php – How to implement custom REST API in magento?-ThrowExceptions

Exception or error:

I am trying to create my custom REST api.
I have create my own module Custom/Restapi.Custom [Namespace], Restapi[Module name].

In etc folder i have created config.xml and api2.xml. Below is the code-:


<?xml version="1.0"?>


            <restapi translate="title" module="Custom_Restapi">
                <title>Custom Rest API</title>
            <restapi translate="title" module="Custom_Restapi">
                <title>Testing My Rest API</title>
                       <!-- <retrieve>1</retrieve>
                   <!--  <customer>

Model Directory Structure

app\code\local\Custom\Restapi\Model\Api2\Restapi.php. Below is code of file-:


class Custom_Restapi_Model_Api2_Restapi extends Mage_Api2_Model_Resource


app\code\local\Custom\Restapi\Model\Api2\Restapi\Rest\Admin\V1.php Below is code of file-:


class Custom_Restapi_Model_Api2_Restapi_Rest_Admin_V1 extends Custom_Restapi_Model_Api2_Restapi
     protected function _create(){

   return  json_encode(array("testing","hello"));

 protected function _retrieveCollection()
      return  json_encode(array("testing","hello"));

Etc/module configuration file is also setup.

Admin setting

  1. I have create OAuth role admin. Under left side tab “Role Api Resource” module settings are visible and selected.

  2. Rest Consumer setting is also configured.

Below is REST API calling script code-:

Api Calling Script Code

$consumerKey    = 'ozr74egldg07dpxtkk9uq1o8bj6wwd65'; // from Admin Panel's &quot;REST - OAuth Consumers page&quot;
$consumerSecret = 'ozr74egldg07dpxtkk9uq1o8bj6wwd65'; // from Admin Panel's &quot;REST - OAuth Consumers page&quot;

// Set the OAuth callback URL to this script since it contains the logic
// to execute *after* the user authorizes this script to use the Coupon AutoGen API
$callbackUrl = "";

// Set the URLs below to match your Magento installation
$temporaryCredentialsRequestUrl = "" . urlencode($callbackUrl);
$adminAuthorizationUrl = '';
$accessTokenRequestUrl = '';
$apiUrl = '';


if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
    $_SESSION['state'] = 0;
    echo "try";

try {

    $oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);


    if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {

        $requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
        $_SESSION['secret'] = $requestToken['oauth_token_secret'];
        $_SESSION['state'] = 1;
        header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
    } else if ($_SESSION['state'] == 1) {
        $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
        $accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
        $_SESSION['state']  = 2;
        $_SESSION['token']  = $accessToken['oauth_token'];
        $_SESSION['secret'] = $accessToken['oauth_token_secret'];
        header('Location: ' . $callbackUrl);
    } else {  

        // We have the OAuth client and token. Now, let's make the API call.
        $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);

        // Generate coupon codes via POST
        $resourceUrl = "$apiUrl/custom";

        $oauthClient->fetch($resourceUrl, OAUTH_HTTP_METHOD_POST, array(
            'Accept' => 'application/json',
            'Content-Type' => 'application/json',

         $data= json_decode($oauthClient->getLastResponse(), true);

        echo "Data is:<br/>".$data;

} catch (OAuthException $e) {

    //echo "<br/>";

When i am trying to access the API then it ask for Authorize

Authorize application admin requests access to your account

After authorization application will have access to you account.

authorize button and reject button

After click on Authorize button Error-:

Invalid auth/bad request (got a 404, expected HTTP/1.1 20X or a redirect)
{“messages”:{“error”:[{“code”:404,”message”:”Request does not match any route.”}]}}

PHP OAuth extension does not support RSA-SHA1 support in my OAuth settings

Reference Link

We only use the function provided by magento for accessing the code in rest, below are the function list-:

  1. _create()
  2. _retrieve()
  3. _delete()
  4. _retrieveCollection()
  5. _update()
  6. _multiUpdate()
  7. _multiDelete

Invalid auth/bad request (got a 404, expected HTTP/1.1 20X or a redirect)
{“messages”:{“error”:[{“code”:404,”message”:”Request does not match any route.”}]}}

I have shared above my all analysis but i am not able to access the data.Please share your feedback.

How to solve:

The Core API allows you to manage a set of common resources used in Magento. However, you may choose to have your own set of resources to manage, or you may wish to extend the Core API to handle additional resources.

This would be help full to create custom API.


Your ressource url should correspond to the one in your api2.xml

$resourceUrl = "$apiUrl/custom";

should be :

$resourceUrl = "$apiUrl/custom/createwebsite/"

What does the :s at the end of $apiUrl/custom/createwebsite/:s stands for ?

Leave a Reply

Your email address will not be published. Required fields are marked *