首先，您要请求有效的 OAuth 令牌和机密.为此，请使用 oauth_callback 的 GET 参数点击 Magento 商店的/oauth/initiate URL.我们将使用 httpbin 以便我们可以回显传递给我们回调的任何内容.确保您在 Postman 的 OAuth 1.0 设置中选中了自动添加参数".

First, you want to request a valid OAuth token and secret. Do this by hitting the /oauth/initiate URL of your Magento store with a GET parameter for oauth_callback. We're going to use httpbin so that we can echo anything that is passed to our callback. Make sure you have "Auto add parameters" checked on the OAuth 1.0 settings for Postman.

这会给你一个 oauth_token 和 oauth_token_secret，它们只是临时的.这些被称为请求令牌"和秘密.将这些值保存在某处，因为您以后会需要它们.

That will give you an oauth_token and oauth_token_secret, which are only temporary. These are referred to as a "request token" and secret. Save these values somewhere because you will need them later.

现在，向您的 Magento 商店的/admin/oauth_authorize URL 组装一个新的常规 HTTP 请求.这将返回一个登录表单，您可以在其中接受 oauth 令牌并授权您的应用程序，但是由于我们使用的是 Postman，因此我们无法与该表单进行交互.

Now, assemble a new regular HTTP request to the /admin/oauth_authorize URL of your Magento store. This will return a login form where you can accept the oauth token and authorize your app, however since we're using Postman we aren't able to interact with the form.

相反，查看源并拉出 form_key 隐藏输入值.然后组装一个新的 HTTP 请求来伪造授权表单的提交.确保它是一个 POST 请求.您的新 HTTP 请求应如下所示.

Instead, view the source and pull out the form_key hidden input value. Then assemble a new HTTP request to fake the submission of the authorization form. Make sure it is a POST request. Your new HTTP request should look like this.

现在，您需要实际确认授权.只需使用 oauth_token 作为参数向 Magento 商店的/admin/oauth_authorize/confirm URL 发出 GET 请求.当您发送此请求时，它将从第一步重定向到您的 oauth_callback.现在，您可以看到为什么我们在第一步中使用 httpbin 作为回调了.

Now, you need to actually confirm the authorization. Simply issue a GET to the /admin/oauth_authorize/confirm URL of your Magento store with the oauth_token as your parameter. When you send this request it will redirect to your oauth_callback from the first step. Now, you can see why we used httpbin as our callback in the first step.

好的.所以，我们快到家了.最后一块拼图是将 oauth_token、oauth_secret 和 oauth_verifier 一起使用来获得有效且持久的访问令牌".因此，从第一步中获取 oauth_token_secret，并像这样组合和组装一个新的 OAuth 请求.

OK. So, we're almost home. The last piece of the puzzle is to use the oauth_token, oauth_secret, and oauth_verifier all together to get a valid and persistent "access token". So, take the oauth_token_secret from the first step, and combine and assemble a new OAuth request like so.

你应该得到一个返回的令牌和秘密.这些永远不会过期！您可以使用它们来查询产品和资料.

You should get a returned token and secret. These will never expire! You can use them to query products and stuff.

现在，您可以像这样组合您的 OAuth 请求.请注意，您必须选中将参数添加到标题"复选框才能使 Magento REST 调用正常工作.

Now, you can assemble your OAuth requests like this. Note, you must check the "Add params to header" checkbox in order for Magento REST calls to work properly.