Magento supports three different types of authentication methods:
- Session-based authentication: Best suited for JavaScript widget applications running as part of the Magento storefront itself. Magento uses the logged-in state of an admin user or customer to verify their identity and authorize access to the requested resource.
- Token-based authentication: Best suited for mobile or other types of applications that wish to avoid the complexities of full-blown OAuth-based authentication. To obtain the token (with REST), one initially uses the POST /V1/integration/customer/token or the POST /V1/integration/admin/token. A successful response returns a random 32-character-long string, for example, 8pcvbwrp97l5m1pvcdnis6e3930n4rsj. This is our token, used for any subsequent API calls, via a header given as Authorization: Bearer <token>. The simplicity behind...