Hello Magento Friends,

In today’s blog, we will learn about, How to Secure API Endpoints with Custom ACL Resources in Magento 2.

What are ACL Resources in Magento 2?

Access Control Lists (ACLs) in Magento 2 are used to define permissions for different roles within the system. These roles can then be assigned to users, restricting or granting access to various functionalities based on the defined permissions. By creating custom ACL resources, you can fine-tune the security of your API endpoints, ensuring only authorized users have access.

Learn – How to Implement ACL in Magento 2 Extensions

Steps to Secure API Endpoints with Custom ACL Resources in Magento 2:

Step 1: First, we need to create a webapi.xml file inside our extension at the following path

app\code\Vendor\Extension\etc\webapi.xml

Now add the code as follows

Step 2: Now, we need to create an acl.xml file inside our extension at the following path

app\code\Vendor\Extension\etc\acl.xml

Then add the following code

Step 3: Now, we need to create a di.xml file inside our extension at the following path

app\code\Vendor\Extension\etc\di.xml

Then include below-mentioned code

Step 4: Now, we need to create a ProductUpdateInterface.php file inside our extension at the following path

app/code/Vendor/Extension/Api/ProductUpdateInterface.php

And then add the following code

Step 5: Now, we need to create a ProductUpdateApi.php file inside our extension at the following path

app/code/Vendor/Extension/Model/Api/ProductUpdateApi.php

After that, add the below piece of code

Assign Api Resource 

Assign API Resource

How to Execute the Product Quantity Update API?

Step 1: Generate Admin Authorization Token

To interact with the Magento 2 API, you first need to generate an admin authorization token. This token is used to authenticate your requests.

API Type: POST

URL: {{Base_url}}/rest/all/V1/integration/admin/token

Parameters:

Response: “authorization_token”

Step 2: Execute Product Quantity Update API

Use the authorization token obtained in Step 1 to call the Product Quantity Update API.

API Type: POST

Headers:

Authorization: Bearer authorization_token

URL: {{Base_url}}/rest/V1/vender-extension/updateproductquantity

Parameters:

Response:

Note: You need to pass the admin authorization token in the API header to execute this API. If the authorization token is valid, it will return a success response.

Conclusion:

Securing your Magento 2 API endpoints with custom ACL resources ensures that only authorized users can access sensitive data. By following the steps outlined in this blog, you can create, configure, and assign custom ACL resources to protect your API endpoints effectively.

Implementing these measures not only enhances security but also helps in maintaining a robust and secure eCommerce platform. Remember, a secure platform builds trust with your customers, ultimately leading to a successful online business.

Happy Coding!

Click to rate this post!
[Total: 0 Average: 0]