How can we get the customer order history over the rest API with the customer token.
If I'm trying the url
/V1/orders?searchCriteria[filter_groups][0][filters][0][field]=customer_email&searchCriteria[filter_groups][0][filters][0][value]=bob@fett.com&searchCriteria[filter_groups][0][filters][0][condition_type]=like
I'm getting this:
{
"message": "The consumer isn't authorized to access %resources.",
"parameters": {
"resources": "Magento_Sales::actions_view"
},
"trace": "#0 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/module-webapi/Controller/Rest/RequestValidator.php(68): Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/module-webapi/Controller/Rest/InputParamsResolver.php(80): Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(58): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#3 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(138): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callParent('resolve', Array)\n#4 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(153): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->Magento\\Framework\\Interception\\{closure}()\n#5 /var/www/vhosts/store-api.silverwax.ca/httpdocs/generated/code/Magento/Webapi/Controller/Rest/InputParamsResolver/Interceptor.php(26): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callPlugins('resolve', Array, Array)\n#6 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/module-webapi/Controller/Rest/SynchronousRequestProcessor.php(85): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->resolve()\n#7 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/module-webapi/Controller/Rest.php(188): Magento\\Webapi\\Controller\\Rest\\SynchronousRequestProcessor->process(Object(Magento\\Framework\\Webapi\\Rest\\Request\\Proxy))\n#8 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(58): Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#9 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(138): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callParent('dispatch', Array)\n#10 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/Interception/Interceptor.php(153): Magento\\Webapi\\Controller\\Rest\\Interceptor->Magento\\Framework\\Interception\\{closure}(Object(Magento\\Framework\\App\\Request\\Http))\n#11 /var/www/vhosts/store-api.silverwax.ca/httpdocs/generated/code/Magento/Webapi/Controller/Rest/Interceptor.php(26): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#12 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/App/Http.php(136): Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#13 /var/www/vhosts/store-api.silverwax.ca/httpdocs/generated/code/Magento/Framework/App/Http/Interceptor.php(24): Magento\\Framework\\App\\Http->launch()\n#14 /var/www/vhosts/store-api.silverwax.ca/httpdocs/vendor/magento/framework/App/Bootstrap.php(258): Magento\\Framework\\App\\Http\\Interceptor->launch()\n#15 /var/www/vhosts/store-api.silverwax.ca/httpdocs/index.php(39): Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http\\Interceptor))\n#16 {main}"
}
I've tried to the proposal of @aaditya in the question but it's doesn't work.
Best Answer
To extend the rest API endpoint of orders(which is originally customer has no access) in order to access it using customer's token, You have to create a
custom endpoint
as well otherwise the endpoint/V1/orders
will still inaccessible for the customer.Check below example:
And you can use the custom endpoint
/V1/orders/custom
to get orders list of the customer using customer's token.