Get data from Woocommerce via server api
-
Ah yes I forgot to commit this file. You can just comment these lines out, it shouldn't affect anything.
-
@Christoph-Hart Yep that worked. This server controller looks useful. Going to play around with it now.
-
@orange Have you had any luck getting user order data through JWT authorization? WooCommerce seems to block any user that isn't an admin.
I think we may be forced to use the consumer/secret key thingy!
-
@d-healey said in Get data from Woocommerce via server api:
@orange Have you had any luck getting user order data through JWT authorization? WooCommerce seems to block any user that isn't an admin.
Not yet, I tried lot's of thing but interestingly my server doesn't allow http header auth...
I think we may be forced to use the consumer/secret key thingy!
Yes it seems like that then. By the way don't forget to delete
Server.setHttpHeader
, because in this case woocommerce is blocking. -
@orange So how do we do it securely? Embedding keys in the binary seems risky. I'm also going to see if making custom endpoints will work.
-
@d-healey said in Get data from Woocommerce via server api:
@orange So how do we do it securely? Embedding keys in the binary seems risky. I'm also going to see if making custom endpoints will work.
If you won't create customers, create orders...etc with Woocommece API, you can give Read only permissions to the keys. So the keys can only be used for getting data. yes it is risky too but at least not on the website compromise level.
-
I guess Application Passwords Plugin is the alternative to JWT Authentication Plugin. Some people says it is much more easy to use, maybe this method won't be blocked.
-
By the way, you didn't try to get data with JWT header auth from Woocommerce REST API right?
JWT can be used for Wordpress REST API only.
And since every customer is a user at the same time, I think with Wordpress API you should get the user (customer) data. -
@orange I tried with both WooCommerce and Wordpress. JWT can be used with WooCommerce endpoints, but they block every user without admin rights. I can't see a way to get customer order details from the Wordpress API.
-
-
Sorry Christoph, somehow I missed your reply. Giving extra priviliages to the user didn't work for me, and seems like a hack anyway.
@orange I have found the solution, make your own API with custom endpoints. It's actually not too difficult, I found some good information on the wordpress website and YouTube.
Here is a custom plugin I just made that will get all of the downloadable file data for all of the customer's completed orders. It checks that the current user (via JWT for example) has the role of customer, I'll add more security later to make sure they have permission to download specific files etc. This is just a proof of concept and doesn't take arguments from HISE server calls yet.
<?php /** * Plugin Name: Custom API * Plugin URI: http://localhost/wordpress * Description: Custom REST API endpoints * Version: 1.0 * Author: David Healey */ function my_orders() { $args = [ 'status' => 'wc-completed', 'customer' => 'customer@example.com' ]; $orders = wc_get_orders($args); $data = []; foreach ($orders as $i => $order) { $items = $order->get_items(); $data[$i] = []; foreach($items as $j => $item) { $data[$i][$j] = $item->get_item_downloads(); } } return $data; } add_action('rest_api_init', function() { register_rest_route('my/v1', 'orders', [ 'methods' => 'GET', 'callback' => 'my_orders', 'permission_callback' => function () { return wc_current_user_has_role( 'customer' ); } ]); });
The API documentation was tricky to find, every Google search lead to the REST API instead of the plugin API. If you need it here it is - https://developer.woocommerce.com/
-
@d-healey Thank you for the info. I'll check that out!
-
I was struggling with HTTP JWT token authentication for API requests. I edited .htaccess and wp-config files. Taking tokens was fine but http header authentication still was not working.
I've found the real cause that is Wordfence Security plugin for Wordpress. The Firewall was blocking the API requests.
So, I disabled
Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps
option in Firewall Options of Wordfence, and then the issue is solved. -
@orange Are you using a real server or are you using an offline test server like xampp?
-
@d-healey said in Get data from Woocommerce via server api:
@orange Are you using a real server or are you using an offline test server like xampp?
First, for test purpose I used Xampp. That was ok, no problem.
But after that I also tested on the real server, and that was the problem. Sometimes Xampp and Real Server situations can be different.
-
Anyone here using Woocommerce Amazon S3 Storage extension and custom endpoints?
-
@d-healey said in Get data from Woocommerce via server api:
Anyone here using Woocommerce Amazon S3 Storage extension and custom endpoints?
I think my client is using A3 - but not WooCommerce, its a custom coded end point.
-
@d-healey I use woo + Amazon. What's a custom endpoint?
-
@dustbro Custom endpoint is server side code that you can interact with through POST/GET requests.
https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/
-
I contacted the developer of Woocommerce License Manager plugin.
He is now building a new API that uses JWT Authorization (without API secret or key usage) with much more usable than Woocommerce API stuff. If any of you are interested, there will be no need to make custom endpoints if this new API will be finished.
Below POST/GET requests (such as Activate / Deactivate License with Machine ID, Get Purchased Products, Get Product Image / Meta Data, Add License that bought from a reseller...etc) can be made with only a user login and this API. User roles can be adjusted also.