Magento 2 REST API Explorer

Browse every Magento 2 REST endpoint, with method, path, parameters, ACL, and paste-ready cURL.

What Magento 2 REST API Explorer does

✓ Every REST endpoint declared by Magento 2 core's webapi.xml — Catalog, Customer, Quote, Sales, Inventory, Tax, Store, and 30+ more modules
✓ Grouped by module — drill into Customer to see /V1/customers, /V1/customers/me, /V1/customerGroups, or jump to Quote for /V1/carts and /V1/carts/mine
✓ Per-endpoint detail page with HTTP method, path/query/body parameters (with type, required flag, default, description), return type, service contract method, and the ACL resources protecting the route
✓ Auto-generated examples — paste-ready Headers (Accept, Content-Type, Authorization), JSON body, cURL, and a JavaScript fetch snippet for every endpoint
✓ Auth surfaced inline — every endpoint flagged Anonymous, Self (customer/admin), or Admin with the exact ACL identifier (e.g. Magento_Customer::group)
✓ Pinned to a specific Magento release — version banner makes provenance explicit; rebuild against a newer source tree by re-running the generator

How it works

Search or browse

Search by path, service class, summary, or module (e.g. /carts, customer, products), filter by HTTP method, or jump straight into a module's surface from the grid.

Open an endpoint

Per-endpoint page shows path/query/body parameters with types and defaults, return type, service contract, ACL requirement, and a tabbed example block with Headers / Body / cURL / JS fetch.

Send from the playground

/restapi/explorer is a Postman-style sidebar: pick an endpoint, fill in path placeholders, edit headers/body, and dispatch the request directly from the browser.

Frequently asked about Magento 2 REST API Explorer

Where does the catalog data come from? +

It's parsed at build time from every module-*/etc/webapi.xml file plus the matching service contract (Magento\<Module>\Api\<Class>::<method>) PHPDoc. The generator (scripts/restapigen) walks the vendor tree, extracts route + auth metadata from the XML, and pulls @param/@return tags out of the PHP.

Are the example requests safe to copy and run? +

They're paste-ready against your store's /rest/default base, but you'll need to replace the host, ACL token, and any required values. Endpoints flagged Self or Admin require a Bearer token; obtain one via /V1/integration/customer/token (customer) or /V1/integration/admin/token (admin).

Why is the Authorization header sometimes missing? +

Endpoints flagged anonymous in webapi.xml don't need a token at all. The header appears on every endpoint where the <resources> block lists `self` or one or more ACL identifiers.

Does it cover third-party modules? +

Core Magento + the bundled Adobe Commerce modules + PayPal Braintree are included. To add your own module's REST surface, drop a webapi.xml into a vendor module and re-run the generator — custom-module upload is on the roadmap as a per-account feature.

How are body parameters distinguished from path parameters? +

Path parameters are detected from `:name` segments in the URL (like /V1/customers/:customerId); everything else from the service method's @param list goes into Body for POST/PUT/PATCH or Query for GET/DELETE. The split mirrors what Magento's WebAPI module does at request dispatch.

Can I run a request against my store from this page? +

Yes — the /restapi/explorer playground POST/GET/PUTs straight from the browser. Browser CORS rules apply, so most production stores will block the dispatch unless you've configured `Access-Control-Allow-Origin`. When that fails, the catalog still gives you the cURL to run locally.