Introduction
The default response format is JSON. Requests with a message-body use plain JSON to set or update resource attributes. You can specify the callback using the? There are four possible types:. Errors return both an appropriate HTTP status code and response object which contains a code , message and data attribute. Almost all endpoints accept optional parameters which can be passed as a HTTP query string parameter, e. All parameters are documented along each endpoint. Requests that return multiple items will be paginated to 10 items by default. Alternatively the items per page can be specified with the? You may also specify the offset from the first resource using the? Pagination info is included in the Link Header. It's recommended that you follow these values instead of building your own URLs where possible. New keys can be generated either through the WordPress admin interface or they can be auto-generated through an endpoint.
Click the "Add Key" button. In the next screen, add a description and select the WordPress user you would like to generate the key for. These two keys are your Consumer Key and Consumer Secret. API keys are not transferred to other users.
Requirements
Occasionally some servers may not parse the Authorization header correctly if you see a "Consumer key is missing" error when authenticating over SSL, you have a server issue. You must use OAuth 1. Typically you will use any standard OAuth 1. The Request URL will be the endpoint you are posting to, e. You must be using WooCommerce 2. You must enable pretty permalinks default permalinks will not work. The current version is v1 and takes a first-order position in endpoint URLs. This will only change for major releases. The default response format is JSON. Note that XML responses are slightly different in structure. Any decimal monetary amount, such as prices or totals, are returned as strings with two decimal places. The decimal separator typically either. This is by design, in order to make localization of API data easier for the client. You may need to account for this in your implemetation if you will be doing calculations with the returned data e.
Blank fields are generally included as null instead of being blank strings or omitted.
Create and Update Products with WooCommerce API
Remember that the Index endpoint will indicate if the site supports SSL or not. Occasionally some servers may not properly parse the Authorization header if you see a "Consumer key is missing" error when authenticating over SSL, you have a server issue. In WooCommerce 2. You must use OAuth 1. Typically you may use any standard OAuth 1. If you are having trouble generating a correct signature, you'll want to review your string to sign for errors with encoding. The authentication source can also be helpful in understanding how to properly generate the signature. The OAuth parameters must be added as query string parameters and not include in the Authorization header. The OAuth nonce can be any randomly generated 32 character recommended string that is unique to the consumer key. Read more suggestions on generating a nonce on the Twitter API forums. The OAuth timestamp should be the unix timestamp at the time of the request.
Guide: Using the WooCommerce API to add custom functionality
The API will deny any requests that include a timestamp that is outside of a 15 minute window to prevent replay attacks. You must use the store URL provided by the index when forming the base string used for the signature, as this is what the server will use. Some OAuth libraries add an ampersand to the provided secret key before generating the signature. This does not adhere to the OAuth spec and the ampersand should be removed prior to generating the signature. Twitter has great instructions on generating a signature with OAuth 1. All endpoints accept a filter parameter that scopes individual filters using brackets, like date filtering:.
WooCommerce REST API Documentation v3
Resource meta is excluded by default, but can be included with the meta filter parameter:. Protected meta meta whose key is prefixed with an underscore is not included in the response. The reports endpoint does not support meta. Sub-fields can't be limited for resources that have multiple structs, like an order's line items.