Verified steps

Define a custom REST API endpoint in a Magento 2 module by configuring the webapi.xml file with the route, HTTP method, service interface, method, and required ACL resources
Implement the service interface and its concrete class with business logic, injecting the required repositories and factories via constructor dependency injection
Add the ACL resource definition to acl.xml so the endpoint permission can be assigned to specific API roles in the Magento admin, restricting access to authorized B2B customer tokens
Generate a customer token using the existing Magento token endpoint and pass it as a Bearer token in subsequent requests to authenticate against the custom endpoint using the standard Magento token authentication middleware
Implement request rate limiting by wrapping the service method with a custom plugin that checks a Redis counter keyed by the customer ID and returns a 429 response when the per-minute threshold is exceeded
Write integration tests using the Magento testing framework's REST API test base class to verify authentication enforcement, input validation, and correct response schemas before deploying to production

Known gotchas

Magento 2 webapi.xml ACL resources must be defined before they can be assigned to admin roles; deploying without the acl.xml definition causes the permission to silently default to open, exposing the endpoint without authentication
Custom REST endpoints in Magento must declare their input types in a di.xml type preference or use DataObject; plain PHP arrays in method signatures are not supported by the automatic API argument deserialization layer
Magento's built-in API rate limiting requires additional configuration or a third-party module; the custom Redis plugin approach must also handle cache invalidation if Redis flushes mid-request-window to prevent quota leakage

BigCommerce B2B headless · 6 steps · unrated

Configure Adobe Commerce (Magento) async bulk REST API for high-volume product attribute updates with error handling and retry

Adobe Commerce / Magento async API · 6 steps · unrated

Use Magento 2 asynchronous and bulk REST endpoints for high-volume catalog operations

magento.com · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Implement an Adobe Commerce (Magento 2) custom REST API endpoint with authentication and rate limiting for a headless B2B mobile app

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes