Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce. #7

Open
StarkSoftware opened this issue Jul 22, 2020 · 25 comments
Open

Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce. #7

StarkSoftware opened this issue Jul 22, 2020 · 25 comments

Comments

@StarkSoftware
Copy link

Hi i have this issue.

Did i must install some plugin or change settings on my woocommerce ?

The libs i the 0.9.6

Tnk's
@RayOkaah
Copy link
Owner

What is the endpoint being called?

@StarkSoftware
Copy link
Author

StarkSoftware commented Jul 22, 2020
edited
Loading

POST https://www.mysite.com/wp-json/wc/store/cart/items

{"code":"woocommerce_rest_missing_nonce","message":"Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.","data":{"status":401}}

@RayOkaah
Copy link
Owner

I can see this is a woo commerce error, but the cart management is not handled by woocommerce, as it has no means of handling that, so you should not be getting any woocommerce related error on cart. Which of the plugin's function was called?

@StarkSoftware
Copy link
Author

Hi, my issue is this : #2
Your wrote that is solved in 0.9.5 but for me not work

@StarkSoftware
Copy link
Author

Hi, nothing to do. It’s not work. I have the nonce key with the library that you have send me, I add on headers but now I receive invalid nonce.

Did you have a sample code to fix this issue ?

@RayOkaah
Copy link
Owner

RayOkaah commented Jul 24, 2020
edited
Loading

Hi. Pls share code. Adding to cart does not use woocommerce api. So a woocommerce auth error is unlikely.

@FirasAjjour
Copy link

Hi I am sorry it's my bad, the solution is based on WooSignal extension on WooCommerce, which is a paid service, by using this service i got the nonce and send it to the method in WooCommerce api, but i am still looking to find something can help to fetch nonce from wordpress. btw all founded method used some javascript libraries for that, i cannot find the url to get the generated nonce.

@themumy10
Copy link

Is this issue resolved with new update?

@themumy10
Copy link

I m still getting
{"code":"woocommerce_rest_missing_nonce","message":"Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.","data":{"status":401}} error
In your code we are posting a request but header section only contains Auth data which is Bearer djksajlkdjlskajdlka
But server asks us to send : X-WC-Store-API-Nonce data which is created by server side. We need this nonce data. and send it to server.
I tried addto mychart method with 0.9.7 but still having this issue.
Note i m logging in with a pre-created user with wordpress.

@tavindersingh
Copy link

Did anyone found the solution for this?

@themumy10
Copy link

Not yet sorry. We need nonce data from server. To achieve this i guess we must write a function to functions.php manually.
wp_create_nonce() function is what we need. But i dont know how

@akfaisel
Copy link
Contributor

akfaisel commented Sep 8, 2020

I too stuck at this error :(

@akfaisel
Copy link
Contributor

akfaisel commented Sep 8, 2020

It looks like the endpoint /wp-json/wc/store/cart/items does not exist. Is it possible to integrate with co-cart plugin - https://wordpress.org/plugins/cart-rest-api-for-woocommerce/?

I tried with Postman and it is working. But I don't have an idea to link it with this woocommerce flutter plugin.

@akfaisel
Copy link
Contributor

akfaisel commented Sep 8, 2020

According to this documentation https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/a404e5b24814240f15e50aa4f983b787bb9b36f1/src/StoreApi/docs/cart.md#add-item, nonce token needs to be included with the header. It can be generated by wp_create_nonce( 'wc_store_api' ) but I don't have any idea to do this. I'm a new born WP user, just 1 week old :).

@nsubash38
Copy link

I am having the same issue. Please help !

@yashz05
Copy link

yashz05 commented Oct 19, 2020

#26 (comment)

@siman302
Copy link

siman302 commented Jan 5, 2021

I have the same issue, anyone there who can solve it.
Or
there is another way to do it.

@satya-prakash-dash
Copy link

"message": "Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.",
"data": {
"status": 401
}
I still facing this problem ,
After showing this issue I put
X-WP-Nonce - WPAPI.nonce in the header but still get the same problem .
If any one have the solution then please comment here.

@andreyc0d3r
Copy link

andreyc0d3r commented Mar 26, 2021
edited
Loading

The reason why you are seeing the error is due to API requiring not just any nonce, but a specific one.

Don’t just pass the value return from wp_create_nonce(‘my-string’), the value has to come from wp_create_nonce( ‘wc_store_api’ )

you can read more about it here:

https://digitalapps.com/woocommerce-rest-api-cart-endpoint-error/

@anishmjn3
Copy link

getxwcStoreAPINonce = () => {

const { item, token, billing, shipping } = this.props.route.params;

axios({
  method: "POST",
  url: `${apiUrl}wp-json/wc/store/checkout?consumer_key=${consumerKey}&consumer_secret=${consumerSecret}`,
  headers: {
    "Authorization": "Bearer " + token,
  },

  data: {
    "billing_address": billing,
    "shipping_address": shipping,
    "payment_method": "bacs"
  },
  dataType: "json",
  contentType: "application/json; charset=utf-8",
  complete: function (response) {
  }
}).
  then((res) => {
    { console.log(item) `}`
  })
  .catch((err) => {
    this.setState({ XWCSTOREAPi: err.response.headers["x-wc-store-api-nonce"] })
    this.setState({ apikeyfound: false })
  })

}

checkout = (billing, shippping, token, navigation) => {

axios({
  method: "POST",
  url: `${apiUrl}wp-json/wc/store/checkout?consumer_key=${consumerKey}&consumer_secret=${consumerSecret}`,
  headers: {
    "Authorization": "Bearer " + token,
    "X-WC-Store-API-Nonce": this.state.XWCSTOREAPi,
  },
  data: {
    "billing_address": billing,
    "shipping_address": shippping,
    "payment_method": payment_method[this.state.payment],
    },
  dataType: "json",
  contentType: "application/json; charset=utf-8",
  complete: function (response) {
    console.log(response);
  }
}).
  then((res) => {
    console.warn(res);
    if (this.state.payment == 1) {
      navigation.navigate("KhaltiVerfication", { item: res.data, token: token })
    }
    else
      Alert.alert(
        "Successful",
        "Your Order has been placed",
        [
          {
            text: "OK",
            onPress: () => { navigation.navigate('Home'); },
            style: "cancel",
          },
        ]
      )
  })
  .catch((err) => {
    Alert.alert(
      "Error!!",
      "Your Order has not been placed",
      [
        {
          text: "OK",
          style: "cancel",
        },
      ],
      {
        cancelable: true,
      },
    )
    console.warn(err);
    console.warn(err.response.data)
    console.log("Response Status:", err.response.status);
    console.log("Response Headers:", err.response.headers);
  })

}

I used this way ko solve this missing problem. But now I am getting some other errors.

@iNahvi
Copy link

iNahvi commented Jul 6, 2021
edited
Loading

#35
#26

I have noticed, this issue while using this sdk. and after several searches . going through almost all the forked versions of this sdk. it seems some have tried to fix the nonce issue , by either generating a nonce and sending it , or trying to get it from storeapi but to non existing routes. So after going through the original source codes of the storeApi by

https://github.com/woocommerce/woocommerce-gutenberg-products-block.

I found that in the

woocommerce-gutenberg-products-block/src/StoreApi/Routes/AbstractRoute.php
in the code when a get request is made to /wp-json/wc/store/cart/

it would send a response header with X-WC-Store-API-Nonce Created.

if ( 'GET' !== $request->get_method() && ! is_wp_error( $response ) ) { $response->header( 'X-WC-Store-API-Nonce', wp_create_nonce( 'wc_store_api' ) ); }
https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/a404e5b24814240f15e50aa4f983b787bb9b36f1/src/StoreApi/Routes/AbstractRoute.php#L80-L82

After sending requests to the api route /wp-json/wc/store/cart/ through an Api client . it returns as this

parts of the header
x-content-type-options: nosniff; nosniff access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 x-wc-store-api-nonce: 56f237XXXX x-wc-store-api-nonce-timestamp: 1625559263 x-wc-store-api-user: 1 allow: GET x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block

if I made a plain Get request to https://yoursite.com/wp-json/wc/store/cart/
it would reply with
x-wc-store-api-nonce: XXXXXXXX x-wc-store-api-nonce-timestamp: XXXXXXXX x-wc-store-api-user: 0
x-wc-store-api-user: 0 in reference to an unregistered user .

As the api accepts Authorization header
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
sending the JWT bearer token _urlHeader['Authorization'] = 'Bearer ' + _authToken!;
would return the logged in user's cart with its existing x-wc-store-api-nonce: XXXXXXX

to make calls to
POST /cart/add-item
POST /cart/remove-item
POST /cart/update-item....

you can initialize the cart 1st by capturing the Get response header from a call to
https://yoursite.com/wp-json/wc/store/cart/ Using your JWT bearer token and retrieving the x-wc-store-api-nonce and using it to make future calls to the StoreApi .

this is as far as I have come to understanding.
Please do correct me if I am wrong .

now to Code 😄 still new to flutter or programming.

@iNahvi iNahvi mentioned this issue Jul 14, 2021
Open
@HelloMukama
Copy link

I'm facing the same issue here...

@AmirMoradnejad12
Copy link

step1 : fetch this : GET https://www.mysite.com/wp-json/wc/store/cart/items
step 2 : in response header you can access to the nonce and car-token. ( response.headers.get('nonce )
step 3 : POST https://www.mysite.com/wp-json/wc/store/cart/items and set nonce and car-token in this request headers.

I search many time and try many ways and finally find this way.

I hope you can use it.

@voxluke
Copy link

voxluke commented Nov 20, 2023

step1 : fetch this : GET https://www.mysite.com/wp-json/wc/store/cart/items step 2 : in response header you can access to the nonce and car-token. ( response.headers.get('nonce ) step 3 : POST https://www.mysite.com/wp-json/wc/store/cart/items and set nonce and car-token in this request headers.

I search many time and try many ways and finally find this way.

I hope you can use it.

Thank you, I searched a lot on the internet how we gain the nonce. But finally I know!

@Deepak7009
Copy link

I m still getting {"code":"woocommerce_rest_missing_nonce","message":"Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.","data":{"status":401}} error In your code we are posting a request but header section only contains Auth data which is Bearer djksajlkdjlskajdlka But server asks us to send : X-WC-Store-API-Nonce data which is created by server side. We need this nonce data. and send it to server. I tried addto mychart method with 0.9.7 but still having this issue. Note i m logging in with a pre-created user with wordpress.

How to solve this ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests