WooCommerce REST API Explained: Setup, Authentication & Examples

If you manage or develop for a WooCommerce store, understanding the REST API gives many advantages. The WooCommerce REST API gives you direct programmatic access to your store’s data, allowing you to build custom apps, automate workflows, and extend functionality far beyond what plugins offer.

This guide will walk you through everything you need to know—from setting up and generating API keys to working with products, orders, and customers. We’ll also dive into real-world use cases, using webhooks, securing your API, and troubleshooting common issues, so you can start building reliable, scalable solutions with confidence.

Understanding the WooCommerce REST API

When setting up a WooCommerce store, you should have some idea about the REST API. At its core, the WooCommerce REST API is an HTTP-based interface that allows developers to interact with WooCommerce data using standard HTTP methods like GET, POST, PUT, and DELETE. The API uses JSON as its data format, making it compatible with virtually any programming language or platform.

WooCommerce exposes several key resources via the API:

• Products: Create, read, update, and delete products and variations.
• Orders: Manage customer orders, including status updates and refunds.
• Customers: Handle customer details and accounts.
• Coupons, Taxes, Reports, and more: Additional endpoints available for full store management.

The REST API is versioned (currently v3), ensuring backward compatibility as WooCommerce evolves.

Requirements to Use WooCommerce REST API

Before you start working with the WooCommerce REST API, make sure you meet these requirements:

• WooCommerce Version: WooCommerce 2.6 or higher (v3 API introduced in 3.5+).
• WordPress Permalinks: Permalinks must be enabled; default Plain permalinks will not work.
• HTTPS: Your site should be served over HTTPS for secure API requests.
• REST API Enabled: The REST API is enabled by default in WooCommerce versions 2.6+.
• User Permissions: API keys are generated per user with specific permissions (read, write, or read/write).

Once you have met all these requirements, you can now generate WooCommerce API keys. The steps are given below.

How to Generate WooCommerce API Keys (Step-by-Step)

To securely access the WooCommerce REST API, you need to generate API keys.

Step 1: Log in to your WordPress Admin Dashboard.

Step 2: Navigate to WooCommerce → Settings → Advanced → REST API.

Step 3: Click the Add Key button.

Step 4: Fill in the key details:

• Description: Give the key a meaningful name (e.g., “Mobile App Integration”).
• User: Select the user account to associate with this key.
• Permissions: Choose the level of access: Read, Write, or Read/Write.

Step 5: Click Generate API Key.

Step 6: You will see your Consumer Key and Consumer Secret – copy and store them securely. These credentials will authenticate your API requests.

A security tip that you should always follow is never expose these keys publicly or in front-end code. Use environment variables or secret managers to store them safely.

Authentication Methods (and When to Use Each)

WooCommerce supports multiple authentication methods for its REST API:

a. Basic Authentication

• Uses the Consumer Key and Consumer Secret as username and password.
• Suitable for local development or trusted environments.
• Sends credentials base64-encoded in the HTTP header.
• Should only be used over HTTPS.

b. OAuth 1.0a

• An older, more complex method for authenticating API requests.
• Mostly deprecated in favor of simpler methods.
• Rarely used unless working with legacy systems.

c. JWT (JSON Web Tokens)

• A modern and secure authentication method.
• Great for headless WooCommerce apps and mobile clients.
• Requires installing a JWT Authentication plugin for WooCommerce.
• Tokens expire, adding a layer of security.

Performing CRUD Operations with WooCommerce API

Here are the common operations you’ll perform using the WooCommerce REST API, demonstrated with cURL examples:

a. Working with Products

Get all products:

curl -X GET https://example.com/wp-json/wc/v3/products \

-u consumer_key:consumer_secret

Add a new product:

curl -X POST https://example.com/wp-json/wc/v3/products \

-u consumer_key:consumer_secret \

-H "Content-Type: application/json" \

-d '{"name":"New Product","type":"simple","regular_price":"19.99"}'

Update a product (ID 123):

curl -X PUT https://example.com/wp-json/wc/v3/products/123 \

-u consumer_key:consumer_secret \

-H "Content-Type: application/json" \

-d '{"regular_price":"24.99"}'

Delete a product (ID 123):

curl -X DELETE https://example.com/wp-json/wc/v3/products/123 \

-u consumer_key:consumer_secret \

-d '{"force": true}'

b. Working with Orders

List orders:

curl -X GET https://example.com/wp-json/wc/v3/orders \

-u consumer_key:consumer_secret

Fetch order by ID:

curl -X GET https://example.com/wp-json/wc/v3/orders/456 \

-u consumer_key:consumer_secret

Update order status:

curl -X PUT https://example.com/wp-json/wc/v3/orders/456 \

-u consumer_key:consumer_secret \

-H "Content-Type: application/json" \

-d '{"status":"completed"}'

c. Working with Customers

Create a customer:

curl -X POST https://example.com/wp-json/wc/v3/customers \

-u consumer_key:consumer_secret \

-H "Content-Type: application/json" \

-d '{"email":"[email protected]","first_name":"John","last_name":"Doe"}'

Retrieve customer by ID:

curl -X GET https://example.com/wp-json/wc/v3/customers/789 \

-u consumer_key:consumer_secret

Update customer info:

curl -X PUT https://example.com/wp-json/wc/v3/customers/789 \

-u consumer_key:consumer_secret \

-H "Content-Type: application/json" \

-d '{"billing":{"phone":"1234567890"}}'

Filtering, Sorting & Pagination

The WooCommerce API supports parameters to fine-tune your queries:

• status: Filter orders by status (e.g., completed, pending).
• orderby: Sort results by date, id, price, etc.
• per_page: Number of items per page (max 100).
• page: The page number for paginated results.

Example: Fetch 10 recent completed orders:

curl -X GET “https://example.com/wp-json/wc/v3/orders?status=completed&per_page=10” \

-u consumer_key:consumer_secret

Using WooCommerce REST API with Tools

For easier testing and development, you can use API clients like Postman or Insomnia.

• Postman: Set up authentication by adding your Consumer Key and Secret in the authorization tab (Basic Auth).
• Send requests to API endpoints and inspect JSON responses in a user-friendly interface.
• Save your API calls in collections for quick access.

Tip: Import or create a Postman collection for WooCommerce API calls to speed up development.

Automating Workflows: Real-World Use Cases

Developers often use WooCommerce REST API to automate:

• Inventory syncing: Keep stock levels updated between WooCommerce and ERP or POS systems.
• Order notifications: Push new order data to Slack, email, or CRM tools.
• Reporting dashboards: Aggregate sales and customer data for real-time analytics.
• Mobile apps: Power native iOS or Android apps with WooCommerce data.

Using Webhooks with REST API for Real-Time Sync

WooCommerce webhooks notify your application of specific store events (order created, product updated, etc.).

How it works:

1. Configure a webhook URL in WooCommerce admin.
2. When the event occurs, WooCommerce sends a POST request with event data.
3. Your app receives the webhook and can call WooCommerce REST API for more details or trigger workflows.

Example use case: Auto-generate an invoice when a new order is placed.

How to Create Custom Endpoints in WooCommerce

Sometimes, the default API endpoints don’t cover your exact needs.

Creating a custom endpoint:

• Use WordPress hooks register_rest_route() in a plugin or theme.
• Define callback functions for GET/POST requests.
• Handle authentication and permissions.

Example: Add /wc/v3/top-selling-products to return a sales summary.

Security: Always check user permissions and sanitize inputs.

API Security & Best Practices

Here are some of the best API security and best practices that you should follow.

• Use HTTPS for all API communications.
• Keep your API keys secret and use environment variables.
• Assign only the permissions required (least privilege).
• Monitor and respect rate limits.
• Cache frequent API responses where possible.
• Avoid exposing API keys in frontend or public code.

In short, WooCommerce REST API lets you manage products, orders, and customers programmatically. You can choose from several authentication methods—Basic Auth for local use, JWT for modern apps, and OAuth for legacy systems. With support for filtering, webhooks, custom endpoints, and tools like Postman, it’s built for flexibility, automation, and secure integrations.

Common Issues and Troubleshooting Tips

Let us look at some of the common issues and the troubleshooting tips:

FAQs on WooCommerce REST API

Conclusion

The WooCommerce REST API is a versatile and essential tool for developers wanting to automate store management, build integrations, and develop custom applications. By understanding authentication, key operations, and advanced techniques like webhooks and custom endpoints, you can unlock the full potential of WooCommerce. As with any API, security and best practices matter. Always use HTTPS, protect your API keys, and only give access where it’s truly needed. If you need help building advanced API integrations or custom automation workflows, our WooCommerce experts are ready to assist. Contact us today!