23. 4
APIinMagento1
Supported Protocols
● XML-RPC
● SOAP V1
● SOAP V2 since M1.3, WS-I compliant since M1.6
● REST since M1.7 with less business logic then others protocols *
Authentication:
● API user with assigned roles similar to ACL roles
● * 3-legged OAuth 1.0a
Documentation
● http://devdocs.magento.com/guides/m1x/api/soap/introduction.html
● http://devdocs.magento.com/guides/m1x/api/rest-api-index.html
24. 5
APIinMagento2
Supported Protocols
● SOAP
● REST
Authentication:
● OAuth 1.0a 2-legged suggested for third-party applications
● Tokens suggested for mobile applications
● Session based
Documentation
● http://devdocs.magento.com/guides/v2.1/rest/bk-rest.html
● http://devdocs.magento.com/guides/v2.1/soap/bk-soap.html
25. 6
AUTHmagento2
User type
● Administrator or Integration
● Customer
● Guest user
Authorized resources. Example if authorized for the
Magento_Customer::group resource, they can make a GET
/V1/customerGroups/:id call.
Resources with anonymous or self permission.
Resources with anonymous permission.
30. 11
SeSsionbasedauth
Self access enables a user to access resources they own.
For example, GET /V1/customers/me fetches the logged-in customer's
details typically useful for JavaScript-based widgets.
32. 13
BACKWARDSCOMPATIBILITY
&PHPannotations
Backward compatible applies for classes and methods annotated with @api
within MINOR and PATCH updates to our components.
As changes are introduced, methods are annotated with @deprecated and
removed only with the next MAJOR component version.
33. 14
BACKWARDSCOMPATIBILITY
&PHPannotations
Magento uses reflection to automatically create classes and sets data submitted in JSON or HTTP
array syntax onto an instance of the expected PHP class when calling the service method.
Conversely, if an object is returned from one of these methods, Magento automatically converts
that PHP object into a JSON or SOAP object before sending it over the web API.
34. 15
BACKWARDSCOMPATIBILITY
&PHPannotations
All methods exposed by the web API must follow these rules
● Parameters must be defined in the doc block as * @param type $paramName
● Return type must be defined in the doc block as * @return type
● Valid object types include a fully qualified class name or a fully qualified interface name.
● Any parameters or return values of type array can be denoted by following any of the previous types by
an empty set of square brackets []