API Settings
In WooCommerce 2.4 we now have a tab in the settings dedicated to our Rest API. Previously these options were scattered around in the general and webhooks tab and user pages. These are now grouped.
In addition, API keys are no longer found within each user profile. Everything is grouped and a user can have multiple API keys. Previously a user could only have 1 key.
In 2.4 it’s easy to organise your keys and know what each key was generated for and when it was last used.
We also did some security updates to generate hashes from the new keys. Keys can only be viewed at the time they are generated:
API Authentication Endpoint
Our authentication endpoint allows easy integration between WooCommerce and Apps, since the API keys are created with just one click from the store manager.
This facilitates the integration, especially for Apps on mobile devices.
To generate a URL for our authentication endpoint is quite simple.
You must use our new /wc-auth/v1/authorize
endpoint and pass the following parameters as query string:
app_name
– Your app namescope
– Level of access. Available:read
,write
andread_write
user_id
– User ID in your app (for your internal reference)return_url
– URL that will be used for receive the user backcallback_url
– URL that will receive the generated API key. Important to note that this URL should be over SSL
Here an example in PHP and soon it will also be available in our REST API docs:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$store_url = 'http://example.com'; | |
$endpoint = '/wc-auth/v1/authorize'; | |
$params = array( | |
'app_name' => 'My App Name', | |
'scope' => 'write', | |
'user_id' => 123, | |
'return_url' => 'http://app.com', | |
'callback_url' => 'https://app.com' | |
); | |
echo $store_url . $endpoint . '?' . http_build_query( $params ); |
17 replies on “API Settings and the API Authentication Endpoint in 2.4”
Amazing work. One giant leap forward for the API. 🙂
LikeLiked by 2 people
These are great improvements that will be useful in my projects. A big thank you to everyone who worked on it!
Since keys can only be viewed at the time they are generated, what happens existing keys from 2.3?
LikeLiked by 1 person
Will be moved to this new screen, they continued to operate as before, but you’ll not be able to copy them as before.
LikeLike
Thanks. I asked because I tested and got a different behavior. I’ll create an issue.
LikeLiked by 1 person
I just fixed it. Thanks 🙂
LikeLiked by 1 person
Awesome!!!
LikeLike
[…] building apps or other platforms that integrate with WooCommerce will be interested in the API changes in version 2.4. The visual authentication endpoint is a great tool for making connections to […]
LikeLike
[…] A new Visual API Authentication endpoint […]
LikeLike
[…] WooCommerce 2.4 wurde der neue API Authentication Endpoint eingeführt (mehr dazu im WooCommerce Developer Blog). Damit kann der Shopbetreiber mit einem Klick seinen Shop für externe Apps (z.B. Komfortkasse) […]
LikeLike
I have a question.
Before the change, I was able to pull the CK and CS WordPress by using a simple PHP query:
$user = get_user_by( ‘id’, get_current_user_id() );
$consumer_key = $user->woocommerce_api_consumer_key;
$consumer_secret = $user->woocommerce_api_consumer_secret;
Now that the CK and CS is not stored in the USER, how do we go about retrieving that data similar to the method above?
LikeLike
You can’t recover now the consumer key once it has been generated, it turns into a hash.
LikeLiked by 1 person
This is great. I just integrated my app with Woo but I have a concern.
When I call this API, it presents me with a login screen first. Is it possible to send username and password through this endpoint, so that it shows the Approve, Deny page directly?
LikeLike
No and would not be secure sending username and password too.
LikeLike
Thanks. Is there any other way to get API keys? I find that logging in twice (first create user account and log in, then login again to approve via an app not very user friendly.
LikeLike
Yes, you can ask the user to copy and paste the API Keys without this authentication endpoint.
LikeLike
404 error for API doc
LikeLike
We changed the URL: https://woocommerce.github.io/woocommerce-rest-api-docs/
LikeLike