How to configure Magento REST and oAuth settings

magento_rest_admin_config ©

(This article is for Magento 1.7.0 and greater . Older Magento versions does not have implemented these features.)

In my last article, I wrote about the REST and oAuth to explain the terms that are used in Magento admin area for Magento REST configuration.
This article will show the steps necessary in order to be able to consume REST services provided by Magento:

  1. Creating oAuth Consumer
  2. Creating and configuring Admin roles
  3. Assigning configured Admin REST Role to admin user
  4. Configuring resource attributes and access permissions

If you didn’t read my previous article about Magento REST and oAuth, I strongly suggest you to do so and then return here again.

Let’s Log-in into our Magento admin dashboard before start.

1. Creating oAuth Consumer

Since Magento REST service is working only with oAuth authentication, we need to create oAuth consumer application first.

Navigate to System->Web Services ->REST oAuth Consumers. OAuth Consumers grid is shown. We can register any number of Consumers in Magento that can be used by various third party oAuth clients to access our Magento resources.

  1. Click on “Add New” button to add new Consumer Application.
  2. On “New Consumer” screen insert some custom name.
  3. Key and Secret fields are disabled, and we just need to copy their values somewhere in text file for later usage (We need them for our oAuth authorization in order to be able to consume REST from Magento).
  4. We can leave the Callback URL and Rejected Callback URL fields empty for now.
  5. Save Consumer app.


2. Creating and configuring Admin roles

Like I mentioned in last article about this topic, we need to create permissions for specific user type in order user to be able to consume our Magento REST service and access necessary resources.
Let’s navigate to System -> Web Services -> REST Roles. REST Roles grid is shown with two user types by default:

  • Customer
  • Guest

Let’s say, for example, that we are going to use the Magento REST service for updating Products and Customers, and we need Admin permissions for that. We don’t want to enable neither Guest or Customer user to be able to do that.
Let’s create new Admin role.

  1. Click on “Add admin Role” button in top right corner. “Add new Role” screen is shown.
  2. In the field “Role name” enter for example “Administrator”.
  3. Click on “Role API resources” tab on the left.
    Role Resources” screen is shown and here we need to check specific permissions that our Administrator user will have on specific resource. Of course, we have an option to select “All”, but be careful with that.
  4. Click on “Save Role” button in top right corner of the screen.



3. Configuring resource attributes and access permissions

Navigate to System->Web Services ->REST attributes.
Here we have grid with three user types listed:

  • Admin
  • Customer
  • Guest
  1. Let’s click on “Admin” in order to configure REST resource attributes that Admin will be allowed to access.
  2. Under “User type resources” screen, select resources that Admin user type can access or select “All“.
  3. Click on “Save” button in the top-right corner.


4. Assigning configured Admin REST Role to existing admin user

Ok, we configured everything to be able to use Magento REST services. Or not?
Hey, we did everything to configure resources for Admin user type, but we didn’t assign any user to this roles.

  1. Navigate to System->Permissions->Users. “Users” grid is shown with list of registered Magento site Administrators
  2. Click on some admin user from list in order to open “Edit user” screen.
  3. There is a tab named “REST role” on the left. Click on it and a list of Admin type roles is shown on the screen.
  4. Click on “Assigned” radio box near that role name.
  5. Save User.
  6. You have successfully assigned the admin user to be able to access REST resources on our Magento.



In some next articles I will describe how to consume REST services from PHP and authenticate using Zend_OAuth_Consumer.

Cheers :-)

Interested in hiring us?

Have a chat with us. You would be surprised how small changes can make your business even more successful.


  1. Hi, i use Magento Community Edition1.9.10,.
    1.How to introduce hosting free 1 year can be used with magento. Please teach me. please .
    2. How to share photos and detail product on the product page to the Line (LINE For Media Operatores) and What app. (WhatsApp :: Home) Wechat (. The new way to connect)
    3. How to share the blog article to the Line (LINE For Media Operatores) and What app. (WhatsApp :: Home) Wechat (http: // www. .The new way to connect /)

  2. Hello All,

    Good Evening,

    I have used the following code for creating the product in magento admin via rest api


    if (!isset($_GET[‘oauth_token’]) && !$_SESSION[‘state’]) {

    $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
    $_SESSION[‘secret’] = $requestToken[‘oauth_token_secret’];
    $_SESSION[‘state’] = 1;
    echo $adminAuthorizationUrl . ‘?oauth_token=’ . $requestToken[‘oauth_token’];
    header(‘Location: ‘ . $adminAuthorizationUrl . ‘?oauth_token=’ . $requestToken[‘oauth_token’]);
    } else if ($_SESSION[‘state’] == 1) {

    $oauthClient->setToken($_GET[‘oauth_token’], $_SESSION[‘secret’]);
    $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
    $_SESSION[‘state’] = 2;
    $_SESSION[‘token’] = $accessToken[‘oauth_token’];
    $_SESSION[‘secret’] = $accessToken[‘oauth_token_secret’];
    header(‘Location: ‘ . $callbackUrl);
    } else {

    $oauthClient->setToken($_SESSION[‘token’], $_SESSION[‘secret’]);
    $resourceUrl = “$apiUrl/products”;
    $oauthClient->fetch($resourceUrl, array(), ‘GET’, array(‘Content-Type’ => ‘application/json’));
    $productsList = json_decode($oauthClient->getLastResponse());
    } catch (OAuthException $e) {

    But it is redirecting to oauth_admin.php with out creating new product in admin

    It is redirecting to

    Please help where i did the mistake

    Awaiting for your reply ,

    Thank you ,

  3. In looking at the Magento documentation, it appears that there are no POST methods written yet for the REST API. We are looking to accept orders from another system via an API so that we don’t have to re-enter them manually. But even when looking at the SOAP API, there doesn’t appear to be any method to create new orders, just perform various updates to them. Am I correct in my interpretation?

  4. hi I got the consumer key but still not able to see mt token key…how do I find it in the admin panel

  5. i want to add the admin user at the time of customer account creation …..

    means i want to make customer as adminuser..

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <blockquote cite=""> <code> <del datetime=""> <em> <strike> <strong>. You may use following syntax for source code: <pre><code>$current = "Inchoo";</code></pre>.