Download PDF Manual Back to Extension
Back to Knowledge Base
Download this page as PDF

API Add-On

The Staff API add-on (MageB2B_StaffApi) exposes Staff CRUD endpoints via Magento Web API (REST/SOAP) so you can integrate ERP/CRM systems or automation scripts.

Installation

composer config bearer.repo.softwaresilo.io <token>
composer config repositories.softwaresilo composer https://repo.softwaresilo.io/
composer require mageb2b/staff-api:*
php bin/magento module:enable MageB2B_StaffApi
php bin/magento setup:upgrade
php bin/magento cache:flush

Where to Find the Endpoints

  • Magento Swagger UI: https://<your-domain>/swagger
  • REST base URL: https://<your-domain>/rest

Screenshot placeholder: Swagger UI showing Staff endpoints

Available REST Endpoints

The add-on registers the following endpoints:

  • GET /V1/staff/:staffId – get a staff user by ID
  • GET /V1/staff/search – search/list staff users (Magento searchCriteria)
  • POST /V1/staff – create a staff user
  • PUT /V1/staff/:staffId – update a staff user
  • DELETE /V1/staff/:staffId – delete a staff user
  • POST /V1/staffcustomers – assign customers to staff (payload-driven)
  • POST /V1/unassign-staffcustomers – unassign customers from staff (payload-driven)
  • POST /V1/staff/token – generate a token for a staff session context
  • GET /V1/staff/customers – list customers for current staff context
  • GET /V1/staff/:staffId/customers – list customers for a specific staff ID
  • POST /V1/staff/customers/:customerId/token – generate impersonation token for a customer

Authentication / Permissions

Staff CRUD/assignment routes require admin/integration permissions for Staff management:

  • Read permissions for staff data
  • Write permissions for staff and assignments
  • Delete permissions for staff cleanup

In practice you usually call these endpoints with an Admin Token or an Integration Token that has the matching permissions.

Note: token/customer-context routes in this module are exposed as anonymous at Web API level and enforce access in service logic.

Examples (REST)

Get a staff user by ID

curl -sS -H "Authorization: Bearer <ADMIN_TOKEN>" \
  "https://<your-domain>/rest/V1/staff/123"

Search staff users

curl -sS -H "Authorization: Bearer <ADMIN_TOKEN>" \
  "https://<your-domain>/rest/V1/staff/search?searchCriteria[pageSize]=20"

Create a staff user

curl -sS -H "Authorization: Bearer <ADMIN_TOKEN>" \
  -H "Content-Type: application/json" \
  -X POST "https://<your-domain>/rest/V1/staff" \
  -d '{
    "staff": {
      "firstname": "John",
      "lastname": "Smith",
      "email": "john.smith@example.com",
      "phone": "+1 555-0123",
      "status": 1,
      "website_id": 1
    }
  }'

Notes

  • Exact payload fields depend on your installed Staff add-ons (e.g. order editing, quotes).
  • For bulk operations, consider the Import/Export Add-On.
Staff Groups Customer History

Found an issue with this documentation? Let us know