In order to access Magento web services API, you will need to do the following:
- Log in with a username and API key. This username is not the same as the username that you used to log in to the admin backend of the store. You will need to create an API user and role assigned to this user in Admin panel.
- Upon successful login, it would then return a session ID (security token). The session ID is mandatory in every API call request. Unlike other security tokens, there will be session timeout and this session ID would be expired automatically in a period of time. Once the session ID is expired, you will not be able to perform any API call request, and you will have to perform log in again to get a new session ID.
Magento only accepts the latest and only one session ID to be used in the API call. Therefore, if there are more than one user trying to access the API, it is a good practise to have only one session ID at a time and be shared among the users until this session ID is expired.
The following are the steps to setup a new API user from Magento’s backend admin.
Create an API user’s role under the admin panel, System->Web Services->Roles
Press “Add New Role” button to create a role for an API user.
Under “Role Info”, create a role’s name.
Under “Role Resources”, set permissions or restrictions for the user to access certain levels of data. Either select “All” or “Custom” for accessing the resources.
Create API user under the admin panel, System->Web Services->Users
Press “Add New User”.
Create a user account by filling up all the required field.
Note: Account must be set to “Active” in order for this user to access the API.
Select the user role for the user.
Finally, the API user is created.
Note: User can create one or more API user(s) and role(s).