-hack(dead link) I was able to write a clean module for a JSON-RPC adapter based onZend_Json_Server
. It uses the same Authentication and ACL as the SOAP and XML-RPC APIs.To use the entry point
/api/jsonrpc
, the new controller has to be added to theapi
route:My JS client now looks like this (again with JQuery.Deferred, but no additional 3rd party libraries for the API):
Note that all methods after login are routed through
call
. Themethod
parameter is something likesales_order.list
, theargs
parameter an array or object with the method arguments.Usage example: