HISE Logo Forum
    • Categories
    • Register
    • Login

    Get data from Woocommerce via server api

    Scheduled Pinned Locked Moved Scripting
    authenticationserverapiwoocommerce
    109 Posts 11 Posters 18.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • orangeO
      orange @d.healey
      last edited by

      @d-healey said in Get data from Woocommerce via server api:

      Yes I modified htaccess but it didn't work on my testing server - xampp. I had to do the extra steps I put in my last post.

      I applied that steps but my server system doesn't accept http header authenticaton. Keep digging...

      develop Branch / XCode 13.1
      macOS Monterey / M1 Max

      1 Reply Last reply Reply Quote 0
      • LindonL
        Lindon @orange
        last edited by

        @orange said in Get data from Woocommerce via server api:

        @Christoph-Hart Yes token system is supposed to be generated as a session cookie.

        Wordpress REST API can use this token system (JWT Auth)
        Woocommerce REST API only uses OAuth system (consumer key and consumer secret codes method)

        Do you think consumer key and consumer secret codes can be compromised by hackers on a compiled plugin?

        isn't

        consumer key = user ID/email address
        consumer secret code = password

        ?

        HISE Development for hire.
        www.channelrobot.com

        orangeO 1 Reply Last reply Reply Quote 0
        • orangeO
          orange @Lindon
          last edited by orange

          @Lindon said in Get data from Woocommerce via server api:

          @orange said in Get data from Woocommerce via server api:

          @Christoph-Hart Yes token system is supposed to be generated as a session cookie.

          Wordpress REST API can use this token system (JWT Auth)
          Woocommerce REST API only uses OAuth system (consumer key and consumer secret codes method)

          Do you think consumer key and consumer secret codes can be compromised by hackers on a compiled plugin?

          isn't

          consumer key = user ID/email address
          consumer secret code = password

          ?

          Woocommerce doesn't alow to use it's REST API with directly using username and passwords while authentication. These two codes are generated within Woocommerce > Settings > Advanced > REST API > Add Key menu.

          So your app will use these codes to use Woo REST API. You can give permissions Read, Write or both depending on your needs.

          https://woocommerce.github.io/woocommerce-rest-api-docs/?shell#authentication

          develop Branch / XCode 13.1
          macOS Monterey / M1 Max

          1 Reply Last reply Reply Quote 0
          • Christoph HartC
            Christoph Hart
            last edited by

            @orange said in Get data from Woocommerce via server api:

            Yes token system is supposed to be generated as a session cookie.

            Then why do you save it in a file?

            Do you think consumer key and consumer secret codes can be compromised by hackers on a compiled plugin?

            Anything can be compromised. Things that are embedded in the plugin (RSA keys, static passwords in a script) can be extracted more easily than dynamic data that comes from the server (eg. these tokens), but then both things might be trivially easy for anybody with a good knowledge of reverse-debugging.

            orangeO 1 Reply Last reply Reply Quote 1
            • orangeO
              orange @Christoph Hart
              last edited by orange

              @Christoph-Hart said in Get data from Woocommerce via server api:

              @orange said in Get data from Woocommerce via server api:

              Yes token system is supposed to be generated as a session cookie.

              Then why do you save it in a file?

              I just wanted to decrease server access, did it for multi instance uses especially. Also I didn't want to store password directly.
              For example checking it once a day?
              If the token is expired, it will pick a new one by the way.

              But maybe there is a better idea?

              develop Branch / XCode 13.1
              macOS Monterey / M1 Max

              1 Reply Last reply Reply Quote 0
              • d.healeyD
                d.healey @Christoph Hart
                last edited by d.healey

                @Christoph-Hart said in Get data from Woocommerce via server api:

                Not sure if I understand this particular authentication system, but isn't the token supposed to be generated as a session cookie?

                1. User logs in with credentials (email & password)
                2. Server returns a token when the login succeeds (might return a cached token if the requests are within a certain time).
                3. User uses this token for each subsequent URL request as proof of authentication (most likely in the header).

                Yes, but it doesn't need to be saved as a cookie, you can just save it in a variable and pass it in the header with each request. I have this working now in HISE. The problem was a server configuration issue, HISE is fine :)

                @orange said in Get data from Woocommerce via server api:

                But maybe there is a better idea?

                Probably no harm in generating one for each request, unless you think the user is going to be making lots of requests. I'll probably store mine in a file that will expire each day.

                Free HISE Bootcamp Full Course for beginners.
                YouTube Channel - Public HISE tutorials
                My Patreon - HISE tutorials

                orangeO 1 Reply Last reply Reply Quote 1
                • orangeO
                  orange @d.healey
                  last edited by

                  @d-healey said in Get data from Woocommerce via server api:

                  Probably no harm in generating one for each request, unless you think the user is going to be making lots of requests. I'll probably store mine in a file that will expire each day.

                  Which method can be used for each day expiration?

                  develop Branch / XCode 13.1
                  macOS Monterey / M1 Max

                  d.healeyD 1 Reply Last reply Reply Quote 0
                  • d.healeyD
                    d.healey @orange
                    last edited by

                    @orange You can add a timestamp inside your encrypted file and compare it to the current time when you read the file.

                    Free HISE Bootcamp Full Course for beginners.
                    YouTube Channel - Public HISE tutorials
                    My Patreon - HISE tutorials

                    1 Reply Last reply Reply Quote 1
                    • d.healeyD
                      d.healey
                      last edited by

                      Ooo fancy stuff in the latest commit...

                      downloads are persistent when recompiling

                      What does this mean?

                      Free HISE Bootcamp Full Course for beginners.
                      YouTube Channel - Public HISE tutorials
                      My Patreon - HISE tutorials

                      1 Reply Last reply Reply Quote 0
                      • Christoph HartC
                        Christoph Hart
                        last edited by

                        The Server class was owned by the scripting engine so when you recompile it will create a new server class and all downloads are gone. This was bad and now the server class has the same lifetime as the plugin itself.

                        d.healeyD 2 Replies Last reply Reply Quote 2
                        • d.healeyD
                          d.healey @Christoph Hart
                          last edited by

                          @Christoph-Hart Excellent!

                          Free HISE Bootcamp Full Course for beginners.
                          YouTube Channel - Public HISE tutorials
                          My Patreon - HISE tutorials

                          1 Reply Last reply Reply Quote 0
                          • d.healeyD
                            d.healey @Christoph Hart
                            last edited by d.healey

                            @Christoph-Hart Compile errors unfortunately

                            ../../../../../HISE/hi_components/floating_layout/FloatingTileFactoryMethods.cpp:358:43: error: ‘web’ is not a member of ‘MainToolbarIcons’
                               path.loadPathFromData(MainToolbarIcons::web, sizeof(MainToolbarIcons::web));
                                                                       ^~~
                            ../../../../../HISE/hi_components/floating_layout/FloatingTileFactoryMethods.cpp:358:73: error: ‘web’ is not a member of ‘MainToolbarIcons’
                               path.loadPathFromData(MainToolbarIcons::web, sizeof(MainToolbarIcons::web));
                            

                            Free HISE Bootcamp Full Course for beginners.
                            YouTube Channel - Public HISE tutorials
                            My Patreon - HISE tutorials

                            1 Reply Last reply Reply Quote 0
                            • Christoph HartC
                              Christoph Hart
                              last edited by

                              Ah yes I forgot to commit this file. You can just comment these lines out, it shouldn't affect anything.

                              d.healeyD 1 Reply Last reply Reply Quote 1
                              • d.healeyD
                                d.healey @Christoph Hart
                                last edited by

                                @Christoph-Hart Yep that worked. This server controller looks useful. Going to play around with it now.

                                Free HISE Bootcamp Full Course for beginners.
                                YouTube Channel - Public HISE tutorials
                                My Patreon - HISE tutorials

                                1 Reply Last reply Reply Quote 0
                                • d.healeyD
                                  d.healey
                                  last edited by d.healey

                                  @orange Have you had any luck getting user order data through JWT authorization? WooCommerce seems to block any user that isn't an admin.

                                  I think we may be forced to use the consumer/secret key thingy!

                                  Free HISE Bootcamp Full Course for beginners.
                                  YouTube Channel - Public HISE tutorials
                                  My Patreon - HISE tutorials

                                  orangeO 1 Reply Last reply Reply Quote 0
                                  • orangeO
                                    orange @d.healey
                                    last edited by orange

                                    @d-healey said in Get data from Woocommerce via server api:

                                    @orange Have you had any luck getting user order data through JWT authorization? WooCommerce seems to block any user that isn't an admin.

                                    Not yet, I tried lot's of thing but interestingly my server doesn't allow http header auth...

                                    I think we may be forced to use the consumer/secret key thingy!

                                    Yes it seems like that then. By the way don't forget to delete Server.setHttpHeader, because in this case woocommerce is blocking.

                                    develop Branch / XCode 13.1
                                    macOS Monterey / M1 Max

                                    d.healeyD 1 Reply Last reply Reply Quote 0
                                    • d.healeyD
                                      d.healey @orange
                                      last edited by d.healey

                                      @orange So how do we do it securely? Embedding keys in the binary seems risky. I'm also going to see if making custom endpoints will work.

                                      Free HISE Bootcamp Full Course for beginners.
                                      YouTube Channel - Public HISE tutorials
                                      My Patreon - HISE tutorials

                                      orangeO 1 Reply Last reply Reply Quote 0
                                      • orangeO
                                        orange @d.healey
                                        last edited by orange

                                        @d-healey said in Get data from Woocommerce via server api:

                                        @orange So how do we do it securely? Embedding keys in the binary seems risky. I'm also going to see if making custom endpoints will work.

                                        If you won't create customers, create orders...etc with Woocommece API, you can give Read only permissions to the keys. So the keys can only be used for getting data. yes it is risky too but at least not on the website compromise level.

                                        develop Branch / XCode 13.1
                                        macOS Monterey / M1 Max

                                        1 Reply Last reply Reply Quote 1
                                        • orangeO
                                          orange
                                          last edited by orange

                                          I guess Application Passwords Plugin is the alternative to JWT Authentication Plugin. Some people says it is much more easy to use, maybe this method won't be blocked.

                                          develop Branch / XCode 13.1
                                          macOS Monterey / M1 Max

                                          1 Reply Last reply Reply Quote 1
                                          • orangeO
                                            orange
                                            last edited by orange

                                            By the way, you didn't try to get data with JWT header auth from Woocommerce REST API right?
                                            JWT can be used for Wordpress REST API only.
                                            And since every customer is a user at the same time, I think with Wordpress API you should get the user (customer) data.

                                            develop Branch / XCode 13.1
                                            macOS Monterey / M1 Max

                                            d.healeyD 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            18

                                            Online

                                            2.0k

                                            Users

                                            12.7k

                                            Topics

                                            110.5k

                                            Posts