The Magento web API framework differentiates three fundamental types of users:
- Guest: Authorized against an anonymous resource:
<resource ref="anonymous" />
- Customer: Authorized against a self resource:
- Integrator: Authorized against a specific resource defined in acl.xml:
<resource ref="Magento_Cms::save"" />
To further understand what this means, we need to understand the link between <VendorName>/<ModuleName>/acl.xml and <VendorName>/<ModuleName>/webapi.xml.
The acl.xml is where we define our access resources. Let's take a closer look at the partial extract of one such resource, defined in the <MAGENTO_DIR>/module-cms/etc/acl.xml file...