Authorization

Follow this guide to create a new Magento API credential that will allow Nexla to authenticate to and exchange data with your Magento instance.

Magento API

Prerequisites

Before creating a Magento API credential, you need to identify your Magento server URL and optionally obtain an authorization token if you need to access protected data. The authorization token is optional for accessing public data, but required for accessing protected resources like customer data, orders, and inventory information.

To obtain your authorization token (if needed for protected data), follow these steps:

1. Sign in to your Magento admin panel using your administrator credentials.

2. Navigate to System > Integrations in the Magento admin menu.

3. Click Add New Integration to create a new integration.

4. Enter a name for the integration (e.g., "Nexla Integration") in the Name field.

5. Enter your email address in the Your Email field.

6. Enter a password in the Your Password field to secure the integration.

7. In the API tab, select the resource access permissions you need for your integration. You can choose specific resources or select All for full access.

8. Click Save to create the integration.

9. Click Activate to activate the integration and generate the access token.

10. After activation, the Access Token will be displayed. Copy this token immediately, as it may not be accessible again after you navigate away from the page.

11. Store the authorization token securely, as you will need it to configure your Nexla credential. The authorization token provides access to your Magento data based on the permissions you configured, so treat it as sensitive information.

The authorization token is sent in the Authorization header with the Bearer prefix (e.g., Authorization: Bearer {token}) for all API requests to the Magento GraphQL API. The token authenticates your integration and grants access to Magento resources based on the permissions configured for the integration. If you only need to access public data (such as public product catalogs), you can leave the authorization token blank. For detailed information about authorization tokens, API authentication, and available GraphQL queries, refer to the Magento GraphQL API documentation and Magento authorization tokens documentation.

Create a Magento API Credential

• To create a new Magento API credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Magento API

Credential Name & Description

1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

   Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Token Authentication

Magento uses token-based authentication for accessing protected data through the GraphQL API. The authorization token is sent in the Authorization header with the Bearer prefix to authenticate API requests to the Magento GraphQL API.

2. Enter your Magento server URL in the Magento Server field. This should be the base URL of your Magento instance (e.g., https://yourstore.com or http://localhost/magento2). The server URL is used to construct GraphQL API endpoint URLs. Ensure the URL includes the protocol (http:// or https://) and does not include a trailing slash.

3. Enter your Magento authorization token in the Authorization Token field (optional). This is the access token you obtained from your Magento admin panel (System > Integrations). The authorization token is sent in the Authorization header with the Bearer prefix for all API requests to the Magento GraphQL API. Leave this field blank if you only need to access public data that doesn't require authentication. The authorization token is sensitive information and must be kept confidential if provided.

   The authorization token is optional and only required if you need to access protected data such as customer information, orders, or inventory details. If you only need to access public product catalogs or other public data, you can leave the authorization token field blank. If your authorization token is compromised, you should immediately revoke it in your Magento admin panel (System > Integrations) and create a new integration. Your Magento authorization token can be found in your Magento admin panel (System > Integrations) after creating and activating an integration. The authorization token is sent in the Authorization: Bearer {token} header for all API requests to the Magento GraphQL API. The token provides access to Magento resources based on the permissions configured for the integration. For detailed information about obtaining and managing authorization tokens, API authentication, and available GraphQL queries, see the Magento GraphQL API documentation and Magento authorization tokens documentation.

Save the Credential

1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.