To integrate Magento (Adobe Commerce) with Lovable, create Supabase Edge Functions that authenticate with your Magento REST API using an Integration access token and proxy product catalog, cart, and customer data to your React storefront. Store the Magento access token in Cloud Secrets. This makes Lovable a headless React frontend for enterprise Magento stores.
Use Lovable as a Headless React Frontend for Enterprise Magento Stores
Magento (Adobe Commerce) is the platform of choice for enterprise retailers managing thousands of SKUs, multiple storefronts, complex B2B pricing rules, and advanced inventory management. Its default frontend, however, is built on an aging PHP stack that can be slow to customize and difficult to modernize. The headless commerce approach — keeping Magento as the backend system of record while replacing the frontend entirely — gives enterprise teams the best of both worlds.
Lovable is an excellent choice for the headless frontend layer. Its AI-assisted React development lets non-technical team members build and iterate on the storefront rapidly, while the Supabase Edge Function infrastructure handles the complex authentication requirements of Magento's REST API. Magento's REST API at /rest/V1/ exposes all commerce data including configurable products with all their options and variant combinations, customer accounts and address books, cart and checkout flows, order history, and the full category tree.
This guide covers the Magento Open Source REST API, which is compatible with Magento 2.3+ and Adobe Commerce 2.4+. The authentication approach uses Magento Integrations — a server-side access token mechanism that is simpler and more secure than managing OAuth flows or admin user credentials. For multi-store setups, Magento REST API supports a store code parameter in the URL path that lets a single Edge Function serve multiple stores from one integration.
Integration method
Magento integration in Lovable uses Supabase Edge Functions to proxy requests to your Magento instance's REST API at /rest/V1/. An Integration access token generated in your Magento admin is stored encrypted in Cloud Secrets and passed as a Bearer token in all API requests. The Edge Function handles routing between Magento REST endpoints for products, categories, customers, cart, and orders, returning JSON data to your React components.
Prerequisites
- A Magento 2.x or Adobe Commerce instance with admin access (Magento Open Source or Adobe Commerce)
- Magento REST API enabled (it is on by default in Magento 2.x)
- Your Magento store accessible over HTTPS from the public internet — Supabase Edge Functions cannot reach localhost
- A Lovable project with Lovable Cloud enabled
- Understanding of your Magento store's product structure, especially if you use configurable, grouped, or bundled product types
Step-by-step guide
Create a Magento Integration for API access
Create a Magento Integration for API access
In your Magento admin panel, navigate to System → Extensions → Integrations. Click 'Add New Integration' in the top right. On the New Integration form, enter a name like 'Lovable Headless Frontend' and your admin password in the 'Your Password' field (Magento requires this to confirm the integration creation). On the API tab, select the resources your Lovable integration needs access to. For a read-only storefront, select: Catalog (Products, Categories, Product Attributes), Stores (Store Information, Store Configurations), and optionally Customers and Orders for authenticated features. For a full-featured storefront with cart and checkout, also select Cart and Checkout. Click Save. Magento will generate four tokens: Consumer Key, Consumer Secret, Access Token, and Access Token Secret. For simple Bearer token authentication, you only need the Access Token — copy it immediately. The Access Token is a persistent token (unlike OAuth user tokens, it does not expire unless you revoke the integration). This is the token you will store in Cloud Secrets for all API requests.
Pro tip: The Access Token from a Magento Integration is a long-lived credential. Treat it like a password — rotate it if you suspect it has been exposed, and use the minimum required permissions.
Expected result: You have a Magento Integration Access Token copied and ready to store in Cloud Secrets.
Store Magento credentials in Cloud Secrets
Store Magento credentials in Cloud Secrets
Open your Lovable project and click the '+' next to the Preview panel to open the Cloud tab, then find the Secrets section. Add two secrets: MAGENTO_ACCESS_TOKEN with your Integration Access Token value, and MAGENTO_BASE_URL with your Magento store's base URL — for example https://mystore.com — with no trailing slash. The MAGENTO_BASE_URL value is used by the Edge Function to construct API calls like MAGENTO_BASE_URL + /rest/V1/products. If you run multiple Magento stores, you can also add a MAGENTO_DEFAULT_STORE_CODE secret for the default store code used in multi-store URL patterns (/rest/{store_code}/V1/). These secrets are encrypted at rest, protected by Lovable's SOC 2 Type II and ISO 27001:2022 certified infrastructure, and accessible only from server-side Edge Functions via Deno.env.get(). Lovable's automated security layer blocks approximately 1,200 hardcoded API keys daily — storing your Magento access token in Cloud Secrets ensures it stays protected.
Pro tip: For Magento multi-store setups, also add a MAGENTO_STORE_CODE secret (e.g., default or us_en). Your Edge Function can use this to build store-specific URLs like /rest/{storeCode}/V1/products.
Expected result: MAGENTO_ACCESS_TOKEN and MAGENTO_BASE_URL are stored in Cloud Secrets.
Create the Magento REST API proxy Edge Function
Create the Magento REST API proxy Edge Function
Ask Lovable to create a Supabase Edge Function that authenticates with Magento's REST API and proxies requests to the correct endpoints. The Edge Function should read MAGENTO_ACCESS_TOKEN and MAGENTO_BASE_URL from Deno.env.get(), accept a 'path' query parameter specifying the Magento REST endpoint (e.g., /rest/V1/products or /rest/V1/categories), include the Authorization: Bearer header with the access token on all requests, handle both GET requests (for fetching data) and POST/PUT requests (for cart operations), forward query parameters like searchCriteria to Magento for filtering, and return the JSON response with CORS headers. Magento's REST API uses a searchCriteria query string syntax for filtering: searchCriteria[filter_groups][0][filters][0][field]=status&searchCriteria[filter_groups][0][filters][0][value]=1&searchCriteria[filter_groups][0][filters][0][condition_type]=eq for filtering active products. Your Edge Function should pass these parameters through transparently.
Create a Supabase Edge Function called magento-proxy that proxies requests to my Magento REST API. Read MAGENTO_ACCESS_TOKEN and MAGENTO_BASE_URL from Deno.env.get(). Accept a 'path' query param for the endpoint path (e.g. /rest/V1/products). Add Authorization: Bearer header with the access token. Forward all other query params to Magento. Support both GET and POST methods. Return JSON with CORS headers.
Paste this in Lovable chat
1import { serve } from "https://deno.land/std@0.168.0/http/server.ts";23const corsHeaders = {4 "Access-Control-Allow-Origin": "*",5 "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",6};78serve(async (req) => {9 if (req.method === "OPTIONS") {10 return new Response("ok", { headers: corsHeaders });11 }1213 try {14 const accessToken = Deno.env.get("MAGENTO_ACCESS_TOKEN");15 const baseUrl = Deno.env.get("MAGENTO_BASE_URL");16 const storeCode = Deno.env.get("MAGENTO_STORE_CODE") || "default";1718 if (!accessToken || !baseUrl) {19 return new Response(20 JSON.stringify({ error: "Magento credentials not configured" }),21 { status: 500, headers: { ...corsHeaders, "Content-Type": "application/json" } }22 );23 }2425 const url = new URL(req.url);26 const path = url.searchParams.get("path") || `/rest/${storeCode}/V1/products`;27 url.searchParams.delete("path");2829 const magentoUrl = new URL(`${baseUrl}${path}`);30 url.searchParams.forEach((value, key) => {31 magentoUrl.searchParams.set(key, value);32 });3334 const requestOptions: RequestInit = {35 method: req.method,36 headers: {37 "Authorization": `Bearer ${accessToken}`,38 "Content-Type": "application/json",39 "Accept": "application/json",40 },41 };4243 if (req.method !== "GET" && req.method !== "HEAD") {44 requestOptions.body = await req.text();45 }4647 const response = await fetch(magentoUrl.toString(), requestOptions);48 const data = await response.json();4950 return new Response(JSON.stringify(data), {51 status: response.status,52 headers: { ...corsHeaders, "Content-Type": "application/json" },53 });54 } catch (error) {55 return new Response(56 JSON.stringify({ error: error.message }),57 { status: 500, headers: { ...corsHeaders, "Content-Type": "application/json" } }58 );59 }60});Pro tip: Magento's REST API uses searchCriteria for filtering — these are complex URL-encoded query strings. Pass them through from your React component's fetch call via the Edge Function transparently.
Expected result: The magento-proxy Edge Function is deployed and accessible.
Fetch and render the Magento product catalog
Fetch and render the Magento product catalog
With the Edge Function deployed, ask Lovable to create React components that fetch and display Magento products. Magento's product list endpoint is /rest/V1/products and requires searchCriteria parameters to filter and paginate results. A basic request to fetch 20 active, visible products uses: searchCriteria[filter_groups][0][filters][0][field]=status, value=1, condition_type=eq (for enabled products) and searchCriteria[pageSize]=20. The response is a { items: [...], total_count: N, search_criteria: {...} } structure. Each product in items has sku, name, price, status, type_id (simple, configurable, grouped, bundled), and a custom_attributes array containing all Magento attribute values including description, image, and category assignments. For configurable products, you need to make an additional call to /rest/V1/configurable-products/{sku}/options to get the available options (like color and size), then /rest/V1/configurable-products/{sku}/children to get all simple product variants with their specific prices and attributes. Ask Lovable to handle both simple and configurable product types in the product card component.
Create a MagentoProductCatalog React component that fetches products from my magento-proxy Edge Function. Call the Edge Function with path=/rest/default/V1/products and include searchCriteria for enabled products. Handle the Magento response format with items array. For simple products show image, name, and price. For configurable products (type_id='configurable'), show a color/size selector by fetching options from /configurable-products/{sku}/options.
Paste this in Lovable chat
Pro tip: Magento custom_attributes is an array like [{attribute_code: 'image', value: '/path/to/image.jpg'}]. Write a helper function to extract attribute values by code rather than accessing by index.
Expected result: Magento products display in a React grid with correct handling for both simple and configurable product types.
Implement Magento cart and checkout flow
Implement Magento cart and checkout flow
Magento has separate cart flows for guest shoppers and authenticated customers. For guest cart, POST to /rest/V1/guest-carts to create a cart and receive a cart ID (a random token string). Then add items by POSTing to /rest/V1/guest-carts/{cartId}/items with a payload containing { cartItem: { sku, qty, quote_id } }. For authenticated customers, POST to /rest/V1/carts/mine with the customer's bearer token to create or retrieve their cart, then add items to /rest/V1/carts/mine/items. Store the guest cart ID in localStorage or the customer cart in Supabase session. For checkout, call /rest/V1/guest-carts/{cartId}/shipping-information with address and shipping method, then /rest/V1/guest-carts/{cartId}/payment-information to place the order with a payment method. For complex enterprise checkout flows with multiple payment methods, custom shipping carriers, or B2B quote workflows, RapidDev's team can help architect the full cart-to-order pipeline. After order placement, Magento returns an order ID that you can use to track order status via /rest/V1/orders/{orderId}.
Add cart functionality to my Magento storefront. Create a useCart React hook that manages a guest cart by storing the cart ID in localStorage. Implement addToCart (POST /rest/V1/guest-carts/{cartId}/items), getCartItems (GET /rest/V1/guest-carts/{cartId}), and removeFromCart (DELETE /rest/V1/guest-carts/{cartId}/items/{itemId}) functions that all call my magento-proxy Edge Function. Show a cart icon with item count in the header.
Paste this in Lovable chat
Pro tip: Magento guest cart IDs are session-specific tokens. Store them in localStorage with an expiry check — Magento guest carts expire after a configurable period (default 30 days).
Expected result: Customers can add products to a Magento cart, view cart contents, and remove items, with cart state persisted in localStorage.
Common use cases
Headless product catalog for enterprise retail
Replace Magento's default frontend with a fast React storefront for a large product catalog. The Edge Function proxies Magento's products and categories APIs, handling configurable product options (size, color) and returning structured data that Lovable renders with Tailwind CSS components.
Build a product catalog page that fetches products from my Magento store via an Edge Function calling /rest/V1/products. Handle configurable products by fetching product options and child product SKUs. Display products with image, name, price, and a color/size selector for configurable products. Use the Magento category tree from /rest/V1/categories for sidebar navigation.
Copy this prompt to try it in Lovable
B2B customer portal with custom pricing
Build a customer-specific portal where logged-in B2B buyers see their negotiated pricing, order history, and account information. The Edge Function authenticates with the customer's token (obtained through the customer token endpoint) to access personalized data like customer-specific prices and approved credit lines.
Create a B2B customer portal that authenticates buyers via Magento customer tokens. After login, fetch the customer's order history from /rest/V1/orders and their customer-specific pricing. Display recent orders in a table with order ID, date, total, and status. Show a reorder button that pre-fills the cart from a previous order.
Copy this prompt to try it in Lovable
Multi-store management dashboard
For Magento merchants running multiple storefronts (different brands, regions, or currencies), build a unified management dashboard in Lovable that aggregates orders, inventory, and customer data across all stores using Magento's multi-store API with the store code URL parameter.
Create a multi-store dashboard that shows order totals and new customer counts for each of my Magento stores. Fetch data from /rest/{store_code}/V1/orders for each store code (us_en, uk_en, eu_de). Display a summary card for each store showing today's orders, revenue, and pending shipments. Add a store selector dropdown to drill down into a specific store's orders.
Copy this prompt to try it in Lovable
Troubleshooting
Magento API returns 401 Unauthorized even with correct credentials
Cause: The Integration Access Token may have been revoked, or the Integration's API permissions do not include the endpoint being called. Magento also requires the Authorization header to use Bearer format, not Basic.
Solution: In Magento admin, go to System → Integrations and verify your integration is Active (not Inactive). Check that the integration's API permissions include the resource you are calling. Regenerate the Access Token if needed by clicking 'Reauthorize' on the integration. Ensure your Edge Function uses Authorization: Bearer {token} not Authorization: Basic.
Magento returns 404 for /rest/V1/ endpoints
Cause: The Magento REST API may be disabled, or the URL path is incorrect for your store's configuration. Some Magento installations require the store code in the URL path.
Solution: In Magento admin, navigate to Stores → Configuration → Services → Magento Web API → Web API Security and ensure 'Allow Anonymous Guest Access' is set appropriately. Verify your MAGENTO_BASE_URL does not have a trailing slash. Try the URL directly in a browser: https://yourstore.com/rest/V1/store/storeViews should return store information if the API is working.
Product images return broken or 404 after fetching from Magento API
Cause: Magento product image URLs in the API response are relative paths like /catalog/product/a/b/image.jpg that need to be combined with your store's base media URL, not the API URL.
Solution: Magento media files are served from a different path than the API. Construct image URLs as: MAGENTO_BASE_URL + /pub/media/catalog/product + imagePath. For example, if the API returns /a/b/image.jpg, the full URL is https://yourstore.com/pub/media/catalog/product/a/b/image.jpg. Fetch the exact media base URL from /rest/V1/store/storeConfigs to handle custom configurations.
1const imageUrl = `${baseUrl}/pub/media/catalog/product${product.media_gallery_entries[0]?.file}`;Configurable product variant selection shows wrong price
Cause: Configurable products in Magento have a base price, but individual variant (child product) prices can differ. The parent product price shown in the catalog listing may not reflect the selected variant's actual price.
Solution: Fetch child products for configurable items via /rest/V1/configurable-products/{sku}/children and use the child product's price for the selected variant combination. When the customer selects a color and size, match those attribute values to the correct child product and display that child's price.
Best practices
- Use Magento Integration Access Tokens rather than admin username/password for API authentication — tokens are revocable, can have limited permissions, and do not expose your admin credentials
- Cache Magento category trees and attribute sets in Supabase — these rarely change and fetching them fresh on every page load adds significant latency to a Magento installation
- Handle Magento's complex custom_attributes array with a reusable helper function that extracts attribute values by attribute_code name rather than assuming array positions
- For large Magento catalogs, implement server-side search using Magento's ElasticSearch-backed search API (/rest/V1/search) rather than loading all products and filtering client-side
- Store guest cart IDs in localStorage with expiry timestamps and check validity on page load — create a new cart automatically if the stored cart ID has expired
- Use Magento's store code URL parameter (/rest/{store_code}/V1/) for multi-store support rather than maintaining separate Edge Functions per store
- Review Magento's API rate limiting configuration (configured in Magento's admin under Web API throttling) and implement exponential backoff in your Edge Function if your store has rate limits enabled
Alternatives
PrestaShop is a lighter-weight European-focused platform better suited for small to mid-size stores, while Magento handles enterprise scale with complex product types, multi-store, and B2B workflows.
WooCommerce is better for smaller stores already on WordPress where simplicity matters, while Magento is purpose-built for high-volume enterprise retail with advanced catalog and pricing rules.
Shopify is a native Lovable connector with far simpler setup and is ideal for mid-market stores, but Magento is often required for enterprise teams needing on-premise deployment, custom pricing engines, or ERP integration.
Frequently asked questions
What is the difference between Magento Open Source and Adobe Commerce for this integration?
Both versions use the same REST API structure at /rest/V1/ with the same Integration access token authentication. Adobe Commerce (formerly Magento Commerce) adds additional API endpoints for B2B features, shared catalogs, and company accounts. This integration guide works with both versions — Adobe Commerce simply exposes more endpoints you can proxy through the same Edge Function.
Can I use this integration with Magento 1.x (Magento 1)?
No. Magento 1.x uses a different API architecture (SOAP/REST with different endpoints) and reached end-of-life in 2020. This guide is for Magento 2.x and Adobe Commerce 2.3+. If you are still on Magento 1.x, the API endpoints, authentication method, and response formats are entirely different and require a custom implementation.
How does this integration handle Magento's EAV (Entity Attribute Value) attribute system?
Magento's custom_attributes in product API responses is an array of {attribute_code, value} objects. Write a helper function like getAttr(product, 'meta_title') that searches the custom_attributes array for the matching attribute_code and returns its value. Fetch the full attribute set definition from /rest/V1/products/attributes for a product type to understand what attributes are available.
Can my Lovable storefront handle Magento multi-store without separate Edge Functions?
Yes. A single Edge Function can serve multiple stores by accepting the store code as a parameter and constructing URLs as /rest/{storeCode}/V1/{endpoint}. Pass the store code from your React component based on the user's selected region or language. Store available store codes and their configurations in Supabase to avoid fetching them on every request.
Does this integration support Magento's GraphQL API as an alternative to REST?
Yes. Magento 2.3+ ships with a GraphQL API at /graphql that can be used instead of REST. The GraphQL approach avoids the verbose searchCriteria syntax and lets you request exactly the fields you need, reducing response sizes. Update your Edge Function to POST GraphQL queries to the /graphql endpoint with the Authorization header for authenticated operations.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation