Calling the M2 REST API from the browser












0















I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.



It looks like session-based authorization is what I'm after.



I started by grabbing a Javascript swagger client from npm.



Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).



m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
console.log('Products: ', rsp.body)
});


However, I'm getting a 401. Then I see this note in that same session-based-auth page from above




Customers can access resources that are configured with anonymous or
self permission in the webapi.xml configuration file.




So I look in vendor/magento/module-catalog/etc/webapi.xml



<route url="/V1/products" method="GET">
<service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
<resources>
<resource ref="Magento_Catalog::products" />
</resources>
</route>


Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?



I'm understand Magento_Catalog::products refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.










share|improve this question





























    0















    I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.



    It looks like session-based authorization is what I'm after.



    I started by grabbing a Javascript swagger client from npm.



    Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).



    m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
    console.log('Products: ', rsp.body)
    });


    However, I'm getting a 401. Then I see this note in that same session-based-auth page from above




    Customers can access resources that are configured with anonymous or
    self permission in the webapi.xml configuration file.




    So I look in vendor/magento/module-catalog/etc/webapi.xml



    <route url="/V1/products" method="GET">
    <service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
    <resources>
    <resource ref="Magento_Catalog::products" />
    </resources>
    </route>


    Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?



    I'm understand Magento_Catalog::products refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.










    share|improve this question



























      0












      0








      0








      I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.



      It looks like session-based authorization is what I'm after.



      I started by grabbing a Javascript swagger client from npm.



      Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).



      m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
      console.log('Products: ', rsp.body)
      });


      However, I'm getting a 401. Then I see this note in that same session-based-auth page from above




      Customers can access resources that are configured with anonymous or
      self permission in the webapi.xml configuration file.




      So I look in vendor/magento/module-catalog/etc/webapi.xml



      <route url="/V1/products" method="GET">
      <service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
      <resources>
      <resource ref="Magento_Catalog::products" />
      </resources>
      </route>


      Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?



      I'm understand Magento_Catalog::products refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.










      share|improve this question
















      I'm trying to call REST endpoints from the browser. Initially, I'd like to be able to fetch product information.



      It looks like session-based authorization is what I'm after.



      I started by grabbing a Javascript swagger client from npm.



      Now I'm trying to make a simple call to fetch products (I have but one in my local site currently).



      m2.catalogProductRepositoryV1GetListGet().done((rsp) => {
      console.log('Products: ', rsp.body)
      });


      However, I'm getting a 401. Then I see this note in that same session-based-auth page from above




      Customers can access resources that are configured with anonymous or
      self permission in the webapi.xml configuration file.




      So I look in vendor/magento/module-catalog/etc/webapi.xml



      <route url="/V1/products" method="GET">
      <service class="MagentoCatalogApiProductRepositoryInterface" method="getList"/>
      <resources>
      <resource ref="Magento_Catalog::products" />
      </resources>
      </route>


      Notice no annoymous or self permission here. Now I'm thinking really? Products are not allowed to be consumed by the browser out of the box?



      I'm understand Magento_Catalog::products refers to a Resource Model. I'm now trying to define and ACL, however, I'm unsure how to associate the ACL with public (potentially not-logged in) users.







      ajax rest-api swagger






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 3 mins ago







      quickshiftin

















      asked 16 mins ago









      quickshiftinquickshiftin

      871925




      871925






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "479"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-the-m2-rest-api-from-the-browser%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Magento Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f258211%2fcalling-the-m2-rest-api-from-the-browser%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Magento 2 controller redirect on button click in phtml file

          Polycentropodidae