Token-Based Authentication in Magento: Enhance API Security and Efficiency

Welcome to our latest blog post in our exploration of the world of Magento 2 authentication methods. In our previous article, we looked at how to simplify Magento 2 OAuth authentication with the help of Postman. While OAuth-based authentication provides secure access to the Magento API, there’s another method we’d like to discuss: Token-based authentication. In this blog post, we will look at the three types of tokens available in Magento. We will learn when and how to use them effectively.

Integration tokens:

Default Lifetime: Indefinite until manually revoked.

Unlike OAuth-based authentication, which involves multiple entities such as consumer key, consumer secret, access token and access token secret, token-based authentication simplifies the process by requiring only the access token. For instructions on creating integration tokens, see our previous post Setting Up Magento 2 OAuth 1.0 Integration with Postman

Step 1

To set up OAuth access tokens as standalone bearer tokens, follow these steps in your Magento admin panel: navigate to "Stores" → "Configuration" → "Services" → "OAuth" → "Consumer Settings" → "Allow OAuth access tokens to be used as standalone bearer tokens" → "Yes".

Step 1

The access token will now act as a bearer token. You can now seamlessly access the API in Postman.

Step 1
Step 2

Admin access tokens

Default Lifetime: 4 hours

Admin Access Tokens authenticate API requests on behalf of an administrator, granting elevated privileges to perform administrative actions within the Magento admin panel. To obtain an Admin Access Token, please follow the steps below:

Step 1: Make a POST request.

  POST /rest/V1/integration/admin/token

Step 2: Provide Credentials:

ParameterTypeDescription
usernamestringAdmin username
passwordstringAdmin password
Step 1

Step 3: Submit the request. If the credentials provided are valid, Magento will respond with an admin access token.

Step 2

Once obtained, you can use the above access token to retrieve data from the API.

Step 1
Step 2

Customer Access Tokens:

Default Lifetime: 1 hour

Customer Access Tokens authenticate API requests on behalf of a customer, allowing access to customer-specific resources and data. To obtain a Customer Access Token, follow the steps below:

Step 1: Make a POST Request:

  POST /rest/V1/integration/customer/token

Step 2: Provide Credentials:

ParameterTypeDescription
usernamestringCustomer username
passwordstringCustomer password
Step 1

Step 3: Submit the request. If the credentials provided are valid, Magento will respond with a Customer Access Token.

Step 2

Armed with the access token, you can now retrieve data from the API.

Step 1
Step 2

By understanding the nuances of Integration, Admin and Customer tokens, you can harness the power of token-based authentication in Magento and optimise your API interactions.

References:

Leave a Reply

Your email address will not be published. Required fields are marked *