Categories
Core

API Settings and the API Authentication Endpoint in 2.4

API Settings

In WooCommerce 2.4 we now have a tab in the settings dedicated to our Rest API. Previously these options were scattered around in the general and webhooks tab and user pages. These are now grouped.

woocommerce-api-settings

In addition, API keys are no longer found within each user profile. Everything is grouped and a user can have multiple API keys. Previously a user could only have 1 key.

woocommerce-keys-apps

In 2.4 it’s easy to organise your keys and know what each key was generated for and when it was last used.

We also did some security updates to generate hashes from the new keys. Keys can only be viewed at the time they are generated:

woocommerce-api-new-keys

API Authentication Endpoint

Our authentication endpoint allows easy integration between WooCommerce and Apps, since the API keys are created with just one click from the store manager.

woocommerce-auth-endpoint

This facilitates the integration, especially for Apps on mobile devices.

To generate a URL for our authentication endpoint is quite simple.

You must use our new /wc-auth/v1/authorize endpoint and pass the following parameters as query string:

  • app_name – Your app name
  • scope – Level of access. Available: read, write and read_write
  • user_id – User ID in your app (for your internal reference)
  • return_url – URL that will be used for receive the user back
  • callback_url – URL that will receive the generated API key. Important to note that this URL should be over SSL

Here an example in PHP and soon it will also be available in our REST API docs:

<?php
$store_url = 'http://example.com&#39;;
$endpoint = '/wc-auth/v1/authorize';
$params = array(
'app_name' => 'My App Name',
'scope' => 'write',
'user_id' => 123,
'return_url' => 'http://app.com&#39;,
'callback_url' => 'https://app.com&#39;
);
echo $store_url . $endpoint . '?' . http_build_query( $params );

view raw
index.php
hosted with ❤ by GitHub

By Claudio Sanches

Developer on the WooCommerce team and member of the WordPress Brazilian community.

17 replies on “API Settings and the API Authentication Endpoint in 2.4”

These are great improvements that will be useful in my projects. A big thank you to everyone who worked on it!

Since keys can only be viewed at the time they are generated, what happens existing keys from 2.3?

Liked by 1 person

I have a question.

Before the change, I was able to pull the CK and CS WordPress by using a simple PHP query:
$user = get_user_by( ‘id’, get_current_user_id() );
$consumer_key = $user->woocommerce_api_consumer_key;
$consumer_secret = $user->woocommerce_api_consumer_secret;

Now that the CK and CS is not stored in the USER, how do we go about retrieving that data similar to the method above?

Like

This is great. I just integrated my app with Woo but I have a concern.

When I call this API, it presents me with a login screen first. Is it possible to send username and password through this endpoint, so that it shows the Approve, Deny page directly?

Like

Yes, you can ask the user to copy and paste the API Keys without this authentication endpoint.

Like

Comments are closed.