Calling M2 REST API from browser for anonymous users
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth doc mentioned above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no anonymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (not-logged in) users.
ajax rest-api swagger
add a comment |
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth doc mentioned above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no anonymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (not-logged in) users.
ajax rest-api swagger
add a comment |
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth doc mentioned above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no anonymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (not-logged in) users.
ajax rest-api swagger
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth doc mentioned above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no anonymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (not-logged in) users.
ajax rest-api swagger
ajax rest-api swagger
edited 10 mins ago
quickshiftin
asked 6 hours ago
quickshiftinquickshiftin
871925
871925
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You can create an API clone from that API:
<route url="/V1/all_products" method="GET">
<service class="{{your calss}}" method="getList"/>
<resources>
<resource ref="annoymous" />
</resources>
After that, call your api and you can get them from anywhere without permission.
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-m2-rest-api-from-browser-for-anonymous-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can create an API clone from that API:
<route url="/V1/all_products" method="GET">
<service class="{{your calss}}" method="getList"/>
<resources>
<resource ref="annoymous" />
</resources>
After that, call your api and you can get them from anywhere without permission.
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
add a comment |
You can create an API clone from that API:
<route url="/V1/all_products" method="GET">
<service class="{{your calss}}" method="getList"/>
<resources>
<resource ref="annoymous" />
</resources>
After that, call your api and you can get them from anywhere without permission.
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
add a comment |
You can create an API clone from that API:
<route url="/V1/all_products" method="GET">
<service class="{{your calss}}" method="getList"/>
<resources>
<resource ref="annoymous" />
</resources>
After that, call your api and you can get them from anywhere without permission.
You can create an API clone from that API:
<route url="/V1/all_products" method="GET">
<service class="{{your calss}}" method="getList"/>
<resources>
<resource ref="annoymous" />
</resources>
After that, call your api and you can get them from anywhere without permission.
answered 3 hours ago
the lightthe light
1
1
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
add a comment |
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
Thanks for your answer! While this might work it is less than ideal for a couple of reasons: 1. LOTS of code duplication, 2. Client library needs to be hacked to change URLs for EVERY endpoint
– quickshiftin
51 mins ago
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-m2-rest-api-from-browser-for-anonymous-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown