We want to develop mobile applications for Android and iOS which will communicate through Magento2’s REST APIs.
What will be the proper way to pass the authorization token to access Magento2’s resources?
What I know:
For example:
We can use the V1/guest-carts endpoint to create a cart on behalf of a guest.
We can create a cart for a logged-in customer and use /V1/carts/mine endpoint, calls for a logged-in customer must specify the customer’s token in the header.
Now I want to get the product details by SKU and I will call the /V1/products/SKU endpoint, but it will give an error:
Because a customer or guest does not have access to this resource, I have to provide an Admin Authorization Token or I can create an integration System > Extensions > Integrations and provide the Access Token to access the resource.
*Resources: Magento_Catalog::products
What I don’t know:
Do I have to hardcode the Access Token or Admin User and Password in the mobile application source code?
If yes, customers can use tools like HTTP Toolkit and capture the token from the request and they can just delete a product by calling
DELETE /V1/products/SKU endpoint.
If not, what is the proper way to do it?
