JBatch It! v3.29 serial key or number

WooCommerce (WC) 2.6+ is fully integrated with the WordPress REST API. This allows WC data to be created, read, updated, and deleted using requests in JSON format and using WordPress REST API Authentication methods and standard HTTP verbs which are understood by most HTTP clients.

The current WP REST API integration version is which takes a first-order position in endpoints.

The following table shows API versions present in each major version of WooCommerce:

Prior to 2.6, WooCommerce has had a REST API separate from WordPress which is now known as the legacy API. You can find the documentation for the legacy API separately.

Requirements

To use the latest version of the REST API you must be using:

• WooCommerce 3.5+.
• WordPress 4.4+.
• Pretty permalinks in so that the custom endpoints are supported. Default permalinks will not work.
• You may access the API over either HTTP or HTTPS, but HTTPS is recommended where possible.

If you use ModSecurity and see errors, see this issue for details.

Request/Response Format

The default response format is JSON. Requests with a message-body use plain JSON to set or update resource attributes. Successful requests will return a HTTP status.

Some general information about responses:

• Dates are returned in ISO8601 format:
• Resource IDs are returned as integers.
• Any decimal monetary amount, such as prices or totals, will be returned as strings with two decimal places.
• Other amounts, such as item counts, are returned as integers.
• Blank fields are generally included as or emtpy string instead of being omitted.

JSONP Support

The WP REST API supports JSONP by default. JSONP responses use the content-type. You can specify the callback using the parameter for requests to have the response wrapped in a JSON function:

Response:

Errors

Occasionally you might encounter errors when accessing the REST API. There are four possible types:

WP REST API error example:

WooCommerce REST API error example:

Errors return both an appropriate HTTP status code and response object which contains a , and attribute.

Parameters

Almost all endpoints accept optional parameters which can be passed as a HTTP query string parameter, e.g. . All parameters are documented along each endpoint.

Pagination

Requests that return multiple items will be paginated to 10 items by default. This default can be changed by the site administrator by changing the option. Alternatively the items per page can be specified with the parameter:

You can specify further pages with the parameter:

You may also specify the offset from the first resource using the parameter:

Page number is 1-based and omitting the parameter will return the first page.

The total number of resources and pages are always included in the and HTTP headers.

Link Header

Pagination info is included in the Link Header. It's recommended that you follow these values instead of building your own URLs where possible.

The possible values are:

Libraries and Tools

Official libraries

Third party libraries

Tools

Some useful tools you can use to access the API include:

• Insomnia - Cross-platform GraphQL and REST client, available for Mac, Windows, and Linux.
• Postman - Cross-platform REST client, available for Mac, Windows, and Linux.
• RequestBin - Allows you test webhooks.
• Hookbin - Another tool to test webhooks.

Learn more

Learn more about the REST API checking the official WordPress REST API documentation.

WooCommerce includes two ways to authenticate with the WP REST API. It is also possible to authenticate using any WP REST API authentication plugin or method.

REST API keys

Pre-generated keys can be used to authenticate use of the REST API endpoints. New keys can be generated either through the WordPress admin interface or they can be auto-generated through an endpoint.

Generating API keys in the WordPress admin interface

To create or manage keys for a specific WordPress user, go to WooCommerce > Settings > API > Keys/Apps.

Click the "Add Key" button. In the next screen, add a description and select the WordPress user you would like to generate the key for. Use of the REST API with the generated keys will conform to that user's WordPress roles and capabilities.

Choose the level of access for this REST API key, which can be Read access, Write access or Read/Write access. Then click the "Generate API Key" button and WooCommerce will generate REST API keys for the selected user.

Now that keys have been generated, you should see two new keys, a QRCode, and a Revoke API Key button. These two keys are your Consumer Key and Consumer Secret.

If the WordPress user associated with an API key is deleted, the API key will cease to function. API keys are not transferred to other users.

Auto generating API keys using our Application Authentication Endpoint

This endpoint can be used by any APP to allow users to generate API keys for your APP. This makes integration with WooCommerce API easier because the user only needs to grant access to your APP via a URL. After being redirected back to your APP, the API keys will be sent back in a separate POST request.

The following image illustrates how this works:

URL parameters

Creating an authentication endpoint URL

You must use the endpoint and pass the above parameters as a query string.

Example of how to build an authentication URL:

Example of JSON posted with the API Keys

Example of the screen that the user will see:

Notes

• While redirecting the user using , you are also sent and parameters as query strings.
• sends if the user denied, or if authenticated successfully.
• Use to identify the user when redirected back to the () and also remember to save the API Keys when your is posted to after auth.
• The auth endpoint will send the API Keys in JSON format to the , so it's important to remember that some languages such as PHP will not display it inside the global variable, in PHP you can access it using (for old PHP versions) or .
• The URL generated must have all query string values encoded.

Authentication over HTTPS

You may use HTTP Basic Auth by providing the REST API Consumer Key as the username and the REST API Consumer Secret as the password.

HTTP Basic Auth example

Occasionally some servers may not parse the Authorization header correctly (if you see a "Consumer key is missing" error when authenticating over SSL, you have a server issue). In this case, you may provide the consumer key/secret as query string parameters instead.

Example for servers that not properly parse the Authorization header:

Authentication over HTTP

You must use OAuth 1.0a "one-legged" authentication to ensure REST API credentials cannot be intercepted by an attacker. Typically you will use any standard OAuth 1.0a library in the language of your choice to handle the authentication, or generate the necessary parameters by following the following instructions.

Creating a signature

Collect the request method and URL

First you need to determine the HTTP method you will be using for the request, and the URL of the request.

The HTTP method will be in our case.

The Request URL will be the endpoint you are posting to, e.g. .

Collect parameters

Collect and normalize your parameters. This includes all parameters except for the itself.

These values need to be encoded into a single string which will be used later on. The process to build the string is very specific:

1. Percent encode every key and value that will be signed.
2. Sort the list of parameters alphabetically by encoded key.
3. For each key/value pair:
   • Append the encoded key to the output string.
   • Append the character to the output string.
   • Append the encoded value to the output string.
   • If there are more key/value pairs remaining, append a character to the output string.

When percent encoding in PHP for example, you would use .

When sorting parameters in PHP for example, you would use .

Parameters example:

Create the signature base string

The above values collected so far must be joined to make a single string, from which the signature will be generated. This is called the signature base string in the OAuth specification.

To encode the HTTP method, request URL, and parameter string into a single string:

1. Set the output string equal to the uppercase HTTP Method.
2. Append the character to the output string.
3. Percent encode the URL and append it to the output string.
4. Append the character to the output string.
5. Percent encode the parameter string and append it to the output string.

Example signature base string:

Generate the signature

Generate the signature using the signature base string and your consumer secret key with a character with the HMAC-SHA1 hashing algorithm.

In PHP you can use the hash_hmac function.

HMAC-SHA1 or HMAC-SHA256 are the only accepted hash algorithms.

If you are having trouble generating a correct signature, you'll want to review the string you are signing for encoding errors. The authentication source can also be helpful in understanding how to properly generate the signature.

OAuth tips

• The OAuth parameters may be added as query string parameters or included in the Authorization header.
• Note there is no reliable cross-platform way to get the raw request headers in WordPress, so query string should be more reliable in some cases.
• The required parameters are: , , , , and . is not required and should be omitted.
• The OAuth nonce can be any randomly generated 32 character (recommended) string that is unique to the consumer key. Read more suggestions on generating nonces on the Twitter REST API forums.
• The OAuth timestamp should be the unix timestamp at the time of the request. The REST API will deny any requests that include a timestamp outside of a 15 minute window to prevent replay attacks.
• You must use the store URL provided by the index when forming the base string used for the signature, as this is what the server will use. (e.g. if the store URL includes a sub-domain, you should use it for requests)
• You may test your generated signature using LinkedIn's OAuth test console -- leave the member token/secret blank.
• Twitter has great instructions on generating signatures with OAuth 1.0a, but remember tokens are not used with this implementation.
• Note that the request body is not signed as per the OAuth spec, see Google's OAuth 1.0 extension for details on why.
• If including parameters in your request, it saves a lot of trouble if you can order your items alphabetically.
• Authorization header is supported starting WooCommerce 3.0.

By default, the API provides information about all available endpoints on the site. Authentication is not required to access the API index.

HTTP request

JSON response example:

The best chance at recovering a stolen bicycle is having a registered serial number. These numbers are used by police across the nation.

Where to Find It

The majority of serial numbers are located under the bottom bracket where the two pedal cranks meet. Turn your bike upside down and record the number.

If there is no serial number near the cranks, you should check other common places including the front headset or rear stays. The diagram (below) indicates five of the most common serial number locations.

How to Register without a Serial Number

If you can’t find a serial number, you can still register your bicycle with DPS. To do so, bring the bicycle to the station, located in Parking Structure A (PSA). We can provide you with tools to engrave your driver’s license number on your frame. We’ll use this as alternate identification to the manufacturer’s serial number.