Hey guys,
I’ve created a PHP script which has incorporated the Magento REST API example. I’ve managed to get this working fine on my web server it’s just that each time I start a new browser session I am asked to authorize again using my user credentials.
If I’m building a web page with an input so that a customer can quickly check the prices of their products:
Which isn’t ideal as the script will obviously only work once I have logged in. My question is whether it’s possible to store the user credentials within the script so that the script can automatically log into the API? Therefore resulting in anybody being able to access the form webpage and run a query.
Is it possible that I’m just completely misunderstanding API and sessions? These request examples are the only I can find online, however I do understand that if you call the API as a Guest user then the data is returned as XML which seems different as to when calling the API as an Admin user. Surprisingly, it seems impossible to find any detailed information outside the standard Magento REST API introduction guide online.
Thank you for any insight that you can offer. Please see my code below:
Web Page:
[code]<?php
session_start();
?>
<?php if (isset($_SESSION['query_result'])) { echo $_SESSION['query_result']; unset($_SESSION['query_result']); } ?>[/code]
PHP Script:
[code]
<?php /* Get Product SKU from Form */ $product_sku = $_POST['product_sku']; /* Variables */ $callbackURL = "EditedOut"; $temporaryCredentialsRequestURL = "https://ts564737-container.zoeysite.com/oauth/initiate?oauth_callback=" . URLencode($callbackURL); $adminAuthorizationURL = 'https://ts564737-container.zoeysite.com/admin/oauth_authorize'; $accessTokenRequestURL = 'https://ts564737-container.zoeysite.com/oauth/token'; $URL = 'https://ts564737-container.zoeysite.com'; $apiURL = $URL . '/api/rest'; $consumerKey = 'EditedOut'; $consumerSecret = 'EditedOut'; /* Create/Resume Session */ session_start(); if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) { $_SESSION['state'] = 0; } try { /* Variables */ $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI; $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType); $oauthClient->enableDebug(); if (!isset($_GET['oauth_token']) && !$_SESSION['state']) { $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestURL); $_SESSION['secret'] = $requestToken['oauth_token_secret']; $_SESSION['state'] = 1; header('Location: ' . $adminAuthorizationURL . '?oauth_token=' . $requestToken['oauth_token']); } else if ($_SESSION['state'] == 1) { $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']); $accessToken = $oauthClient->getAccessToken($accessTokenRequestURL); $_SESSION['state'] = 2; $_SESSION['token'] = $accessToken['oauth_token']; $_SESSION['secret'] = $accessToken['oauth_token_secret']; header('Location: ' . $callbackURL); } else { $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']); $resourceURL = "$apiURL/products/?order=entity_id&filter[0][attribute]=sku&filter[0][in][0]=" . $product_sku; $oauthClient->fetch($resourceURL, array(), 'GET', array('Content-Type' => 'application/json', 'Accept' => 'application/json')); $productList = json_decode($oauthClient->getLastResponse()); } } catch (OAuthException $e) { echo '';print_r($e);echo ''; } /* Get price of the product SKU */ if ($productList) { foreach ($productList as $product) { $_SESSION['query_result'] = 'Price of ' . $product_sku . ' is £' . round($product->price, 2) . ''; } } else { $_SESSION['query_result'] = 'Product SKU ' . $product_sku . ' does not exist in the database.'; } /* Redirect back to the form page */ header('Location: ' . $callbackURL); ?>[/code]