Support » Plugin: WooCommerce » Woo 3.6.1 REST API for 3rd party plugins

  • Resolved Vitaly Kukin


    Have you really decided that instead of WordPress, you can dictate terms for using REST API?

    How did you add such checks to your methods, that now you cannot use REST API without receiving your keys?

    /woocommerce/includes/class-woocommerce.php at line 254
    public function is_rest_api_request

    /woocommerce/includes/api/class-wc-rest-authentication.php at line 52
    protected function is_request_to_rest_api

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author Gerhard Potgieter


    Hi Vitaly, not sure what you mean with us dictating the terms for using the REST API? The methods you link to are only for interacting with the WooCommerce API, since the WooCommerce API requires authenticated requests we need to add that.

    You should still be able to access the normal WP API endpoints as per usual without using any WooCommerce API keys, I just tested this and it works like that for me.

    it works only for the WooCommerce plugin, and cuts other third-party requests. You compare with the previous version of your plugin.

    At the moment, when I send a request to my REST API, I get this {“code”:”woocommerce_rest_authentication_error”,”message”:”Consumer key is invalid.”,”data”:{“status”:401}}

    that is old handler:

    protected function is_request_to_rest_api() {
    	if ( empty( $_SERVER['REQUEST_URI'] ) ) {
    		return false;
    	$rest_prefix = trailingslashit( rest_get_url_prefix() );
    	// Check if our endpoint.
    	$woocommerce = ( false !== strpos( $_SERVER['REQUEST_URI'], $rest_prefix . 'wc/' ) ); // @codingStandardsIgnoreLine
    	// Allow third party plugins use our authentication methods.
    	$third_party = ( false !== strpos( $_SERVER['REQUEST_URI'], $rest_prefix . 'wc-' ) ); // @codingStandardsIgnoreLine
    	return apply_filters( 'woocommerce_rest_is_request_to_rest_api', $woocommerce || $third_party );

    that is new version:

    public function is_rest_api_request() {
    	if ( empty( $_SERVER['REQUEST_URI'] ) ) {
    		return false;
    	$rest_prefix         = trailingslashit( rest_get_url_prefix() );
    	$is_rest_api_request = ( false !== strpos( $_SERVER['REQUEST_URI'], $rest_prefix ) ); // phpcs:disable WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    	return apply_filters( 'woocommerce_is_rest_api_request', $is_rest_api_request );

    In other words, you check for $rest_prefix which is equal to wp-json and all requests from third-party plug-ins go to ashes. Maybe I don’t understand something, but do you really think you can afford it?

    When I call I got this response {"code":"woocommerce_rest_authentication_error","message":"Consumer key is invalid.","data":{"status":401}}

    Plugin Author Mike Jolley


    It’s my understanding that auth methods stack. Without auth I can still access REST API endpoints such as /wp-json/wp/v2/posts/1 no problem, and I tested the JSON basic auth plugin too which also works.

    Which method of auth are you using for your custom endpoints? Are they available anywhere to try?

    I have my own data exchange methods, different from the standard ones.

    To be honest, I was hoping to spend the day with benefit, create something new, and do your work.

    Maybe someone comes in handy. Hook disables check WooCommerce REST API

    function _for_own_rest( $result ) {
        $rest_prefix = trailingslashit( rest_get_url_prefix() );
        if ( false !== strpos( $_SERVER['REQUEST_URI'], $rest_prefix . 'own/v1/' ) ){
            add_filter('woocommerce_rest_is_request_to_rest_api', function ( $param ) {
                return false;
            }, 100, 1);
        return $result;
    add_action( 'determine_current_user', '_for_own_rest', 10, 1 );
    Plugin Author Mike Jolley


    I don’t know what you’re doing but it doesn’t sound inline with how the WordPress rest api should work.

    You should either provide your own method of authentication, or not require authentication when declaring your endpoints. If WC rest api authentication breaks your endpoint then I’m assuming installing would also?

    • This reply was modified 1 year, 3 months ago by Mike Jolley.

    Are you trying to convince me of something? With antics, everything is fine with me, it was until you released an update. I know that on the previous “stable” version Woo everything works for me. And you either don’t want to check it properly or don’t want to admit that something went wrong.

    That’s all.

    Plugin Author Mike Jolley


    Vitaly, no I’m trying to understand the issue so we can work on a patch if needed, but rather than help I’m seeing attitude 🙂

    – Does break your auth yes or no?
    – What does your custom auth look like i.e. how do you handle it. Basic auth like WooCommerce? Something else? No auth?

    We can narrow the scope of wc auth to wc/ endpoints only, but without understanding the issue or what it’s breaking I don’t know why that is needed.


    After the latest WooCommerece update, my WP API is also not working. Before update that everything was working fine. Please check, getting the following error:

    “code”: “woocommerce_rest_cannot_view”,
    “message”: “Sorry, you cannot view this resource.”,
    “data”: {
    “status”: 401

    Plugin Author Mike Jolley


    Maybe you can check – if it’s approved. Again, it’s hard to patch/justify changes without proper reports. It’s unclear why this conflicts with your API.

    I’m also having trouble with WooCommerce API after recent updates.

    If you finally get to make it work, details are appreciated.

    Same here, I have two connections that failed.
    Trying to revert back to get them going again.

    Other than that really appreciate the features in the update guys!

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Woo 3.6.1 REST API for 3rd party plugins’ is closed to new replies.