src/Sylius/Bundle/ApiBundle/docs/authorization.md
As introduced in this PR, you need to authorize with JWT token to be able to use new Sylius API.
There are two separate endpoints for authorizing as a Admin User or Shop User. For now, there is an edge case associated with that. When we have Admin User and Shop User with the same email, both will be able to authorize, but all responses will be prepared as for Shop User.
Generate SSH keys for JWT
openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout
Paths for the keys are configured in
.envfiles
Request for JWT token by the authentication request
As an Admin User:
curl -X POST http://127.0.0.1:8000/api/v2/admin-authentication-token -H "Content-Type: application/json" -H "Accept: application/json" -d '{"email": "[email protected]", "password": "sylius-api"}'
Email "[email protected]" and password "sylius-api" are default credentials for API administrator provided in the default fixtures suite
As a Shop User:
curl -X POST http://127.0.0.1:8000/api/v2/shop-authentication-token -H "Content-Type: application/json" -H "Accept: application/json" -d '{"email": "[email protected]", "password": "sylius-api"}'
Email "[email protected]" and password "sylius" are default credentials for API client provided in the default fixtures suite
In the response you will get a token that need to be passed in each request header.
{"token": "VERY_SECURE_TOKEN"}
If you're using Api Platform Swagger docs (available on /api/v2/docs/ URL), you can set the authentication token
for each request.
i. Go the the Swagger docs page. Notice the Authorize button and unlocked padlock near the available URLs:
ii. Click the Authorize button and put the authentication token (remember about the Bearer prefix):
iii. After clicking Authorize, you should see locked padlock near URLs and the proper header should be added to each API call