Change Magento 2 REST API - rest

Hey guys I wonder if anyone can help with this.
Now I am facing a problem at my company. We are developing a Magento 2 Community multistore for our customers.
The idea is to have several stores in the same Magento 2 installation, where each store is for each independent company. The problem is the integration with our ERP system. With the API REST we have full control in the installation, even if we are not with the admin master credential. if we run commands like this in postman: https://magentostore.com/rest/V1/orders?searchCriteria
we have all the orders in installation, all stores. So the companies with their credentials would have the same control and it is a very bad problem of security. The stores would have access to data from each other.
We have tried extensions for advanced permissions like Aitoc and Amasty but it's only works at a frontend level and does not take any effect in API REST. We know that Magento was not made for this kind of thing so my question is:
is it possible to change the API REST to filter the queries by store? and where can I find these API REST queries?
I'd thank you so much.

So you can override api calls using webapi.xml file in your module, Just point it in your service interface and change acl if you want. In your service interface inject the original one and add some your filter before calling original.
The second approach to write a plugin on OrderRepositoryInterface and add filter there (but first solution is better because this service is used not only in api so you may do not want to restrict all calls)

Related

How can I get two platforms to exchange data by leveraging their REST APIs

I use two independent eCommerce platforms that don't officially support communication with one another, however, both have exposed REST API for managing products, orders, etc.
My question is: how can I leverage their APIs to allow the two platforms to exchange data?
Neither platform offers a workspace to code API calls and execute on retrieved records, so I don't understand how this scenario fits in the client server model.
Would this require a third node to be set up to act as the client with each of the eCommerce platforms acting as servers?
If so, then I surmise that this client would need to, for example, perform a GET request from Platform A, store the retrieved records in a database, then perform a POST to create the records in Platform B.
If my above understanding is correct, can anyone please advise on a platform/service with which this functionality can be built and managed? Is Postman what I'm looking for?
I'm still new to web API development, so please excuse my ignorance.
Any help would be much appreciated.
Thanks

What is the standard way to implement an API sandbox?

so it occurred to me that it would be helpful in the development of my backend to have a managed sandbox, like a development environment without having to set up a separate database. To be more specific I'm using Postgresql and Node.js, but I doubt that makes a difference.
So my question is, how do services such as PayPal commonly implement a "sandbox" for developers who use their API to play with that is separate from their real data? In my case all that I want is a database sandbox that operates separately from the main database for the backend developers. My first idea on this is to tag every row with their specific sandbox or production id, but that seems inefficient. Is there another way to implement this idea?

Magento to salesforce integration

I have a magento ecommerce web application want to sync my data from magento to salesforce and vice versa
I thought this would be as simple as collecting their salesforce.com credentials to open a connection to salesforce.com and pull down their customer,product and contact.
But it does not look that easy! For one, I cannot find a global API. Apparently, each salesforce.com company has to "generate" their own WSDLs .Don’t have much idea on rest api, where I don’t have to generate wsdl for each different company.
I have done lots of research on this could not find any proper solution Most of the vendors are using soap api where I need to follow same process that is every time I need to generate WSDLs for each company…
Each company is different that's why you need to generate a different structure.
I would recommend this solution: https://products.crunchyconsulting.com/crunchy-products/crunchy-magforce.html with some customizations available if you ask for it.

How to integrate Oracle APEX and Alfresco via CMIS

A question regarding the integration of the document management system Alfresco into Oracle Application Express (APEX) based on CMIs-repository:
The aim is to use APEX as the portal-page and Alfresco showing it's results (document lists) based on search parameters coming form APEX.
A search result from a CMIS-query should be displayed in an APEX page-region.
Unfortunately I have no experience in this sector (REST, CMIS) - so any advice would be welcome!
A related question regarding user authentication and authorization via CMIS does also arise.
Has anyone out there implemented something like this or used these components together, yet?
The first thing that pops into my mind is making the choice where you want your communication with the repository to take place: client side or server side?
Alfresco supports Web Scripts, so I would be possible to create a javascript-heavy thick client which connects to your repository, get information about your files and redirect to their download links.
The alternative would be to design some way to connect to the repository from the database server. Again there are many ways to do this. You can connect to the repository during your page load and use PL/SQL regions to fire scripts that connect to your repository, get the data you want, and render your region with that information.
Another way would be to periodically check the repository for changes, and maintain a 'shadow copy' of the repository within your oracle database tables.
Of course all of these solutions have their own drawbacks.

Using CAS without the Login Screen version3.5

here is a old version:https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
I need to do the same with that latest version of CAS i.e. 3.5 . Can anyone provide me the steps for the same
We are doing now basically what you're asking here in my company. We have a Sharepoint website that in background is using the RESTful services for doing the real login. I wrote some posts about them in my blog and recently we used it to get access from a iOS application which contains a link to a sample program.
Important!!! We have a modification in our CAS that offers the possibility to use it for more than one domain. So wherever you find a reference to something called "Domain" in my samples just remove it, as it will not work on standard CASes
Here is a nice solution to your problem.
Just enable restful access.