Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Getting started with the REST API
Table of Contents
- Generate Keys
- Making a basic request
- Common connection issues
The REST API is a powerful part of WooCommerce which lets you read and write various parts of WooCommerce data such as orders, products, coupons, customers, and shipping zones.
Authorization is usually the part most developers get stuck on so this guide will cover a quick way to test that your API is working on your server and you can auth. If this works but your code to use the API does not, please bare in mind it will be a problem with your code. Please do not open issues asking for support about this on Github - use the support forums.
Before proceeding, please read the REST API docs on authentication which covers the important parts concerning API Keys and Auth. We're only covering connecting over HTTPS here since it's the simplest and most secure method. You should avoid HTTP if possible.
To start using REST API, you first need to generate API keys.
- Go to WooCommerce > Settings > Advanced
- Go to the REST API tab and click Add key.
- Give the key a description for your own reference, choose a user with access to orders etc, and give the key read/write permissions.
- Click Generate api key.
- Your keys will be shown - do not close this tab yet, the secret will be hidden if you try to view the key again.
Making a basic request
The request URL we'll test is
wp-json/wc/v2/orders. On localhost the full URL may look something like this:
https://local.wordpress.dev/wp-json/wc/v2/orders. Modify this to use your own site URL.
In Postman, you need to set the fields for request type, request URL, and the settings on the authorization tab. For Authorization, choose basic auth and enter your consumer key and consumer secret keys from WooCommerce into the username and password fields
Once done, hit send and you'll see the JSON response from the API if all worked well. You should see something like this:
Insomnia is almost identical to Postman; fill in the same fields and again use basic auth.
Thats it! The API is working.
If you have problems connnecting, you may need to disable SSL verification - see the connection issues section below.
Common connection issues
Connection issues with localhost and self signed SSL certificates
If you're having problems connecting to the REST API on your localhost and seeing errors like this:
You need to disable SSL verification. In Postman you can find this in the settings:
Insomnia also has this setting the preferences area:
Your API keys or signature is wrong. Ensure that:
- The user you generated API keys for actually has access to those resources.
- The username when authenticating is your consumer key.
- The password when authenticating is your consumer secret.
- Make a new set of keys to be sure.
Consumer key is missing
Occasionally servers may not parse the Authorization header correctly (if you see a “Consumer key is missing” error when authenticating over SSL, you have a server issue).
In this case, you may provide the consumer key/secret as query string parameters instead. Example:
Server does not support POST/DELETE/PUT
Ideally, your server should be configured to accept these types of API request, but if not you can use the