Securing our API is already a part of the process of creating our module and it is also handled by the configuration. The way Magento restricts access to its API is by using ACL.
As we learned before, these ACL allow us to set up roles with access to different parts of the API. Now, what we have to do is make our new custom functions available to the ACL:
Open the
api.xml
file.Add the following code after the
</v2>
node:The file location is
app/code/local/Mdg/Giftregistry/etc/api.xml
.<acl> <resources> <giftregistry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <sort_order>1</sort_order> <registry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <list translate="title" module="mdg_giftregistry"> <title>List Available Registries</title>...