Securing the API
Securing our API is already part of the process of creating our module, and is also handled by the configuration. The way Magento restrict access to their API is using ACL.
As we learned earlier, these ACL allows us to set up roles with access to different parts of the API. Now what we have to do is make our new custom functions available to the ACL:
- Open the
api.xml
file. - Add the following code after the
</v2>
node located atapp/code/local/Mdg/Giftregistry/etc/api.xml
:<?xml version="1.0" encoding="UTF-8"?> <acl> <resources> <giftregistry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <sort_order>1</sort_order> <registry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> ...
Get Magento PHP Developer's Guide - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.