I'm trying to create native mobile app for Magento 2 website.
It seems there is rest API in Magento 2 already. However, they don't seem to be designed for mobile app since most of essential APIs are not accessible from normal customer account (e.g. GET /V1/products
requires Magento_Catalog::products
)
I think there are two options to handle this problem.
-
Create admin account that has all permissions required, and use the token for non-anonymous APIs:
This seems simple, but there is potential security issue that malicious user may acquire the admin token and use it. -
Define own API set, and add classes and functions which is safe to be exposed to customer: This needs more work apparently.
I wonder if there's better option that i'm missing.
And, I also wonder what is the purpose of Rest API even when customers cannot use those APIs.
Best Answer
In order to create a rest api there are some certain requirements
If your api method do not met any of the above requirements then rest api will not work .
Now for an example lets create a test module named Webkul_TestApi for better understanding :
create your module composer.json, regitration.php and module.xml files:
Module XML file
Now create TestApiManagementInterface.php file in app/code/Webkul/TestApi/Api/ folder:
the above will define all the api methods you want to expose, all these methods must have doc-block defined with @api, @params and @return else it will not work.
Now create TestApiManagementInterface implementation file in app/code/Webkul/TestApi/Model/Api folder:
the above class is the implementation of the interface as you can see I have only created one method getApiData as it is defined in the interface its return type is \Webkul\TestApi\Api\Data\TestApiInterface class so now we have to create this class and its implementation too .
Now create a model TestApi.php inside app/code/Webkul/TestApi/Model, this is a fake model it is not connected to any table since its is only for testing purpose, I have just defined some setters and getters for some fields.
the above class has getTitle, getDescription and getId so we must expect that API will return these values in the response.
Now create the interface class for the above implementation in app/code/Webkul/TestApi/Api/Data.
Now create a webapi.xml file inside app/code/Webkul/TestApi/etc folder:
the above xml files defines the routes and their permissions, the route tag attributes:
attribute url defines the route for the web service attribute method defines the request type GET,PUT,POST or DELETE Now the service tag attributes:
class attribute is the interface class that defines the api methods. service attribute defines the exposed method now the resource tag defines the access control these can be three level of access:
Admin : for admin level access you need to define admin resource in the resource tag. Customer: for customer level access you need to set self in the resource. Guest: for guest level resources you need to define anonymous in the resource tag. I have defined self so this resource will work for customer level access.
This is the php file that you can create in your project to access the api resource
in the above file I have used token based authentication. Magento2 provides 3 ways to access api resources :
Token based authentication 2: OAUTH based authentication 3: Session Based Authentication
You can learn more about it on magento2 api docs they have defined it very well:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
This is the response, taken snap from postman, you can see the below response is returned all the getters from the TestApi model in json format thats the beauty of magento2 api .
Source - https://webkul.com/blog/magento2-custom-rest-api/