How to use Magento 2 API

Magento API is a type of framework that offers developers and integrators a good method to maximize web services which communicate well with the Magneto system. Amongst the primary features are supports for SOAP (Simple Object Access Protocol) and REST (Representation State Transfer). The coverage is just the same for both SOAP and REST in Magento 2.
There are 3 kinds of authentication:

  • The mobile applications authenticating via tokens
  • The 3rd party applications authenticating via Oath 1.0a.
  • The authentication of customers and admins via login credentials.

Each account and integration serves as assigned sources which they can access. The API framework monitors the calls to check if the account is authorized to do the request.

Each Magento or 3rd party service could be configured into a web API via xml.

In order to configure the web API, you need to define XML attributes and elements in a webapi.xml configuration file. Once the service isn’t defined in a configuration file, it won’t be displayed.

The framework is anchored upon the CRUD model, which stands for Create, Read, Update, and Delete. The system doesn’t support any webhook.

The framework, however, supports web API responses’ field filtering in order to better conserve the mobile bandwidth.

Web API’s integration style helps a web API to operate numerous services simultaneously to promote efficiency. The Magento APIs could be used to execute tasks like:

  • Creating a shopping application and the traditional type of application which can be downloaded to a mobile phone or device. This application can be utilized by the employees in a showroom to smoothen the customer's shopping experience.
  • Integrating with CRM (Customer Relationship Management) or ERP (Enterprise Resource Planning) backend type systems like Xero or Salesforce.
  • Integrating CMS (Content Management System). However, content tagging isn’t supported yet.
  • Creating JavaScript Widgets in the Admin Panel or Magento storefront. The widget creates AJAX calls in order to access services.

The Magento API supports XML-RPC and SOAP-- SOAP serves as the default protocol.


To connect to Magento SOAP web services, load the WSDL into your SOAP client from either of these URLs:


Where magentohost is the domain for your Magento host.
As of v1.3, you can also use the following URL to access the Magento API v2, which was added to improve compatibility with Java and.NET:


The following PHP example shows how to make SOAP calls to the Magento API v1:

$client = new SoapClient('http://magentohost/api/soap/?wsdl');

// If somestuff requires api authentification,
// then get a session token
$session = $client->login('apiUser', 'apiKey');

$result = $client->call($session, 'somestuff.method');
$result = $client->call($session, 'somestuff.method', 'arg1');
$result = $client->call($session, 'somestuff.method', array('arg1', 'arg2', 'arg3'));
$result = $client->multiCall($session, array(
    array('somestuff.method', 'arg1'),
    array('somestuff.method', array('arg1', 'arg2'))

// If you don't need the session anymore


To use XML-RPC, load the following URL into your XML-RPC client:


Where magentohost is the domain for your Magento host.
The following PHP example shows how to make XML-RPC calls:

$client = new Zend_XmlRpc_Client('http://magentohost/api/xmlrpc/');

// If somestuff requires api authentification,
// we should get session token
$session = $client->call('login', array('apiUser', 'apiKey'));

$client->call('call', array($session, 'somestuff.method', array('arg1', 'arg2', 'arg3')));
$client->call('call', array($session, 'somestuff.method', 'arg1'));
$client->call('call', array($session, 'somestuff.method'));
$client->call('multiCall', array($session,
       array('somestuff.method', 'arg1'),
       array('somestuff.method', array('arg1', 'arg2')),

// If you don't need the session anymore
$client->call('endSession', array($session)); 

The XML-RPC only supports version 1 of the Magento API.

API Methods

The following table contains the API methods that can be called from your SOAP or XML-RPC client on the Magento v1 API.



Return Value


Start the API session and return session ID.



End the API session.


login(apiUser, apiKey)

Start the API session, return the session ID, and authorize the API user.


call(sessionId, resourcePath,array arguments)

Call the API resource that is allowed in the current session. See Note below.


multiCall(sessionId, array calls,array options)

Call the API resource’s methods that are allowed for current session. See Notes below.



Return a list of available API resources and methods allowed for the current session.



Return a list of fault messages and their codes that do not depend on any resource.


resourceFaults(sessionId, resourceName)

Return a list of the specified resource fault messages, if this resource is allowed in the current session.


Note: For call and multiCall, if no session is specified, you can call only resources that are not protected by ACL.

Note: For multiCall, if the "break" option is specified, multiCall breaks on first error.
The Magento SOAP API v2 does not support the call() and multiCall() methods, and instead provides a separate method for each API resource.

Global API Faults

The following table contains fault codes that apply to all SOAP/XML-RPC API calls.

Fault Code

Fault Message


Unknown Error


Internal Error. Please see log for details.


Access denied.


Invalid api path.


Resource path is not callable.

SOAP API Version v2

Since Magento 1.3, version v2 of the SOAP API has also been available. The main difference between v1 and v2 is that instead of using the methods call and multiCall, it has separate methods for each of the actions.
For example, consider the following PHP code using SOAP v1.

$params = array(array(
$result = $client->call($sessionId, 'sales_order.list', $params);
With SOAP v2, the following code would be equivalent.
$params = array('filter' => array(
   array('key' => 'status', 'value' => 'pending'),
   array('key' => 'customer_is_guest', 'value' => '1')
$result = $client->salesOrderList($sessionId, $params);

Note that the WSDL for SOAP v1 and SOAP v2 are different.
Note that in SOAP v1, customizing the API did not involve changing the WSDL.

In SOAP v2, changes to the WSDL are required.

You can configure the SOAP v2 API to be WS-I compliant in the system configuration menu. To do this, set Services > Magento Core API > WS-I Compliance to Yes.

Note that the WSDL for the SOAP v2 API is different when in WS-I compliant mode.

Using the WS-I compliant SOAP v2 API WSDL, it is easy to automatically generate client classes for Java, .NET, and other languages using the standard libraries.

Related Products