WooCommerce - woocommerce_rest_cannot_view - Status 401

Question

I have generated a consumer key and consumer secret. The website has SSL installed. I have also installed plugins required for JSON and REST services. This is how the url looks like:

https://<url>/wp-json/wc/v1/products

When I am trying to get(GET) the product details using Basic Auth by using POSTMAN, a Chrome plugin, I get a JSON response like:

{
  "code": "woocommerce_rest_cannot_view",
  "message": "Sorry, you cannot list resources.",
  "data": {
    "status": 401
  }
}

I have both the READ and WRITE permissions corresponding to the Consumer key.

Problem solved at this link :) https://stackoverflow.com/questions/52102194/woocommerce-rest-api-woocommerce-rest-cannot-view — Salahaddin mohammed, Apr 10 '21 at 14:04
Problem solved at this link :) https://stackoverflow.com/questions/52102194/woocommerce-rest-api-woocommerce-rest-cannot-view — Salahaddin mohammed, Apr 10 '21 at 14:07

score 65 · Answer 1 · answered May 03 '19 at 01:49

65

The 401 error you are getting is because you are using basic auth even though your website is not secure (does not have https).

The solution in postman is to use OAuth 1.0. Just add the consumer key and consumer secret and send the request.

answered May 03 '19 at 01:49

Isura Thrikawala

651
5
3

3

Wonderful! It worked great for me. I was struggling so much with that aspect. – jeremie_se Oct 31 '19 at 20:33
I tried this way, but I still have the same result. I have an https website – Rom-888 Dec 19 '20 at 22:23
@Rom-888 did you select the Add Auth data to: Request Body/ Request URL? – pegasuspect Jan 04 '21 at 21:34
WooCommerce wiki REST part put the wrong option that so many developers have this issue with basic AUTH – Rach Chen Apr 21 '21 at 03:58
It works in postman but when I send the request using GuzzleHttp it gives the same error as above – aliencity Feb 03 '22 at 11:55
@aliencity I hade the exact same problem. Postman working fine, laravel w. guzzle client failing. After changing "->get('http://..." to "->get('https://.." it works as expected! *Note that you have to serve your wp installation over https though. In my case that was easy with MAMP – Out of Orbit Jan 06 '23 at 17:10

score 20 · Answer 2 · answered Feb 27 '17 at 07:34

20

I met same problem.

Here is how I solve it:

require "woocommerce_api"

woocommerce = WooCommerce::API.new(
  "https://example.com",
  "consumer_key",
  "consumer_secret",
  {
    wp_json: true,
    version: "wc/v1",
    query_string_auth: true
  }
)

The key is query_string_auth: true you need to force basic authentication as query string true under HTTPS

answered Feb 27 '17 at 07:34

Aloha

322
2
5

6

@Aloha where am I supposed to use it? please explain in details your answer. – devasia2112 Jan 27 '19 at 05:41

score 6 · Answer 3 · answered Mar 18 '17 at 19:35

6

This is how i stopped worrying and moved on.

In short, the woocommerce rest controllers pretty much all have a SOMEWPRESTCLASS::get_item_permissions_check() method which in turn calls wc_rest_check_post_permissions() to decide if it returns that error;

So you hook into that and validate whichever way you want:

add_filter( 'woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4 );

function my_woocommerce_rest_check_permissions( $permission, $context, $object_id, $post_type  ){
  return true;
}

answered Mar 18 '17 at 19:35

Quickredfox

1,428
14
20

2

This is actually not very good because this way you open the door to everyone! – B. Martin Jul 18 '18 at 16:08
although i know this risk with this, I cant find any other solution right now, thanks for this. will use as a temporary fix – Zack Cheang Weng Seong Dec 11 '19 at 19:00

score 4 · Answer 4 · answered Sep 03 '17 at 15:48

Trying to help others: I was struggling with the 401 response while trying to CURL, and also with VBA trying to request as content-type "application/json" However, I was able to pull a valid response by just entering this in my browser address bar: https://mywebsite.com/wp-json/wc/v2/products?consumer_key=ck_blahblah&consumer_secret=cs_blahblah

Following this line of thought, I went back to my VBA app and changed the content type to "application/text" and was able to pull a valid response text with response code 200. Hope this helps someone.

+1 because this is how I get Postman to send the request. Thanks! on http It was working with OAuth 1.0. With production server on https it works with this. Really queer! — pegasuspect, Jan 04 '21 at 21:26

Dieter Gribnitz · Answer 5 · 2019-04-26T06:39:34.177

4

Try this, I had the same issue with the automattic/woocommerce library and I just got it working by appending the customer_key and customer_secret to the query.

$woocommerce->get("customers/$userId?consumer_key={$this->key}&consumer_secret={$this->secret}");

Quick Edit

The above method works but I found a better solution for the automattic/woocommerce library.

Set query_string_auth to true

Had to dig into the code to find this setting.

Found nothing on it in the docs

return new Client($this->url, $this->key, $this->secret, [
    "query_string_auth" => true
]);

edited Apr 26 '19 at 06:39

answered Apr 26 '19 at 06:20

Dieter Gribnitz

5,062
2
41
38

1

After a long time I found your solution setting the query_string_auth to true and finally I fixed it! Thanks a lot man ;) – papesky Dec 23 '19 at 10:08
@dieter Can i know which file append these codes please – Suneth Kalhara Oct 26 '20 at 04:29

score 4 · Answer 6 · answered Jul 18 '19 at 02:25

I just ran into this. Apparently something was funny with how curl was handling the url, so I had to encapsulate it in double quotes.

This doesn't work: curl https://www.my-site.com/wp-json/wc/v3/orders?consumer_key=ck_40097dbc2844ce7712e1820bcadf0149c2bedegh&consumer_secret=cs_ab57e19263af0b9ab4c596c310f1e7904bb20123

This does work: curl "https://www.my-site.com/wp-json/wc/v3/orders?consumer_key=ck_40097dbc2844ce7712e1820bcadf0149c2bedegh&consumer_secret=cs_ab57e19263af0b9ab4c596c310f1e7904bb20123"

score 3 · Answer 7 · edited May 26 '20 at 13:27

3

You can try Oauth 1.0 with postman:

edited May 26 '20 at 13:27

Ardent Coder

3,777
9
27
53

answered May 26 '20 at 11:57

sultanmyrza

4,551
1
30
24

score 3 · Answer 8 · answered Apr 10 '21 at 14:10

3

Problem solved by adding this line below to the end of .htaccess file

All you need to add this line to .htaccess , this work with me

SetEnv HTTPS on

And make sure use OAuth 1.0 for Authorization

answered Apr 10 '21 at 14:10

Salahaddin mohammed

167
2
4

score 2 · Answer 9 · answered Aug 15 '20 at 06:30

2

Try making the request using query parameter, like this:

https://www.exemple.com/wp-json/wc/v3/orders?consumer_key=ck_01234567890&consumer_secret=cs_01234567890

here: https://www.exemple.com you'll need to fill your url domain.

here: consumer_key and consumer_secret is your ck and cs that was previous genereted on WooCommerce > Settings > Advanced > REST API

answered Aug 15 '20 at 06:30

Eduardo de Santana

611
8
14

This worked for me (y) – Asim Jan 07 '22 at 06:38

score 2 · Answer 10 · answered Feb 11 '21 at 23:57

I just ran into this, I was getting the exact same error message as OP. I was using https and OAuth 1. The problem ended up being the domain. I was trying to access example.com when the correct domain for the site was www.example.com.

This URL returns 401 woocommerce_rest_cannot_view error:

https://example.com/wp-json/wc/v3/products

This URL works and returns results:

https://www.example.com/wp-json/wc/v3/products

score 1 · Answer 11 · answered Dec 17 '19 at 11:29

Here is a modified answer to Quickredfox's anwer:

add_filter('woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4);

function my_woocommerce_rest_check_permissions($permission, $context, $object_id, $post_type) {
    if($_GET['consumer_key'] == 'asdfghj' && $_GET['consumer_secret'] == 'qwerty') {
        return true;
    }

    return $permission;
}

The downside to this is that the flexibility of adding and revoking access for users using a gui is lost. However, if nothing else works and you just can't figure out why, this will work and does not expose the API to the whole world.

Oh, and this requires passing the key and secret as parameters a la:

https://foo.bar.com/wp-json/wc/v3/products/123&consumer_key=asdfghj&consumer_secret=qwerty

This will work without https, but if you use it without https, remember that any credentials you send along with your request will be sent in plain text.

score 0 · Answer 12 · answered Feb 21 '20 at 14:17

0

For local development (localhost) you can also use Basic Auth (e.g. for Postman) instead of Consumer Key & Consumer Secret. It works seamlessly.

answered Feb 21 '20 at 14:17

michal-michalak

827
10
6

score 0 · Answer 13 · edited Mar 02 '21 at 00:37

0

Add this code to function.php to fix the problem:

add_filter( 'woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4 );

function my_woocommerce_rest_check_permissions( $permission, $context, $object_id, $post_type  ){
  return true;
}

edited Mar 02 '21 at 00:37

John Conde

217,595
99
455
496

answered Mar 01 '21 at 21:08

us3n

17
1

1

Doesnt this disable any form of authentication? – TJHeuvel Apr 24 '22 at 06:52

score 0 · Answer 14 · answered Mar 05 '21 at 04:37

in node js code would be

const WooCommerceRestApi = require("@woocommerce/woocommerce-rest-api").default;
 
const api = new WooCommerceRestApi({
  url: "http://example.com",
  consumerKey: "ck_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  consumerSecret: "cs_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  queryStringAuth: true,
  version: "wc/v3"
});

score 0 · Answer 15 · answered May 10 '22 at 08:23

It's sometimes an error with wordpress htaccess configuration (only if you are accessing website by https).

For some reason woocommerce want you to authorize with basic authentication when your are connecting through https which some hosting blocks so you need to unlock it.

you need to change

RewriteRule ^index\.php$ - [L]

To

RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

WooCommerce - woocommerce_rest_cannot_view - Status 401

15 Answers15

Linked