Mobile app development in flutter

I am trying to extend the mobile app for my cs-cart multi vendor and could register users but unable to login with api endpoint /api/users/login. Can anyone help me with actual endpoint or suggest any changes in the config files / other files to get this working. I am getting a Not Found Error on login

1 Like


Take a look at the Tygh\Api\Entities\v40\SraAuthTokens and Tygh\Api\Entities\AuthTokens entities. These endpoints return a token that can be used to authorise any further API requests. Please have a look at Tygh\Api\Request::getAuthFromRequest, Tygh\Api::getUserData to see how further authorisation is handled.

The availability of the API endpoints to customers is managed by the \Tygh\Api\AEntity::privilegesCustomer method.

Hi. We have Multi-Vendor Plus, and we would like to know how to make SRA addon token accessable.


Make sure that the storefront_rest_api unmanaged add-on is installed and enabled. You can check its status in the ?:addons table of the database of your store.

Addon is enabled, when sending get request, response code 401. Bearer token is correct.

As I can see, you are trying to use the ‘Bearer token’ to access the endpoint. However, in SRA it works in a different way. To use tokens in SRA, you need to:

  1. Make the POST request to the /api/auth_tokens endpoint.
  2. Receive the generated token in the response.
  3. Use this token in the username in the Basic authentication with the requests you make to your installation.

I hope it will help you.

So, to receive generated token we should use admin api? Everyone tells it’s not secure practice.

No, I haven’t said that.

You can authorize as a customer if you use the auth_tokens API endpoint.

The email and password should be contained in the body of the POST request, not in its headers. Please take a look at the \Tygh\Api\Entities\AuthTokens::create() method in the app/Tygh/Api/Entities/AuthTokens.php file for the details.

Are you planning to write documentation for Storefront API?

No, I am afraid there are no plans for that. The SRA add-on is designed to be used with our mobile application. Since we can always change the API endpoints in the add-on to match our current state of the mobile application, we stand by our decision not to create public documentation for it.

1 Like