Is it possible to add a new API endpoint that uses WooCommerce's authorization?
I need to add an API endpoint in my WordPress plugin that will write to the database, etc. I want it to be triggered by a remote system that will call this new API.
However, I'd like to use the built-in WooCommerce REST authentication, the auth set up here:
(And no, those credentials don't work, anymore).
Is there a way to do this? To add a custom HTTP endpoint that will use the auth from WooCommerce and then run some arbitrary code that I want to run?
Or is there a way to add a hook on an existing WooCommerce API endpoint to run before that endpoint executes? I just need a way to use the existing WooCommerce REST API auth to trigger some updates I need to run in my plugin.
You can add a route under the Woocommerce endpoint to use this key/secret authentication system.
Here's a working example:
add_action('rest_api_init', function () {
register_rest_route('wc', '/test', [
'methods' => 'GET',
'callback' => 'my_awesome_func',
]);
});
function my_awesome_func(WP_REST_Request $request)
{
if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
//your stuff only for legged in user 123
return new WP_REST_Response('ok', 200);
}
return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response
}
This will:
- add a new GET route under the "wc" endpoint (woocommerce one), so
https://example.com/wp-json/wc/test - you then use "HTTP Basic auth" to pass your key and secret as per Woocommerce documentation
- the results of
is_user_logged_in()andwp_get_current_user()will depend on the correct combination of key/secret. If correct, a the associated user will be "authentified" as for Wordpress. - if correct combination you'll get
[true, WP_user_object], if incorrect key[false, Empty_user_object]. - If correct key and incorrect secret, a 401 will be thrown (not the one in my example, another 401 by woocommerce.
my_awesome_func()is not reached in this case. I believe it's like wp-login, custom error message when correct login (key), nice ^^')
You then need to secure your route by your rules:
- Checking if user is logged in like
if(!is_user_logged_in()) return false - Checking user ID
wp_get_current_user()->ID - Checking by your role/permission system
- now that you have user ID, you do what you want with it
- use the
WP_REST_Request $requestparameter to handle GET or POST HTTP parameters.
So it could look like:
add_action('rest_api_init', function () {
register_rest_route('wc', '/test', [
'methods' => 'GET',
'callback' => 'my_awesome_func',
]);
});
function my_awesome_func(WP_REST_Request $request)
{
if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
//your stuff only for legged in user 123
return new WP_REST_Response('ok', 200);
}
return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response
}
It seems there may be proper ways to add a Woocommerce REST API endpoint (couldn't find proper documentation about it...). But I tested this and it worked, at least to use the Woocommerce key/Secret authentication system, which I believe is applied under the /wc/ endpoint.
Note: careful adding routes to the wc endpoints, as you may override an existing route endpoint. Eg: adding /product/mytest could conflict with an official Woocommerce route that handles /product/[product_id].
Note 2: I first tested with a custom WordPress REST API route, and passing Woocommerce key/secret to see if WordPress could see me correctly authenticated and identified. But it didn't work (WP uses the core API auth system). So I moved to the Woocommerce API endpoint.
Note 3: You could achieve the same using the Wordpress REST API with a custom route, and a "machine to machine" authentication plugins like Oauth, application password, JWT... like described on WP REST API authentication documentation page.
- Highlight order in admin dashboard in woocommerce with specific shipping method
- Add customer message upon order change to processing based on conditions in WooCommerce
- Get Order Notes from a Woocommerce Order / WC_Order object?
- WooCommerce - Can't remove items from cart
- WooCommerce Progressive discount based on cart subtotal if there are no discounted items
- How to update user role after woocommerce order for a free item
- Adding a hook to Remove item in a woocommerce cart
- Exclude multiple product IDs from WooCommerce coupons in an efficient way
- How to Use Attributes Default Display Order for get_available_variations() Loop on Product Page?
- Checking if WooCommerce is active and what version is used
- Replace add to cart button for unlogged users in WooCommerce
- How to display an ACF field in WooCommerce product category archive pages
- Disable WooCommerce admin Features
- Shortcode displaying the product name and price in WooCommerce product page
- Change Orders Currency in WooCommerce via a SQL query
- Minimum number of characters for password, Wordpress
- How to Get Attribute Term IDs for Filtering Products in WooCommerce API with Angular?
- How to sum the additional fees of added product ID's in WooCommerce cart
- Get all product categories in WooCommerce
- Trigger woocommerce_update_product or woocommerce_process_product_meta hook on product meta update
- WP Query to identify future dated Woocommerce products with custom meta date field
- Remove "Choose an option" from variable product dropdowns in Woocommerce 3
- Customize displayed products on Woocommerce Storefront home page
- Unable to programmatically update WooCommerce "Sent From" address
- Add search form to WooCommerce My Account > Orders page to query specific order data
- Add Product brand taxonomy term above product title in WooCommerce
- Why are some checkout hooks not working in WooCommerce?
- Replace specific currency symbol on all WooCommerce HTML formatted prices?
- Remove item with $product_id - Woocommerce
- Display currency symbol in WooCommerce product depending on ACF result