I have created my own Request API ( POST : {{baseUrl}}/products/create ). This API is used to create many products and returns only the total number of existing products in Shopware. I want to execute my request in postman, but I can not. There is a way to make work the request in Postman ?
ApiController.php
<?php declare(strict_types=1);
namespace TestApi\Controller\Api;
use Shopware\Core\Framework\Context;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\JsonResponse;
use Shopware\Core\Framework\Routing\Annotation\RouteScope;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
/**
* @RouteScope(scopes={"api"})
*/
class ApiController extends AbstractController
{
protected EntityRepositoryInterface $productRepository;
public function __construct(EntityRepositoryInterface $productRepository)
{
$this->productRepository = $productRepository;
}
/**
* @Route("/products/create", name="api.product.create", methods={"POST"})
*/
public function createProducts(Context $context): JsonResponse
{
$this->productRepository->create([
[
'name' => 'Product 1',
'productNumber' => 'SW1231',
'stock' => 10,
'taxId' => 'bc3f1ba6f75749c79b5b4a9d673cf9d4',
'price' => [['currencyId' => Defaults::CURRENCY, 'gross' => 50, 'net' => 25, 'linked' => false]],
],[
'name' => 'Product 2',
'productNumber' => 'SW1232',
'stock' => 10,
'taxId' => 'bc3f1ba6f75749c79b5b4a9d673cf9d4',
'price' => [['currencyId' => Defaults::CURRENCY, 'gross' => 50, 'net' => 25, 'linked' => false]],
]
], $context);
$criteria = new Criteria();
$products = $this->productRepository->search($criteria, $context);
return new JsonResponse($products->count());
}
}
Postman :
For information I have provided the Authorization header in the request.
CodePudding user response:
You're making a request against the storefront, not an api endpoint. The CSRF protection only comes into play in the storefront. Is your baseUrl
missing the /api
prefix? The value should be like http://localhost/api
.
CodePudding user response:
Actually your issue lies inside your controller, you use the api
route scope, which means that the api
authentication mechanism should be used. But all routes with the api
route scope need to start with the /api
prefix in the path.
Routes without a /api
or /store-api
prefix are assumed to be storefront requests with the storefront authorization. You should also get an error because of the mismatch of route scope and actual api path, but probably the CSRF error is thrown before that is validated.
To fix your code use /api/products/create
as the path for your custom controller action and also use the /api
prefix in postman to access your route.