The list of resources that we can access depends on our user type and is defined within our module webapi.xml
configuration file.
There are three types of users known to API, listed as follows:
Administrator or integration: Resources for which administrators or integrators are authorized. For example, if administrators are authorized for the
Magento_Cms::page resource
, they can make aPOST /V1/cmsPage
call.Customer: Resources for which customers are authorized. These are the resources with anonymous or self permission.
Guest user: Resources for which guests are authorized. These are the resources with anonymous permission.
Two files play a crucial role toward defining an API: our module acl.xml
and webapi.xml
files.
acl.xml
is where we define our module access control list (ACL). It defines an available set of permissions to access the resources. The acl.xml
files across all Magento modules are consolidated to build an ACL tree that is used to select allowed admin role resources or...