Calling the M2 REST API from the browser
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth page from above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.
ajax rest-api swagger
add a comment |
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth page from above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.
ajax rest-api swagger
add a comment |
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth page from above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.
ajax rest-api swagger
I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.
It looks like session-based authorization is what I'm after.
I started by grabbing a Javascript swagger client from npm.
Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).
m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});
However, I'm getting a 401. Then I see this note in that same session-based-auth page from above
Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.
So I look in vendor/magento/module-catalog/etc/webapi.xml
<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>
Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?
I'm understand Magento_Catalog::products
refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.
ajax rest-api swagger
ajax rest-api swagger
edited 3 mins ago
quickshiftin
asked 16 mins ago
quickshiftinquickshiftin
871925
871925
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-the-m2-rest-api-from-the-browser%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-the-m2-rest-api-from-the-browser%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown