Retrieving Protected Resources

Edit on GitHub

Shop owners can decide which resources are available to unauthenticated customers, and which of them they are not allowed to view. In Spryker Frontend, this is done via the Managing Customer Access Feature. On the REST API side, the capability is supported by the Customer Access API. The API allows protecting resources from access by unauthorized customers and also provides an endpoint that returns a list of resources protected from unauthenticated access.


An attempt to retrieve any of the resources protected by the API without authentication will result in a 403 Forbidden error.

In your development, the API will help you to protect certain resources from guest access, as well as perform pre-flight checks to avoid accessing endpoints that a guest user doesn’t have sufficient permissions to view.


For detailed information on how to enable the functionality and related instructions, see Glue API: Customer Access Feature Integration.


To retrieve a list of protected resources, send a GET request to the following endpoint:



Request sample: GET


If the request was successful, the endpoint returns the types of API resources that should not be accessed without proper authentication.

Response Attributes

Field* Type Description
resourceTypes String[] Contains a string array, where each element is a resource type that is protected from unauthorized access.

*The fields mentioned are all attributes in the response. Type and ID are not mentioned.

Sample Response

    "data": [
            "type": "customer-access",
            "id": null,
            "attributes": {
                "resourceTypes": [
            "links": {
                "self": "
    "links": {
        "self": "