Recently I had to work with the WooCommerce REST API to do stuffs with products, mainly create / update it. However with its OAuth 1.0 authentication I couldn't get it just right. The REST API returned authentication error messages.
It was becoming difficult to get one source of information that accurately showed how to make a successful authentication to the WooCommerce REST API.
Finally, after a lot of digging I did manage to get it right and I am sharing it with whoever wants to use it in their systems.
<?php
function stramaxon_generate_oauth( $request ) {
$wc_rest_api = array(
'key' => '[YOUR_CONSUMER_KEY]',
'secret' => '[YOUR_CONSUMER_KEY]'
);
$consumerKey = $wc_rest_api['key'];
$signatureMethod = 'HMAC-SHA1';
$timestamp = time();
$nonce = md5(mt_rand());
$version = '1.0';
$oauthSignature = tsw_generateSignature( $request, $timestamp, $nonce, $signatureMethod, $version ) ;
// echo "Signature: " . $oauthSignature . "<br>";
return "OAuth oauth_consumer_key=\"{$consumerKey}\",oauth_signature_method=\"{$signatureMethod}\",oauth_timestamp=\"{$timestamp}\",oauth_nonce=\"{$nonce}\",oauth_version=\"1.0\",oauth_signature=\"{$oauthSignature}\"";
// return "OAuth oauth_consumer_key={$consumerKey},oauth_signature_method={$signatureMethod},oauth_timestamp={$timestamp},oauth_nonce={$nonce},oauth_version=1.0,oauth_signature={$oauthSignature}";
}
function stramaxon_generateSignature($request, $timestamp, $nonce, $signatureMethod, $version) {
$wc_rest_api = array(
'key' => '[YOUR_CONSUMER_KEY]',
'secret' => '[YOUR_CONSUMER_KEY]'
);
$base = $request['method'] . "&"
. rawurlencode( $request['url'] ) . "&"
. rawurlencode( "oauth_consumer_key=" . $wc_rest_api['key'] )
. rawurlencode( "&oauth_nonce=" . $nonce )
. rawurlencode( "&oauth_signature_method=" . $signatureMethod )
. rawurlencode( "&oauth_timestamp=" . $timestamp )
. rawurlencode( "&oauth_version=" . $version );
// . rawurlencode( '&' . http_build_query($request['data']) );
$key = rawurlencode($wc_rest_api['secret']) . '&';
$signature = base64_encode( hash_hmac('sha1', $base, $key, true) );
return $signature;
}
This is it basically. All you got to do is use the stramaxon_generate_oauth function to generate a OAuth 1.0 string to be used in your HTTP request. But you will notice we are passing a `$request` parameter in that function. It needs to contain an array with the following.
$request = array(
'method' => 'POST',
'url' => 'http://example.com/your-rest-api/endpoint/wc'
)
// Then form the request,
// Don't get confused by the wp_remote_post, it can be used with a traditional curl request as well
$api_url = 'http://example.com/your-rest-api/endpoint/wc';
$api_response = wp_remote_post( $api_url, array(
'method' => 'POST',
'headers' => array(
'Authorization' => stramaxon_generate_oauth( array( $request )),
'Content-Type' => 'application/json'
),
'body' => json_encode( $post_data )
) );
