Magento API: Customer Authentication

Apr 27, 2009
16 Comments
« Prev
» Next

After managing a Magento store for a few months I quickly realized that while it does have a CMS module – it is no CMS solution. The existing CMS module in Magento only allows for basic page creation, has no menu management, it’s difficult to integrate a wysiwyg editor and it just makes managing content a royal pain. While that may be sufficient for a store with only a few content pages, if you need to build out your content or want to implement any social functionality it becomes clear that Magento is only a store and shouldn’t handle your content. Even Varien has made it clear that they are focusing on the store and they're are not going to try and make Magento fit every need out there. However, Verian is focusing on the API and they already have a broad range of API methods to suit many needs.

One thing I love about Magento is that it is built for expandability. If some functionality is missing out of the box, you can build a custom module to twist the system to your whim. What’s missing in the API? Customer authentication. I’ve just begun looking at integrating Drupal with an existing Megento install where I want to use the existing store’s user base. The first step to a single-sign-on solution is to have a user login via Drupal using the Magento customer’s username and password, then upon successful login to also be logged into the store as well.

After a little experimentation with creating a custom module with the API functions that I want, I came up with the following model which allows a customer to login from an external source. This can authenticate against the store's user base and set the session authentication for the store so when the customer lands on a store page, they are already logged in.

The key to make it work is to pass a frontend session id to the api.

http://www.host.com/store/api/xmlrpc?SID=xdfs48a79x548b1531ab6c96632

class Namespace_Module_Model_Customer_Api extends Mage_Api_Model_Resource_Abstract
{
    /**
     * Customer Session
     *
     * @var Mage_Customer_Model_Session
     */
    private $_session;
 
    public function __construct() 
    {
        // Change to the default store so we 
        // can grab the frontend user session
        Mage::app()->setCurrentStore('default');
 
        // Get the customer session
        $this->_session = Mage::getSingleton('customer/session');  
    }
 
    /**
     * Login Customer
     *
     * @param string $email 
     * @param string $password
     * @return boolean
     */
    public function login($email, $password)
    {
        return $this->_session->login($email, $password);
    }
 
    /**
     * Logout Customer
     *
     * @return void
     */
    public function logout()
    {
        $this->_session->logout();
        return;
    }
 
    /**
     * Check if customer is logged in
     *
     * @return boolean
     */
    public function isLoggedIn()
    {
        return $this->_session->isLoggedIn();
    }
 
    public function __destruct()
    {
        // Change back to the admin store in case 
        // there is any clean up done on postDispatch
        Mage::app()->setCurrentStore('admin');  
    }
 
}

In reality it is a basic model, but it can handle my basic authentication needs. The catches are that you need to pass the frontend session id to the API via the SID variable on the URL. You can grab this from the cookie variable and if one doesn't exist, create one. Also, in the model you must switch to the default store since the API controller runs on the admin store. I do this in the constructor and I'm sure it could be setup to handle multiple stores but my needs are simple right now.

I've omitted the module configuration files, but if you need help getting setup you can check out the api documentation. ~~The next step is to implement a module in Drupal to utilize the API functions~~ (done, can post details if needed). And lastly to set a session for Drupal when a user logs in via Magento.

100</ code> <message>Invalid customer data. Details in error message.</message> </data_invalid> <filters_invalid> <code>101</ code> <message>Invalid filters specified. Details in error message.</message> </filters_invalid> <not_exists> <code>102</ code> <message>Customer doesn't exist.</message> </not_exists> <not_deleted> <code>103</ code> <message>Customer was not deleted. Details in error message.</message> </not_deleted> </faults> </customer> </resources> <acl> <resources> <all> <customer translate="title" module="customer"> <title>Customer Resource</title> <methods> <login translate="title" module="customer"> <title>Login customers</title> </login> <logout translate="title" module="customer"> <title>logout customer</title> </logout> <isLoggedIn translate="title" module="customer"> <title>Is customer logged in ?</title> </isLoggedIn> </methods> </customer> </all> </resources> </acl> </api> </config>

<?xml version="1.0"?> <config> <api> <resources> <namespace_customer translate="title" module="namespace_customer"> <model>modelname/customer_api</model> <title>External Customer Login Api</title> <acl>namespacemodule</acl> <methods> <login translate="title" module="namespace_customer"> <title>Authenticate customer</title> </login> <logout translate="title" module="namespace_customer"> <title>Logout customer</title> </logout> <isloggedin translate="title" module="namespace_customer"> <title>Check Customer Login Status</title> </isloggedin> <test translate="title" module="namespace_customer"> <title>Test API Status</title> </test> </methods> </namespace_customer> </resources> <acl> <resources> <namespacemodule translate="title" module="customer"> <title>Customers - Sessions</title> <sort_order>4</sort_order> <login translate="title" module="namespace_customer"> <title>Login</title> </login> <logout translate="title" module="namespace_customer"> <title>Logout</title> </logout> <isloggedin translate="title" module="namespace_customer"> <title>Check Status</title> </isloggedin> <test translate="title" module="namespace_customer"> <title>Test</title> </test> </namespacemodule> </resources> </acl> </api> </config>

Post new comment

16 Comments

Anonymous

May 06, 2009
8:47 PM

Hi, I'm a n00b, but very interested in this post. Can you specify where exactly to place this code in order to extend the "Mage_Api_Model_Resource_Abstract" class...

Todd Wolaver

May 08, 2009
8:44 PM

This is intended to be part of a local module in the src/app/code/local directory. So the full path of the file above would be:

/src/app/code/local/Namespace/Module/Model/Customer/Api.php

You can check out the documentation on how to put together a custom module and all the files that have to be included. I'll be posting more on this topic in the near future.

swidnikk

May 27, 2009
8:39 AM

Nice post. I'm working on something similar but for admin users. I don't quite understand how what you do with the session id? Are you handling this in your module's front conroller? Can you elaborate a little? Thanks.

May 31, 2009
9:40 AM

Magento uses a session name of "frontend" for the frontend customer authentication. When in Drupal I check for the existence of that session ID. If there is none I set a cookie by the name of "frontend" and create my own session id. Then you pass that session id to the Magento API. Since your Drupal module is accessing the Magento API, not the browser – Magento doesn't know what session to check it's authentication against unless you tell it by passing the session id in the url. You don't need to worry about handling the session id on the Magento side since the Magento Core handles that.

As far as using this to work with Magento admins, I believe that Magento uses a session name of "adminhtml" to store it's authentication for admins.

captain

Jun 15, 2009
8:01 AM

Don't you need a api.xml file to make this work ? It doesn't work for me and I suspect it's because the api.xml file is missing. If you have it, can you post it in this article ?

Jun 15, 2009
9:49 AM

I tried to do the api.xml myself but it doesn't work : What's wrong ? Customer Resource customer Login customers customer/login logout customer customer/logout Is customer logged in ? customer/isLoggedIn

Jun 16, 2009
10:15 AM

@captian : you do need the api.xml config file in your module's config directory. This is what I am using for my api.xml file... As a note, getting all your configuration files setup correctly is probably one of the most confusing aspects of magento. You need to make sure that you have your namespacing set along with the correct paths to any models you have setup in your config.xml

Jun 17, 2009
3:15 AM

Thanks for you help, but I'm still having problems. Depending of what I put into myconfig.xml I get two kinds of error : <?xml version="1.0"?> 0.1.0 Namespace_Module_Model_Customer_Api With this config.xml file, the Mage API for Customer doesn't work : I suppose there is a conflict because of the name Customer in your class. When I try to solve the problem with this config.xml file : <?xml version="1.0"?> 0.1.0 Namespace_Module_Model_Customer_Api I get this error message : Fatal error: Uncaught SoapFault exception: [4] Resource path is not callable. Can you please show me your config file? I can't find the error in mine.

Jun 17, 2009
9:07 AM

Great post! Any thoughts on how this could be extended to handle multiple stores?

Yogesh

Aug 08, 2009
1:56 PM

I got the code but can any body will explain where i need to apply this code

Aug 10, 2009
7:26 AM

i want to put login controls on my website load instead of homepage after login customer can see the products available for the site, i want my website as fully password protected, means without login nobody can see any content or products of website. so please if anybody can have any idea or readymade controls please post it i am really stuck from last few days, I also applied post of Todd Wolaver in my site but it was not helpfull can any bosy will help me, help will be appreciated Thanks Yogi

Sep 19, 2012
12:25 AM

Leg Lengthening Leg lengthening exercise will be the preferred method to improve height for people who possess a longer torso but no heel lifts. Because most height increasing applications these days concentrate on spine lengthening, guys who've a longer upper physique often times do not use the plan.Exercises that lengthen and strengthen your legs are also essential for those who are well-proportioned simply because if you fail to attend to this important detail of one's physique you might miss out on the full advantages you will get from working out to develop taller.The best Workout Exercises To Lengthen Your Legs Jumping Rope. This really is the simplest exercise you are able to do daily to improve your height. Try performing this exercise by jumping with each legs at the exact same instance to create it much more effective. When you do that five minutes daily you will surely improve the length of your shin bones.Swimming. You will get a lot of advantages from swimming apart from creating your lungs and stamina stronger you'll also get a bolster inside your height improve by stretching the entire length of one's body and not only your spinal column. The very best stroke which will help you in your objective will be the breast stroke. The kicking action focuses on your legs and stretches out your arms while floating in water.Set out to get a bike ride. Go out and ride your bike at least 3 to 4 times every week. Using your bicycle for 15 minutes every other day is a terrific way to stretch out your legs. You might wish to elevate your seat a couple of inches higher than you are relaxed with. This may require you as well as your legs to stretch out during the ride but I suggest you get your initial practice at a gradual pace so you'll get used to a higher seat.Leg lengthening exercises are crucial to increase your height. You need to make every attempt to lengthen your legs. These workouts are the finest workouts you are able to effortlessly do daily and it is the safest and most naturally method to so begin growing your height.

Sep 24, 2012
9:39 AM

Leg lengthening exercise will be the preferred method to increase height for individuals who possess a longer torso but no shoe lifts. Because most height growing applications today focus on spine lengthening, guys who've a longer upper body frequently times don't use the program.Exercises that lengthen and strengthen your legs are also essential for those who're well-proportioned simply because in the event you fail to attend to this essential detail of one's body you may miss out on the complete advantages you'll get from working out to grow taller.The very best Workout Workouts To Lengthen Your Legs Jumping Rope. This really is the simplest physical exercise you are able to do daily to improve your height. Attempt performing this exercise by jumping with each legs at the same instance to create it much more efficient. Whenever you do this 5 minutes everyday you will surely improve the length of one's shin bones.Swimming. You'll get a great deal of benefits from swimming aside from making your lungs and stamina stronger you'll also get a bolster in your height improve by stretching the entire length of your physique and not just your spinal column. The very best stroke which will help you inside your goal is the breast stroke. The kicking action focuses in your legs and stretches out your arms while floating in water.Set out to get a bike ride. Go out and ride your bike at least 3 to 4 occasions every week. Utilizing your bicycle for 15 minutes each other day is really a terrific way to stretch out your legs. You might wish to elevate your seat a couple of inches higher than you are relaxed with. This will require you as well as your legs to stretch out during the ride but I recommend you get your initial practice at a gradual pace so you will get used to a greater seat.Leg lengthening workouts are crucial to increase your height. You need to make every try to lengthen your legs. These workouts are the finest workouts you are able to effortlessly do daily and it is the safest and most naturally method to so begin increasing your height.

Jan 29, 2013
3:47 AM

Można w ten wyjście zaciągnąć Chwilowka dług nawet o żonę tańszy, niż w schematycznym banku, natomiast potężna także samemu pożyczyć flota na opcjonalny kropka nad i, kto acz należy internautom zademonstrować, oni bo w polską uciecha to znaczy potrzebę po prostu inwestując, pragnąc zysku. Pieniądze w ten procedura skaptowane są tak bywa nieoprocentowane zaś pożyczane są indywidualnie na posadzie zaufania. Niestety nie zawsze jesteśmy w stanie znaleźć figurę wyczekującą wydzierżawić nam siano spośród rozlicznych względów. Trudno jest użyczyć wysoką liczbę pieniędzy odkąd rodziny oznacza to przyjaciół. Drugim, najpopularniejszym fortelem istnieje wyrzyganie się spośród prośbą o zobowiązanie czy też pożyczkę aż do banku. Należy w tym miejscu jednak dostrzec różnicę te para pojęcia. Kredyt zdoła stanowić udostępniany dopiero co za pomocą bank zaś ledwo na z mas stwierdzony zwieńczenie. Pożyczka prawdopodobnie istnieć udostępniona z wykorzystaniem każdą figurę namacalną również wszelką firmą na nieusystematyzowany meta. Pożyczka dodatkowo zadłużenie mogą znajdować się tedy udostępnione przez bank, natomiast inne jednostek i jednostek zdołają natychmiast udostępnić lecz wciąż pożyczki. Jeśli zwracamy się do banku o zobowiązanie musimy się krzepnąć z wielkimi nastręczaniami. Po główne musimy okrasić swoje zarobki. Bank potrzebuje zawżdy potwierdzenia o zarobkach lub innego dowodu potwierdzającego osiągane dochody.

Jan 30, 2013
2:33 AM

Na eudajmonia, chwilowka ponad każdym pilnuje komplet naczyń stołowych internetowy, jaki dogląda o przyzwoite dryg współpracy pomiędzy stronicami. Pieniądze dlatego że kuszą, szczególnie w Necie, gdzie publikuje nam się, iż jesteśmy bezimienni. Obycie się bez debetu czy wierzytelności jest w przytomnych porach nader dojmujące. Są to najwyższe, tymczasem nie każde sposoby na opłacenie polskich potrzeb walutowych. Zacznijmy więc od momentu początku. Najłatwiejszą możliwością na ugadanie wspomagającej gotówki jest dług odkąd familiarnych lub familii. Pieniądze w ten fortel zwerbowane są na ogół nieoprocentowane również pożyczane są poszczególnie na podwalinie zawierzenia. Niestety nie wiecznie istniejemy w stanie wyszperać jednostkę chcącą wydzierżawić nam kapusta spośród rozmaitych względów. W końcu masa figury mówi, iż „jeśli chcesz zostawić kumpla – wydzierżaw mu pieniądze”. Z tego również powodu pożyczka odkąd familii azali poufałych istnieje z reguły na zbite wielkości natomiast w pozycjach awaryjnych. Trudno istnieje pożyczyć wysoką sumę pieniędzy od momentu rodziny bądź kumplów. Drugim, najpopularniejszym sposobem jest przekazanie się z prośbą o zobowiązanie albo pożyczkę do banku.

Apr 10, 2013
4:30 PM

And also having the major cigarette brands they additionally supply a sizable line of taste options that consist of, but are not restricted to cherry, coffee, vanilla, and a bunch more. Likewise V2 Cigs is the only e cigarette trademark name I have become aware of that likewise supplies blank cartomizers that are refillable along with any kind of e fluid, in addition to offering custom cartridges that they will make to be like any sort of flavor you can consider. I also figured out while considering a V2 Cigs testimonial that V2 Cigs refill cartrigdes and batteries can easily be made use of coupled with various other good e cigarette brands like Whitecloud, and Premium e cigs. It is necessary to understand that nicotine assists individuals to relax; and also that it is addicting. That suggests you need to locate an alternate method of relaxing prior to you use up the cigarette struggle. We do not really know why most individuals do not advance themselves, yet that seems to be the common point to do, or not do. Make a strategy that you will certainly take activity, then function from that plan each day till you see the outcomes you want. If you have tried and fallen short to give up cigarettes, you need not offer up the battle. The additional you attempt, the more wish you will certainly have to stop, and you'll soon understand it. That is critically vital to excellence along with smoking cessation. Everybody understands that cigarettes are terrible for you, also smokers, and when smokers continuously smoke it simply implies they're not prepared to give up their practice. Stopping takes not just finding out how however it likewise takes a person being supportive mentally. We will share many very efficient quit smoking techniques that can easily aid you in your efforts. Given that after that, they have actually tried to keep dealing with their e cigarettes. They have raised their batteries voltage, they have actually increased on the alternatives and styles of batteries readily available, and they have actually improved their line cartridge flavors. v2 cig coupon appears to have electric cigarettes interior a couple product style and layout. Other nice factor could well utilized to correct various choices consisting of menthol, joe, vanilla taste and far more. V2 cigs is without concern a particular aspiring provider that certain tries to offer an actually ideal companies while sustaining fabulous assistance help. So if you do not make usage of electronic cigarettes as well generally along with if your 5 cartridge group lasts for a few weeks or additional, along with if you do not would such as to go with the problem of refilling cartridges manually after that you have the capacity to avoid e-liquid. Else, it is an exceptional variety and also by having supplement of added tastes it will certainly occur to be an extremely excellent option to common V2 cartridges. People react in different ways to the basic argument of crash quitting versus progressive quitting. Just by trying the various techniques can you determine exactly what will certainly help your demands.evape. V2 cigs are an excellent gizmo considering the cigarette smokers. It is eco friendly thus can easily be used readily. To make the best deal you must go with the vouchers that provide you price cuts on e cigarettes. With V2 cigs Promo code you not only conserve money but can continue cigarette smoking which has no smoke.

Todd Wolaver, Web Designer and Developer

Main Navigation