Any way to disable / not use oAuth on Magento's REST API?

Question

Is it possible to (temporarily?) disable the requirement for oAuth in Magento and still retrieve product data etc. through the REST API?

So basically be able to issue GET requests over HTTP without using oAuth and still have data returned?

Thanks,

Answer 1

Temporary disable the oAuth:

1. Make sure you have an Admin User Type role under: System -> Web Services -> REST - Roles. If not, add a new role and specify your desired Role API Rsources.
2. Make sure you have full right for REST Attributes under: System -> Web Services -> REST - Attributes for the Admin User Type.
3. Trick Magento Auth Model into thinking it has loaded the admin user:

Have a look at the Mage_Api2_Model_Auth model under app/code/core/Mage/Api2/Model/Auth.php

public function authenticate(Mage_Api2_Model_Request $request)
{
  ...
  $authAdapter   = Mage::getModel('api2/auth_adapter');
  $userParamsObj = $authAdapter->getUserParams($request);
  // Added code:
  $userParamsObj->type = 'admin';
  $userParamsObj->id = 1;
}

Answer 2

I have had to struggle with the Oauth implementation on Magento recently and I managed to get my testing done by disabling the Oauth mechanism as follows...

If you simply enter the following URL Magento assumes you are connecting as a Guest. http://www.yourmagentopath.com/api/rest/products?limit=2 (for example)

Currently by default the Guest role has no permissions to view any information. This returns a 403 (access denied).

So login to Magento Admin, Goto System->Web Services->REST - Roles Select Guest from the list and click the boxes to allow the guest account to view details.

Save the details and refresh the page from the link provided above. You should now see 2 products displayed in XML format.

To see all products simply remove the limit...

Answer 3

It is possible to add a custom REST authentication adapter in Magento. For example, you can use HMAC method for securing communication between client and server.