Session-based authentication is the third and most simple type of authentication in Magento. We do not have any complexities of token-passing here. As the customer, we log in to the Magento storefront with our customer credentials. As an admin, we log in to the Magento admin with our admin credentials. Magento uses a cookie named
PHPSESSID to track the session where our login state is stored. The Web API framework uses our logged-in session information to verify our identity and authorize access to the requested resource.
Customers can access resources that are configured with anonymous or self-permission in the
webapi.xml configuration file, like
If we try to open the