similar question has been asked before however I am not sure if the proposed solutions can be applied in my case. I have generated consumerKey and consumerSecret as per the woocommerce api documentation. I have confirmed that I can get the results using these keys by calling the below url in the webbrowser:
https://mywebsite.com/wp-json/wc/v2/products?consumer_key=ck_blahblah&consumer_secret=cs_blahblah
However, when I execute the same api call in the postman, using GET and correctly replacing user-> consumerKey and pass -> consumerSecret I always get 401 : woocommerce_rest_cannot_view. I have tried both http and https with the same error. Any ideas?
Use this plugin https://github.com/WP-API/Basic-Auth and when you call the API use the Basic Authentication using the username and password.
Woo Commerce uses a diferent authentication method for HTTP and HTTPS.
So, if "HTTPS" = 1 is not being passed by Apache/Nginx to you code it will enforce the HTTP method.
Do a double check if this "HTTPS" is passed to your PHP:
Open the file: ./wp-includes/load.php
Search for "is_ssl"
Insert a "echo 'test_beg'; echo $_SERVER['HTTPS']; echo
'test_end';
Do a request on the API
If it return test_beg and test_end without "on" or "1" in the
middle, the HTTPS is not being passedList item
It can happen when using a reverse proxy, so, you could need to insert "SetEnvIf HTTPS on HTTPS=on" on your httpd.conf (if using Apache).
I hope it helps :)
(remember to delete these 'echo' on load.php)
Related
I'm attempting to use the REST API provided by WooCommerce to generate the Customer Secret and Customer Key values so that it could be used to invoke other WooCommerce REST APIs. I referred the documentation about generating the key values and managed to get it working using a mock endpoint in Postman used for the call_back URL in the API as mentioned in the document.
I created a POST service in my backend server and managed to setup a SSL certificate in the local environment with a domain mapped in hosts file in /etc directory. I ran the backend service and invoked the callback url through Postman and it worked. Then I used that as the call_back URL in the actual WooCommerce Auth endpoint to programatically generate the keys and save it in my DB. But I'm getting
"Access Denied" - Error: A valid URL was not provided..
When I checked the browser through devtools -> network noticed that there is a 401 Unauthorize error.
Here is the sample GET URL that is uesd for WooCommerce API key generation
http://localhost/woocommerce/wc-auth/v1/authorize?app_name=<SOME_NAME>&scope=read_write&user_id=36&return_url=http://localhost/woocommerce/&callback_url=https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
callback_url = https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
When the callback_url is a mock url generated using Postman it works fine
callback_url = https://513ca6ab-db16-4635-8d0b-9159e3b1e187.mock.pstmn.io/api/services/app/woo_commerce_auth/6/callback
Any clue why this happens, I could not find a way to troubleshoot this issue. Appreciate the help.
Hi posting this for future reference, and hope it would help others who face this problem as well.
Things to keep in mind when setting the callback_url,
Non HTTPS URL endpoint are not allowed.
URL should not be a localhost url (e.g localhost/callback would give an invalid URL error)
URL should not contain port number (e.g localhost:4320/callback or foo.bar.dev:4892/callback are invalid)
Callback URL should be a POST url
If an error such as Error: An error occurred in the request and at the time were unable to send the consumer data. is given after checking all the above check the backend service code related to the callback_url (I had a 500 server error which triggered this, it was not a WooCommerce issue)
Also a tool such as ngrok would be really helpful to setup an HTTPS endpoint in your local environment to test this.
I want to make requests to the Woocommerce REST API to check the status and update products. My Wordpress install uses plain permalinks, because the frontend is built in React, which renders on the static homepage. Therefore I need all queries to be passed to the homepage, so that my React router can handle the request (If I set permalinks to pretty, the wordpress router will guide any request that's not the homepage and it won't reach the React router).
I'm using ssl and I set up a consumer key and secret. I can make requests successfully if I set permalinks to pretty. However, I need to make queries like this:
https://example.com/?rest_route=/wc/v3/products
I tried passing the consumer secret and key as extra parameters:
https://example.com/?rest_route=/wc/v3/products&consumer_key=xxx&consumer_secret=xxx
but this doesn't work. I also tried to pass them as headers in my manual curl request in php. I also tried to make the request using curl from the command line. All of these methods work when I use the approach outlined in the documentation using pretty permalinks, but with permalinks to plain they all cause 401 responses stating I'm not authenticated.
Is there any way around this, or do I just need to make custom endpoints?
The documentation (woocommerce.github.io) says:
To use the latest version of the REST API you must be using:
...
Default permalinks will not work.
(emphasis theirs)
For the "Legacy API" the following works:
mywebsite.com/index.php?wc-api-version=1&wc-api-route=/products/1234
From:
add_rewrite_rule( '^wc-api/v([1-3]{1})(.*)?', 'index.php?wc-api-version=$matches[1]&wc-api-route=$matches[2]', 'top' );
in
class-wc-legacy-api.php:80
WC_Legacy_API::add_endpoint()
If you wanted, you could register your own rewrite rule and inside it do something like:
$rest_server = rest_get_server();
$request = new WP_REST_Request( 'GET', '/wc/v3/products' );
$response = rest_do_request( $request );
return...
I just created a WooCommerce site, and when I try to get json data it displays error 401. I tried to access it through postman with basic auth, and through the link:
(mysite)/wp-json/wc/v2/products?consumer_key=XXXX&consumer_secret=XXXX
with keys that I have generated in WP. In both cases I am getting the same error.
Config:
legacy api enabled,
WC version 3.4.5,
WP version 4.9.8,
localhost server by Ampps.
Kindly use "Authorization" (besides the Parameter tab in Postman) choose Oath 1.0, then enter the consumer_key & consumer_secret then click the "SEND" button. That will work!
Add this to top of your htaccess file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
solved:
the new legacy api has a different url to access woocommerce:
(mysite)/wc-api/v2/...
for more details: https://woocommerce.github.io/woocommerce-rest-api-docs/v3.html?javascript#
The default redirect uri in the oauth_app() function of the httr package is: http://localhost:1410/. I tried switching to https://localhost:1410/, but the authentication flow cannot be completed. I'm curious to know if it's possible to use HTTPS as the redirect uri. The Instagram API mentions this :
The one thing to keep in mind is that all requests to the API must be
made over SSL (https:// not http://)
But then their example goes on to use an http callback registered redirect uri. I assume the answer is not really httr specific, but here is a reproducible example using Google OAuth 2.0:
library(httr)
key <- "526767977974-i8pn4vvaga2utiqmeblfnpakflgq964n.apps.googleusercontent.com"
secret <- "tNJixXCExE30f_ARBzb6e4hC"
myapp <- oauth_app("google", key, secret, redirect_uri='https://localhost:1410/')
token <- oauth2.0_token(oauth_endpoints("google"),
myapp,
scope=c("https://www.googleapis.com/auth/drive"))
I have the same issue with facebook forcing strict https redirect url. I believe the solution is somewhere in httr::oauth_listener , haven't been able to figure that out yet.
Edit 1 : So in facebook / instagram setting will have to specify https://localhost:1410/. So when you authenticate it will redirect you to https://localhost:1410/ but since the httpuv server is listening on http://localhost:1410/, so if one can take that URL and replace https with http and reload the flow works. I haven't been able to do it, but trying to work on it.
I have created AccessTokenClientCredential and RefreshAccessToken in OAuth proxy through Apigee tool.
When I tried to access "https://damuorgn-prod.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials&client_id=07VoDotbGhyl3aG8GxjkyXivoTNH9oiQ&client_secret=fb8ZOrAUUSGp3FAv" URL after mentioning client Id and client secret ID, page is empty. It does not displays any error or displays with Token value.
Steps followed to create token from below URL
"http://apigee.com/docs/gateway-services/content/secure-calls-your-api-through-oauth-20-client-credentials".
Please advise.
Regards,
Damodaran
I tried both Test and Prod environment but there was no luck.
I have requested for Curl software installation. Is there any other way to test this URL without Curl software. Your immediate reply is appreciated. Thanks!
Curl https://damuorgn-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials -X POST -d 'client_id=qnYUqb6j3uGraRAh7JF9d651nUXNwMCC&client_secret=mjHIFMcTDCa3YQ6f'
Could you please check on this link from Curl software ?
It looks like there may be a couple of issues:
When I try your URL, I get a "CLASSIFICATION_FAILURE" error - which means the proxy can't be found. I noticed that you're using "damuorgn-prod.apigee.net" when you might have deployed your proxy to the test environment, and meant to use: "damuorgn-test.apigee.net".
In step 5.2 of the document you referenced, it says to use POST instead of GET. So you might try this:
curl https://damuorgn-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials -X POST -d 'client_id=07VoDotbGhyl3aG8GxjkyXivoTNH9oiQ&client_secret=fb8ZOrAUUSGp3FAv'
(When I try this, I get an "invalid client id" error, but maybe that client_id is no longer valid?)
Hope that helps,
Scott