WooCommerce is one of the best-known shopping carts that, accordingly to the latest stats, powers over 30% of all online shops. Integration with this superb platform can be an excellent opportunity for inventory and order management, email marketing, accounting system and other software providers.
This article will provide you with the basic information about WooCommerce REST API structure and will help you understand how to work with it. Before we begin, remember that the REST API is only available in version 2.1 or greater, so if you’re on an older version you’ll need to upgrade first. Now, let’s get started!
WooCommerce REST API Overview
The REST API is read-only, with the exception of a single endpoint for updating order status. Data is available in either JSON (default) or XML format. There are 5 primary resources, each with a related set of endpoints:
The API can be accessed at https://www.example.com/wc-api/v1 — note the v1 version which takes a first-order position in every endpoint URL. This will only change for major releases and backward compatibility is planned for at least one major version back, so you can safely build integrations against the version without worrying about a newer version of WooCommerce breaking your code.
You can access the API over HTTP or HTTPS. I strongly recommend using HTTPS wherever possible, as it makes authentication significantly easier. The API Index will indicate if the site supports SSL or not.
WooCommerce REST API Responses
The default response format is JSON, which can be changed to XML by setting the HTTP ACCEPT header to application/XML. A successful request will return a 200 OK HTTP status, while unsuccessful responses will return non-200 statuses — a detailed listing of errors is available in the REST API documentation.
There are two ways to authenticate with the API, the easy way (over HTTPS) or the hard way (over plain HTTP using OAuth). If you’re developing an integration designed to work with any WooCommerce store, you’ll need to support authentication schemes, as you can’t guarantee that every store will have SSL enabled. The API Index endpoint will indicate if the site supports SSL.
With that in mind, login into your WP-Admin and go to your user profile to generate your API keys. You should see something like this:
Keys inherit the permissions of the user that generates them, so if you’d like to have more granular control over the permissions you can create a new user specifically for the API.
Simply use HTTP Basic Auth by providing the API Consumer Key as the username and the API Consumer Secret as the password:
$ curl https://www.example.com/wc-api/v1/orders -u consumer_key:consumer_secret
If you’re manually setting the HTTP Authorization header, remember that you must Base64 encode the keys first, like so:
PHP > $authorization = base64_encode( $consumer_key . ‘:’ . $consumer_secret );
Over HTTP with OAuth
HTTP Basic authentication cannot be used over plain HTTP as the keys are susceptible to interception. The API uses OAuth 1.0a “one-legged” authentication to ensure your API keys cannot be intercepted. This process involves generating a signature and including it with your request. The API then generates it’s own signature and compares it to the one provided. If they match, the request is authenticated.
The process for generating this signature is not difficult, but it must be followed exactly. The best way is to use an existing library in your language of choice to handle OAuth authentication. If you’re a glutton for punishment and want to generate the signature manually, have a look at RFC 5849 which describes how to generate the signature.
Most API endpoints accept optional parameters passed as HTTP query string parameters, e.g. GET /orders?status=completed — but the most important parameter is the filter parameter. This parameter is used for date filtering, searching, and pagination. See the full list, along with examples, in the REST API documentation.
The API index provides information about the store, as well as a listing of available endpoints. No authentication is required to access the index. The most important property is ssl_enabled which will indicate if SSL is available or not. A sample response is available in the docs.
How to Get Started with WooCommerce REST API?
In order to start working with WooCommerce REST API, you have to enable it. You can do it by simply visiting WordPress Admin page > Settings > General tab and ticking the appropriate checkbox.
The WooCommerce REST API supports the JSON format, as a default, but you can easily change it to the XML. It works with such four main HTTP methods as GET, POST, PUT, and DELETE. But there is one more – HEAD. It сan be used to return just the HTTP header information. Thanks to these methods you can operate with information on products, orders, inventory, customers and their addresses.
In order to make API calls, you’ll need to pass by the process of authentication. Thus, the system recognizes your identity and allows you to access the API resource. There are two possible ways to authenticate with WooCommerce REST API such as one legged OAuth 1.1 and simple HTTPS authentication. The method you’ll choose depends on whether your site supports SSL certificate or not. But shopping platform developers recommend using HTTPS authentication if it’s possible, as it is easier to work with.
To summarize all the mentioned above, WooCommerce REST API allows you to get access to the data of a particular online store and extract information on orders, customers, products, categories, etc. Integration with WooCommerce can open a plenty of possibilities for your business, but it requires much time, money and considerable efforts to be done. If you have any questions about this, please feel free to ask me at the comment section below!