O'Reilly logo

Magento 2 Developer's Guide by Branko Ajzele

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hands-on with session-based authentication

Session-based authentication is the third and most simple type of authentication in Magento. We do not have any complexities of token-passing here. As the customer, we log in to the Magento storefront with our customer credentials. As an admin, we log in to the Magento admin with our admin credentials. Magento uses a cookie named PHPSESSID to track the session where our login state is stored. The Web API framework uses our logged-in session information to verify our identity and authorize access to the requested resource.

Customers can access resources that are configured with anonymous or self-permission in the webapi.xml configuration file, like GET /rest/V1/customers/me.

If we try to open the http://magento2.ce/rest/V1/customers/me ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required