I am trying to get the products,customers and orders through REST Api. It's working forapi/rest/products getting product collection. But unable fetch the customers api/rest/customers and orders api/rest/orders collection it shows Access denied – 403
Magento – Rest API Acess denied 403 for customers and orders
customermagento-1.9ordersrest
Related Solutions
I can give you workable example:
System / Web Services / REST Roles
Role info:
Role Name: admin
Password: 123123
Role API resources:
Resources access: All
Role Users:
I have assigned admin user
System / Web Services / REST Attributes / Select {Admin}
Resources access: All
System / Web Services / REST OAuth Consumers
My magento url is http://mg1910.local.dev/
My http://mg1910.local.dev/oauth_admin.php is following:
<?php
/* live server */
$host = 'http://mg1910com.local.dev/';
$consumerKey = '7e14cd85d05456c3e4de9e3c5c5f61e4';
$consumerSecret = 'f8aab713fa50504f0fac99d564ecaf7a';
/* << live server */
$callbackUrl = "http://mg1910com.local.dev/oauth_admin.php";
$temporaryCredentialsRequestUrl = $host . "oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = $host . "admin/oauth_authorize";
$accessTokenRequestUrl = $host . "oauth/token";
$apiUrl = $host . "api/rest";
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/products?limit=3";
//$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/json'));
$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/xml', 'Accept' => '*/*'));
$productsList = json_decode($oauthClient->getLastResponse());
echo "<pre>";
print_r($productsList);
}
} catch (OAuthException $e) {
print_r($e->getMessage());
echo "<br/>";
print_r($e->lastResponse);
}
As you can see my script receive 3 products.
One order can contain multiple products, which are represented as order items in the context of order. With order APIs you cannot get order list with order items in one request. But it can be done as follows:
- Get list of order IDs which you are interested in (e.g. using request provided in the question)
- To get product details use
\Magento\Sales\Api\OrderItemRepositoryInterface::getList($searchCriteria). Via REST it is available asGET <base_url>/V1/orders/items. Iterate through orders from the previous step and for each one get its items, in search criteria specify filter by order ID
Best Answer
Magento REST API. These three access levels are as follows:
Guest: This level has access only to public resources. eg. Retrive products, Retrive categories & Retrive products images
Customer: Customer can be a registered and logged in user. This type of user can have access only to its own resources as well as to public resources.
Admin: Admin can be the store owner. This type has full set of permissions
See more details click here