REST and oAuth for Magento Developers

REST functionality has been a part of Magento since version 1.7. Older versions of Magento supported only SOAP and XML-RPC implementations. While you can still take advantage of SOAP and XML-RPC functionality in newer versions of Magento, it is well worth learning how to use REST services in Magento.

Using oAuth and the Magento API

To consume REST services in Magento, you must use oAuth for authentication. To do this,y ou must create an oAuth consumer, and obtain an oAuth token for the service which you would like to consume. Tokens can be found under the System > Web Services section of the Magento admin panel. Using oAuth offers an added degree of security because the user does not need to provide their direct Magento login details to a third party App, and can revoke an app’s rights to access the services at any time.
There are three REST consumers which can access resources under the Magento API, these are:
• Guest – a front-end user who is not logged in
• Customer – a front-end user that is logged in
• Administrator – a user that is logged in to the back end.
Each REST consumer has different roles, and has different capabilities. For example, a customer may be able to create, retrieve, update and delete their own address and manage their orders, while a non-logged in frontend user or programmer would only be able to retrieve product listings and view certain parts of the site.
The REST implementation allows two possible actions on each resource – writing and reading. A guest may only read, a customer has read access to most resources and may have limited write capabilities. Administrators can read and write to any resource.
REST Apps are listed in the REST My Apps section of the admin panel. Users also have a My Apps section on their account page, which allows them to manage oAuth apps that they have authorised to access their accounts.