I just created a WooCommerce site, and when I try to get json data it displays error 401. I tried to access it through postman with basic auth, and through the link:
(mysite)/wp-json/wc/v2/products?consumer_key=XXXX&consumer_secret=XXXX
with keys that I have generated in WP. In both cases I am getting the same error.
Config:
legacy api enabled,
WC version 3.4.5,
WP version 4.9.8,
localhost server by Ampps.
Kindly use "Authorization" (besides the Parameter tab in Postman) choose Oath 1.0, then enter the consumer_key & consumer_secret then click the "SEND" button. That will work!
Add this to top of your htaccess file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
solved:
the new legacy api has a different url to access woocommerce:
(mysite)/wc-api/v2/...
for more details: https://woocommerce.github.io/woocommerce-rest-api-docs/v3.html?javascript#
Related
I'm attempting to use the REST API provided by WooCommerce to generate the Customer Secret and Customer Key values so that it could be used to invoke other WooCommerce REST APIs. I referred the documentation about generating the key values and managed to get it working using a mock endpoint in Postman used for the call_back URL in the API as mentioned in the document.
I created a POST service in my backend server and managed to setup a SSL certificate in the local environment with a domain mapped in hosts file in /etc directory. I ran the backend service and invoked the callback url through Postman and it worked. Then I used that as the call_back URL in the actual WooCommerce Auth endpoint to programatically generate the keys and save it in my DB. But I'm getting
"Access Denied" - Error: A valid URL was not provided..
When I checked the browser through devtools -> network noticed that there is a 401 Unauthorize error.
Here is the sample GET URL that is uesd for WooCommerce API key generation
http://localhost/woocommerce/wc-auth/v1/authorize?app_name=<SOME_NAME>&scope=read_write&user_id=36&return_url=http://localhost/woocommerce/&callback_url=https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
callback_url = https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
When the callback_url is a mock url generated using Postman it works fine
callback_url = https://513ca6ab-db16-4635-8d0b-9159e3b1e187.mock.pstmn.io/api/services/app/woo_commerce_auth/6/callback
Any clue why this happens, I could not find a way to troubleshoot this issue. Appreciate the help.
Hi posting this for future reference, and hope it would help others who face this problem as well.
Things to keep in mind when setting the callback_url,
Non HTTPS URL endpoint are not allowed.
URL should not be a localhost url (e.g localhost/callback would give an invalid URL error)
URL should not contain port number (e.g localhost:4320/callback or foo.bar.dev:4892/callback are invalid)
Callback URL should be a POST url
If an error such as Error: An error occurred in the request and at the time were unable to send the consumer data. is given after checking all the above check the backend service code related to the callback_url (I had a 500 server error which triggered this, it was not a WooCommerce issue)
Also a tool such as ngrok would be really helpful to setup an HTTPS endpoint in your local environment to test this.
I've a drupal installation and use RESTer, an firefox plugin for testing. GET localhost/drupal/jsonapi/node/article works.
POST localhost/drupal/jsonapi/node/article
Accept application/vnd.api+json
Content-Type application/vnd.api+json
Authorization Basic uzuzgizgi
Works only if i use the Authorization Basic uzuzgizgi part, even if the resource is available from public by permission, so no problem. If i set the permission to authenticated user the POST is'nt working any more even if i submit the right user:password inside Authorization Basic .... ErrorCode 403 Forbidden. What i'm doing wrong?
similar question has been asked before however I am not sure if the proposed solutions can be applied in my case. I have generated consumerKey and consumerSecret as per the woocommerce api documentation. I have confirmed that I can get the results using these keys by calling the below url in the webbrowser:
https://mywebsite.com/wp-json/wc/v2/products?consumer_key=ck_blahblah&consumer_secret=cs_blahblah
However, when I execute the same api call in the postman, using GET and correctly replacing user-> consumerKey and pass -> consumerSecret I always get 401 : woocommerce_rest_cannot_view. I have tried both http and https with the same error. Any ideas?
Use this plugin https://github.com/WP-API/Basic-Auth and when you call the API use the Basic Authentication using the username and password.
Woo Commerce uses a diferent authentication method for HTTP and HTTPS.
So, if "HTTPS" = 1 is not being passed by Apache/Nginx to you code it will enforce the HTTP method.
Do a double check if this "HTTPS" is passed to your PHP:
Open the file: ./wp-includes/load.php
Search for "is_ssl"
Insert a "echo 'test_beg'; echo $_SERVER['HTTPS']; echo
'test_end';
Do a request on the API
If it return test_beg and test_end without "on" or "1" in the
middle, the HTTPS is not being passedList item
It can happen when using a reverse proxy, so, you could need to insert "SetEnvIf HTTPS on HTTPS=on" on your httpd.conf (if using Apache).
I hope it helps :)
(remember to delete these 'echo' on load.php)
I am using WP REST API in my wordpress blog. I am getting all the post using this link and it works fine. http://www.gmonetix.com/blog/wp-json/wp/v2/posts
But when I want to get a particular post by id such as http://www.gmonetix.com/blog/wp-json/wp/v2/posts/1122 , it shows 403: Error - access to the resource in this server is denied. Please give a solution for it.
You can retrieve single post by id like, this should work,
http://demo.wp-api.org/wp-json/wp/v2/posts/?filter[p]=1122
This URL gives response,
http://www.gmonetix.com/blog/wp-json/wp/v2/posts/?filter[p]=1122
I had the same issue. You can try disabling mod_security on your server or making an exception for mod_security for the REST endpoints. Also you can try WordPress on your local server and confirm issue.
I am using 'omniauth-linkedin-oauth2'.
When I am login with linkedin then I am getting this error
Invalid redirect_uri. This value must match a URL registered with the API Key.
This is my settings:
Went back to LinkedIn developer site (https://www.linkedin.com/secure/developer ) to check my setting again. Everything matches API Key, Secret Key and OAuth 2.0 Redirect URLs.
Searched web looking for some clues. Couldn’t find a one. Crazy issue:
Then I saw that in the URL Owin was appending some extra string to the redirect_uri “signin-linkedin”. When I decoded the URL I saw this http://localhost:54307/signin-linkedin . I took this URL and placed it in the OAuth 2.0 Redirect URLs field in the LinkedIn developer site.
This link is helpful for me
https://naveengopisetty.wordpress.com/2014/09/15/linkedin-oauth-2-0-issue-invalid-redirect_uri-this-value-must-match-a-url-registered-with-the-api-key/
You can just look in url that you are getting that error message on.
eg. if you are using python's social auth the url would look like this:
https://www.linkedin.com/uas/oauth2/authorization?scope=r_basicprofile+r_emailaddress&state=XXXXXX&redirect_uri=http://example.com.au/sa/complete/linkedin-oauth2/&response_type=code&client_id=YYYYYYY
so you would use this part of the above url for the redirect url
http://example.com/sa/complete/linkedin-oauth2/
please check your redirect_url. for my case I see like this.
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=77k93y0w31zaey&redirect_uri=http%3A%2F%2Flocalhost%3A1729%2Fsignin-linkedin&scope=r_basicprofile%2Cr_emailaddress&state=nhAC-nR-CgEwO3XS2ezANhuPBMz-IUmLPJYgGHlZvZ8B1pCfsGBU0PR0dZ5XxE4zbyeI0RLcKByqPLKkgQdqMm4s6DjFYqMCEehYA2iWT9MfioEHjPXGCt2USxUTF0wKBpflCUjG5URVlJa3qI7U3ydFOErZ4Hhnr9SVmKdf1bithYfbOqBx345o8LQLexbddQ687vP6y0szrIyCM6FHip1tCpOY3Hgg5FJQEFH1mCJ_yLunD5vDUN4VVfkQbcjk
for this I add the url for OAuth 2.0 Authorized Redirect URLs:
http://localhost:1729/signin-linkedin
where http://localhost:1729 =base url and
signin-linkedin = the string which add after base url
One more solution is to just verify the client_id you've been using the whole time..because with every update in the list of redirect_uri, the client_id gets updated.
Worth mentioning when one uses libraries to handle oauth: some libraries fail to care about the protocol that is used (or at least require further parametrization). Eg, I gave Linkedin https://example/callback as oauth2 url, but the library sent the request with http://example/callback as parameter.
I had this when trying to authorise from a zurb Reveal modal popup. In my case, the issue was the URL for the page that was being displayed in the popup was not in my OAuth2 Redirect URLs list on the LinkedIn developer site.
That was easy to miss because the page URL from the page in the modal is not the URL that was currently showing in the browser's address bar. Once I added the URL for the page being shown in the pop up it worked.
After spending hours i finally get to the solution. You got an error no issues just check the url and find redirect_uri. Copy and Paste it's value it in your linkedin dev account oauth2 redirect field.
Make sure to add both with and without trailing '/' as redirect url.
http://localhost:8000/oauth/complete/linkedin-oauth2
http://localhost:8000/oauth/complete/linkedin-oauth2/