Obtaining OAuth access token for Magento REST API using Rails application

I am developing a Rails app that needs to connect with a Magento store on the same server. Right now, I am using SOAP for communication, but it’s very slow, so I want to shift to using REST API.

I have the consumer_key and consumer_secret that I plan to use to request an OAuth token from Magento.

Here’s the code I’ve written so far:

@oauth_client = OAuth::Consumer.new("abc123def456", "xyz789ghi012", {
  request_token_path: '/oauth/initiate',
  access_token_path: '/oauth/token',
  site: "http://store.example.com"
})

@request_token = @oauth_client.get_request_token
# This part works successfully

@access_token = @request_token.get_access_token
# However, I receive an OAuth::Unauthorized: 400 Bad Request error here

Magento seems to require user authorization before proceeding from the request token to the access token, but I want to handle this in the background without manual input.

Can someone guide me on how to programmatically manage the authorization step before I can exchange my request token for the access token?

OAuth’s a nightmare here because Magento forces that authorization step. You can’t skip user consent programmatically with standard OAuth.

Here’s the thing though - why fight OAuth tokens and rate limits when you can automate the whole Magento integration? I’ve hit this exact problem on Rails projects before.

Skip the OAuth mess entirely. I use Latenode to handle all the auth headaches automatically and get clean webhook endpoints for my Rails app.

Here’s how it works: Latenode connects to your Magento store, grabs your data, pushes it to Rails endpoints. No OAuth dance, no token juggling, no 400 errors.

Used this for a client with identical SOAP performance problems. Speed boost was huge and we ditched all the auth complexity.

Takes minutes to set up instead of hours debugging OAuth: https://latenode.com

skip the oauth headache - just create a dedicated admin user for api calls. set up a new admin account in magento’s backend, then authenticate with username/password to grab bearer tokens. way easier than dealing with oauth redirects and perfect for background tasks.

OAuth 1.0a requires authorization, but there’s a way around it for server-to-server stuff. Skip the OAuth consumer approach and create an integration user in Magento admin instead. Go to System > Extensions > Integrations and make a new integration for your Rails app. This gives you access tokens that skip the manual authorization completely. With integration tokens, you can make direct API calls using basic HTTP auth headers - no OAuth gem needed. I made this switch on a similar project and ditched all the authorization headaches while keeping things secure. SOAP to REST gives you a huge performance boost, but add proper error handling for rate limits since Magento’s pretty strict about API call frequency.

Been down this exact road. The OAuth flow you’re using expects a browser callback, which is why you’re hitting that 400 error.

Ditch the OAuth gem completely. You need Magento’s Admin Token authentication for server-to-server calls.

Here’s what I do:

require 'net/http'
require 'json'

uri = URI('http://store.example.com/rest/V1/integration/admin/token')
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request.body = {
  username: 'your_admin_username',
  password: 'your_admin_password'
}.to_json

response = http.request(request)
token = JSON.parse(response.body)

Then use that token in your API calls:

request['Authorization'] = "Bearer #{token}"

This skips OAuth authorization completely. I’ve switched three Rails projects from SOAP to this approach and the performance difference is huge.

Just store the token securely and refresh when it expires. Way cleaner than fighting OAuth callbacks.