I am trying to extend the mobile app for my cs-cart multi vendor and could register users but unable to login with api endpoint /api/users/login. Can anyone help me with actual endpoint or suggest any changes in the config files / other files to get this working. I am getting a Not Found Error on login
Hello!
Take a look at the Tygh\Api\Entities\v40\SraAuthTokens
and Tygh\Api\Entities\AuthTokens
entities. These endpoints return a token that can be used to authorise any further API requests. Please have a look at Tygh\Api\Request::getAuthFromRequest
, Tygh\Api::getUserData
to see how further authorisation is handled.
The availability of the API endpoints to customers is managed by the \Tygh\Api\AEntity::privilegesCustomer
method.
Hi. We have Multi-Vendor Plus, and we would like to know how to make SRA addon token accessable.
Hi!
Make sure that the storefront_rest_api unmanaged add-on is installed and enabled. You can check its status in the ?:addons
table of the database of your store.
As I can see, you are trying to use the ‘Bearer token’ to access the endpoint. However, in SRA it works in a different way. To use tokens in SRA, you need to:
- Make the POST request to the /api/auth_tokens endpoint.
- Receive the generated token in the response.
- Use this token in the username in the Basic authentication with the requests you make to your installation.
I hope it will help you.
So, to receive generated token we should use admin api? Everyone tells it’s not secure practice.
No, I haven’t said that.
You can authorize as a customer if you use the auth_tokens
API endpoint.
The email
and password
should be contained in the body of the POST request, not in its headers. Please take a look at the \Tygh\Api\Entities\AuthTokens::create()
method in the app/Tygh/Api/Entities/AuthTokens.php file for the details.
Are you planning to write documentation for Storefront API?
No, I am afraid there are no plans for that. The SRA add-on is designed to be used with our mobile application. Since we can always change the API endpoints in the add-on to match our current state of the mobile application, we stand by our decision not to create public documentation for it.