consumer key and secret as parameters in the URL

  • Resolved srdjan121

    (@srdjan121)


    1 year, 8 months ago

    Hello,

    Our customers are experiencing an error message when attempting to use Woocommerce API authentication. The error message is as follows:

    { “code”: “woocommerce_rest_cannot_view”, “message”: “Sorry, you cannot list resources.”, “data”: { “status”: 401 } }

    We have attempted to replicate the problem using software tools such as Insomnia or Postman, but unfortunately, our requests were unsuccessful. We have also tried passing the consumer key and secret as parameters in the URL and were able to achieve a successful request. However, we remain unsure if this is a safe method for making requests to the server. We would appreciate any assistance in resolving this matter. Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hello,

    To get more information, please check the suggestions about this error on the articles below:

    I hope this helps.

    Thread Starter srdjan121

    (@srdjan121)

    Hello,

    Is it safe to use the consumer key and consumer secret as URL parameters?

    In WooCommerce REST API documentation there is this section:
    Occasionally some servers may not parse the Authorization header correctly (if you see a “Consumer key is missing” error when authenticating over SSL, you have a server issue). In this case, you may provide the consumer key/secret as query string parameters instead.

    Saif

    (@babylon1999)

    Hello @srdjan121,

    Is it safe to use the consumer key and consumer secret as URL parameters?

    I’m pretty sure the team would’ve mentioned any security issues in the documentation with this approach. However, since we’re not developers, it’s hard to say for sure. It also depends on the design pattern of your app.

    I recommend discussing the matter with a WooExpert or vising the #developers channel of the WooCommerce Community Slack. We’re lucky to have a great community of open-source developers for WooCommerce, and many of our developers hang out there, as well.

    Cheers!



    Saif

    (@babylon1999)

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – we’ll be here if and/or when you are ready to continue.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘consumer key and secret as parameters in the URL’ is closed to new replies.

Tags