How to configure Magento REST and oAuth settings

Configuring Magento REST and oAuth settings for REST access • Inchoo

How to configure Magento REST and oAuth settings


(This article is for Magento 1.7.0 and greater . Older Magento versions does not have implemented these features.)

In my last article, I wrote about the REST and oAuth to explain the terms that are used in Magento admin area for Magento REST configuration.

This article will show the steps necessary in order to be able to consume REST services provided by Magento:



  1. Creating oAuth Consumer
  2. Creating and configuring Admin roles
  3. Assigning configured Admin REST Role to admin user
  4. Configuring resource attributes and access permissions


If you didn’t read my previous article about Magento REST and oAuth, I strongly suggest you to do so and then return here again.

Let’s Log-in into our Magento admin dashboard before start.

1. Creating oAuth Consumer

Since Magento REST service is working only with oAuth authentication, we need to create oAuth consumer application first.

Navigate to System->Web Services ->REST oAuth Consumers. OAuth Consumers grid is shown. We can register any number of Consumers in Magento that can be used by various third party oAuth clients to access our Magento resources.

  1. Click on “Add New” button to add new Consumer Application.
  2. On “New Consumer” screen insert some custom name.
  3. Key and Secret fields are disabled, and we just need to copy their values somewhere in text file for later usage (We need them for our oAuth authorization in order to be able to consume REST from Magento).
  4. We can leave the Callback URL and Rejected Callback URL fields empty for now.
  5. Save Consumer app.


2. Creating and configuring Admin roles

Like I mentioned in last article about this topic, we need to create permissions for specific user type in order user to be able to consume our Magento REST service and access necessary resources.

Let’s navigate to System -> Web Services -> REST Roles. REST Roles grid is shown with two user types by default:

  • Customer
  • Guest

Let’s say, for example, that we are going to use the Magento REST service for updating Products and Customers, and we need Admin permissions for that. We don’t want to enable neither Guest or Customer user to be able to do that.

Let’s create new Admin role.

  1. Click on “Add admin Role” button in top right corner. “Add new Role” screen is shown.
  2. In the field “Role name” enter for example “Administrator”.
  3. Click on “Role API resources” tab on the left.

    Role Resources” screen is shown and here we need to check specific permissions that our Administrator user will have on specific resource. Of course, we have an option to select “All”, but be careful with that.

  4. Click on “Save Role” button in top right corner of the screen.



3. Configuring resource attributes and access permissions

Navigate to System->Web Services ->REST attributes.

Here we have grid with three user types listed:


  • Admin
  • Customer
  • Guest


  1. Let’s click on “Admin” in order to configure REST resource attributes that Admin will be allowed to access.
  2. Under “User type resources” screen, select resources that Admin user type can access or select “All“.
  3. Click on “Save” button in the top-right corner.


4. Assigning configured Admin REST Role to existing admin user

Ok, we configured everything to be able to use Magento REST services. Or not?

Hey, we did everything to configure resources for Admin user type, but we didn’t assign any user to this roles.

  1. Navigate to System->Permissions->Users. “Users” grid is shown with list of registered Magento site Administrators
  2. Click on some admin user from list in order to open “Edit user” screen.
  3. There is a tab named “REST role” on the left. Click on it and a list of Admin type roles is shown on the screen.
  4. Click on “Assigned” radio box near that role name.
  5. Save User.
  6. You have successfully assigned the admin user to be able to access REST resources on our Magento.



In some next articles I will describe how to consume REST services from PHP and authenticate using Zend_OAuth_Consumer.

Cheers :-)