I'm trying to run through the oAuth/REST examples on the Magento website and I'm hitting a snag.
I've successfully created a consumer key and a consumer secret, and used these to fetch an authentication token. However, my API request
$resourceUrl = "$apiUrl/products";
$productData = json_encode(array(
'type_id' => 'simple',
'attribute_set_id' => 4,
'sku' => 'simple' . uniqid(),
'weight' => 1,
'status' => 1,
'visibility' => 4,
'name' => 'Simple Product',
'description' => 'Simple Description',
'short_description' => 'Simple Short Description',
'price' => 99.95,
'tax_class_id' => 0,
));
$headers = array('Content-Type' => 'application/json');
$oauthClient->fetch($resourceUrl, $productData, OAUTH_HTTP_METHOD_POST, $headers);
Keeps returning the following error
Invalid auth/bad request (got a 400, expected HTTP/1.1 20X or a redirect)
{"messages":{"error":[{"code":400,"message":"The request data is invalid."}]}}
I've traced the failure to the following point.
#File: app/code/core/Mage/Api2/Model/Resource.php
if ($this->getRequest()->isAssocArrayInRequestBody()) {
$this->_errorIfMethodNotExist('_create');
$filteredData = $this->getFilter()->in($requestData);
if (empty($filteredData)) {
$this->_critical(self::RESOURCE_REQUEST_DATA_INVALID);
}
$newItemLocation = $this->_create($filteredData);
$this->getResponse()->setHeader('Location', $newItemLocation);
}
Specifically, $filteredData is coming back as an empty array. This triggers the _critical method code branch, which results in my seeing the error.
When I dive deeper, it looks like Magento pulls the allowed attributes with the following code
#File: app/code/core/Mage/Api2/Model/Resource/Acl/Filter/Attribute.php
public function getAllowedAttributes($userType, $resourceId, $operation)
{
$select = $this->_getReadAdapter()->select()
->from($this->getMainTable(), 'allowed_attributes')
->where('user_type = ?', $userType)
->where('resource_id = ?', $resourceId)
->where('operation = ?', $operation);
Mage::Log((string) $select);
return $this->getReadConnection()->fetchOne($select);
}
In plain SQL, that's
SELECT `api2_acl_attribute`.`allowed_attributes`
FROM `api2_acl_attribute`
WHERE (user_type = 'admin')
AND (resource_id = 'product') AND (operation = 'write');
When I look at my api2_acl_attribute table, it's empty
What's supposed to populate this table with data? Possibly higher level, what key bit of setup/usage/received-wisdom have I missed?
Best Answer
[EDIT]:
In Magento's REST implementation, we have two logical possible actions on each resource’s attributes :
Each REST resource can have own attributes and depending on api2.xml configuration for specific resource, for each REST role, we can allow read/write operation for each specific attribute.
To make is simpler to understand:
Example:
Customer address is Resource.
Customer address has attributes:
Street City ZIP Country
In Customer Address extension’s api2.xml file could be defined available options depending on user type like this:
This options depending for each role (Administrator, Customer, Guest) will appear in Magento admin area under Attributes configuration screen for specific role and administrator needs to check the attributes and operations (read, write) that he wants to allow on specific resource:
I wrote three articles about REST web services in Magento and I hope that you will find them useful. Also your question is answered in first one:
http://inchoo.net/ecommerce/magento-rest-and-oauth-intro/ http://inchoo.net/ecommerce/magento/configure-magento-rest-and-oauth-settings/