Any way to disable / not use oAuth on Magento's REST API, when GET/POST/PUT on customers?

Question

I am new to Magento . Is it possible to (temporarily?) disable the requirement for oAuth in Magento and still retrieve customer data. through the REST API?

So basically be able to issue GET, PUT requests over HTTP without using oAuth ?

URL: http://magento/api/rest/customers?limit=2

I am getting Access denied(403) error.

Note: I am able to read products.

Answer 1

Please try this one.may b it works.

go to Magento admin panel,System->Webservices->REST Attributes->Select User type customer and select resource access as ALL and save. and check now: http://magento/api/rest/customers?limit=2

Answer 2

You can go to app/code/core/Mage/Api2/Model/Auth.php and change const DEFAULT_USER_TYPE = 'guest' to const DEFAULT_USER_TYPE = 'admin' and go to app/code/core/Mage/Api2/Model/Auth/Adapter.php and change return (object) array('type' => Mage_Api2_Model_Auth::DEFAULT_USER_TYPE, 'id' => null) to return (object) array('type' => Mage_Api2_Model_Auth::DEFAULT_USER_TYPE, 'id' => 1) .

This will set default consumer to Admin and you will be able to access all API with admin privileges. You can also change it to 'customer' and provide any customer id in Adapter.php.

Answer 3

You would need to give guest access to customer resources.

Havent tried it yet, but i would suggest you extend the module

• copy mage/customer with etc/api2 and model/api2/customer/rest/ to local modules so you dont modify core data.

• then modify etc/api2 so you have access from guest calls and add attribute permissions as well

• add the required model on api2/customer/rest so that guest may process callbacks, im guessin that just copying the admin, rename to guest and rename class name in v1 should do the trick.

Answer 4

Instead of oAuth you can implement your own authentication adapter for REST API in Magento. You can find more details in this article .