Securing the API

Securing our API is already part of the process of creating our module, and is also handled by the configuration. The way Magento restrict access to their API is using ACL.

As we learned earlier, these ACL allows us to set up roles with access to different parts of the API. Now what we have to do is make our new custom functions available to the ACL:

Open the api.xml file.

Add the following code after the </v2> node located at app/code/local/Mdg/Giftregistry/etc/api.xml:

<?xml version="1.0" encoding="UTF-8"?> <acl> <resources> <giftregistry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <sort_order>1</sort_order> <registry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> ...

Get Magento PHP Developer's Guide - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Magento PHP Developer's Guide - Second Edition by Allan MacGregor

Securing the API

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly