REST API

The REST API tool provides full access to Magento's REST API — the same endpoints available at /rest/V1/*. It supports GET, POST, PUT, and DELETE methods, as well as asynchronous and bulk operations.

The tool automatically discovers endpoints from all installed modules, including third-party extensions. Any module that registers REST API endpoints via webapi.xml will have its endpoints available through this tool — no additional configuration is needed.

Access control

Access to this tool requires two levels of permissions:

Tool permission: the MCP Tools -> Built in -> System -> REST API ACL resource must be enabled for the role in Role Resources. Without this, the AI client cannot use the REST API tool at all.
Endpoint permissions: each REST API endpoint is protected by its own Magento ACL resource. The AI client can only call endpoints that the authorizing admin user's role has access to. For example, to call /V1/products, the role needs the Catalog -> Inventory -> Products resource.

The list_endpoints action automatically filters the results — it only returns endpoints that the admin user's role has access to.

tip

Use the [API] badges on the Role Resources tab to see which ACL resources control which REST API services. Hover over a badge to see the service names.

Actions

The tool has three actions:

list_endpoints

Discovers available REST API endpoints. Results are filtered by the admin user's ACL permissions — only endpoints the user has access to are shown.

Parameter	Description	Type	Required
`action`	Set to `list_endpoints`	string	Yes
`filter`	Filter by keyword (searches in service name, class name, and route)	string	No

Example: use filter: "product" to find all product-related endpoints.

schema

Returns the method signature for a specific service — parameters, types, defaults, and return type.

Parameter	Description	Type	Required
`action`	Set to `schema`	string	Yes
`service`	Service name (e.g., `catalogProductRepositoryV1`). Get service names from `list_endpoints`.	string	Yes

call

Executes an API request.

Parameter	Description	Type	Required
`action`	Set to `call` (default)	string	No
`method`	HTTP method: `GET`, `POST`, `PUT`, `DELETE`. Default: `GET`.	string	No
`endpoint`	REST API path (e.g., `/V1/products`, `/V1/orders/123`)	string	Yes
`body`	Request body for `POST`/`PUT` requests	object/array	No
`query`	Query parameters for searchCriteria, filtering, and field selection	object	No
`store`	Store code for store-scoped requests	string	No

Recommended workflow

The best approach for working with the REST API:

list_endpoints — find the endpoint you need
schema — understand its parameters and expected body format
call — execute the request

Store scoping

Omit store: uses the default store view
Specific store code (e.g., de, fr): executes in that store view's context
all: executes in the admin/global scope (affects all store views)

Search criteria

Use the query parameter to pass search criteria for GET requests:

{
  "searchCriteria[filterGroups][0][filters][0][field]": "status",
  "searchCriteria[filterGroups][0][filters][0][value]": "processing",
  "searchCriteria[sortOrders][0][field]": "created_at",
  "searchCriteria[sortOrders][0][direction]": "DESC",
  "searchCriteria[pageSize]": 5,
  "fields": "items[increment_id,grand_total,status,created_at],total_count"
}

The fields parameter allows you to request only specific fields in the response.

Async operations

Asynchronous operations require the Magento_WebapiAsync module (included in Magento by default).

Single async

Prefix the endpoint with /async to queue a single operation:

Endpoint: /async/V1/products
Method: PUT
Body: single entity

Bulk async

Prefix the endpoint with /async/bulk and pass an array as the body:

Endpoint: /async/bulk/V1/products
Method: PUT
Body: array of entities

[
  {"product": {"sku": "SKU-001", "name": "Updated Name 1"}},
  {"product": {"sku": "SKU-002", "name": "Updated Name 2"}}
]

Both return a bulk_uuid that can be used to track the operation status.

Store scope in async

No store code: default store (global values for creates, default store for updates)
Specific store code: updates only that store view
all: updates across all store scopes

Examples

Get products with sorting:

action: call
method: GET
endpoint: /V1/products
query: {"searchCriteria[pageSize]": 3, "searchCriteria[sortOrders][0][field]": "name", "searchCriteria[sortOrders][0][direction]": "ASC", "fields": "items[sku,name,price],total_count"}

Update a product:

action: call
method: PUT
endpoint: /V1/products/SKU-001
body: {"product": {"name": "New Product Name"}}

Create a CMS block:

action: call
method: POST
endpoint: /V1/cmsBlock
body: {"block": {"identifier": "test-block", "title": "Test Block", "content": "<p>Hello</p>", "active": true}}

Access control​

Actions​

list_endpoints​

schema​

call​

Recommended workflow​

Store scoping​

Search criteria​

Async operations​

Single async​

Bulk async​

Store scope in async​

Examples​