Vinh Jacker | 03-17-2025
Magento 2 offers API, which allows you to create powerful applications harnessing the power of Magento. Before you can make API an call, you need the authorization to access your Magento store. Admin token based is an excellent method of authorization. In this post, I will instruct you to get an admin token to access the API resource.
Each step in this post gives the following information which are the elements of the API call:
This section shows the HTTP verbs and the full URL to the endpoint.
A REST call in Magento has a basic structure like this:
<HTTP verb> http://<host>/rest/<scope>/<endpoint>
where
| Element | Description |
|---|---|
| HTTP verb | One of GET, POST, PUT, or DELETE |
| host | The hostname or IP address (and optionally, port) of the Magento installation. |
| scope | Specifies which store the call affects. In this tutorial, this value is default. |
| endpoint | The full URI (Uniform Resource Identifier) to the endpoint. These values always start with /V1. For example, /V1/orders/4. |
This section shows which key/ value pairs you have to specify in the HTTP headers. All calls require one or more HTTP headers.
This section shows the information which is sent to Magento. You can copy and paste payload samples that are all valid into your call. However, you may need to change the id values which Magento returns.
This section shows the information which the REST client receives from Magento. These values are often used in order processing. There may be a difference between the values Magento returns and the values shown in the examples of the tutorial.
Most REST calls to Magento require an authorization token. Thanks to the token, Magento can verify that the caller is authorized to access a system resource. To get a token, you need to specify the user’s name and password in the payload.
By default, an admin token is valid for 4 hours. To change this value, please access to your admin panel and navigate to Stores > Settings > Configuration > Services > OAuth > Access Token Expiration > Admin Token Lifetime (hours).
POST <host>/rest/<store_code>/V1/integration/admin/token
Content-Type application/json
{
"username": "admin",
"password": "123123q"
}
Magento returns the admin’s access token.
5r8cvmpr11j6gmau8990rcj2qk7unh8i
You need to specify this token in the authorization header of every call that requires admin permissions.
Because the tokens are not shown in the admin panel, there are no additional verification steps.
Above are the detailed instructions for getting the admin token to access the Magento 2 API resource. I hope that this article will be helpful for you. If you have any questions or want to give some opinions, feel free to leave a comment below.
Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.
Related Post
Hyvä Theme is Now Open Source: What This Means for Magento Community - Mageplaza
Hyvä is now Open Source and free. Discover what changed, what remains commercial, how it impacts the Magento ecosystem, and how to maximize its full potential.
Holiday Marketing Hacks 2025 - How to Boost Sales for Magento 2 Stores? - Mageplaza
Discover the best 2025 holiday marketing strategies for Magento 2. Learn key trends, creative campaign ideas, and expert tips to increase seasonal sales.
Hyvä Theme is Now Open Source: What This Means for Magento Community - Mageplaza
Hyvä is now Open Source and free. Discover what changed, what remains commercial, how it impacts the Magento ecosystem, and how to maximize its full potential.
Holiday Marketing Hacks 2025 - How to Boost Sales for Magento 2 Stores? - Mageplaza
Discover the best 2025 holiday marketing strategies for Magento 2. Learn key trends, creative campaign ideas, and expert tips to increase seasonal sales.