Woocommerce rest api invalid signature (error 401) on post request

Question

I am working on an Ionic 2 project for a woocommerce store. I am using Woocommerce REST API in my app and for testing the API with OAuth-1.0 using Postman Chrome App. I am getting proper responses with GET requests but for POST requests, I am getting error of signature mismatch, as:

{
  "code": "woocommerce_rest_authentication_error",
  "message": "Invalid Signature - provided signature does not match.",
  "data": {
    "status": 401
  }
}

score 2 · Answer 1 · answered Sep 06 '17 at 09:52

I struggled with this for a few days (using angular) and finally figured out that it was a CORS issue. The browser actually sends an OPTIONS request, which the woocommerce-api receives as GET. Using this tool helped with troubleshooting.

Finally solved it by setting my .htaccess as follows;

RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"

You can refer to this answer for a detailed explanation

To clarify (please correct me if I'm wrong): the `RewriteCond` and `RewriteRule` basically return a `HTTP 200` for every `OPTIONS` request. The browser (in a HTTPS environment, at least) issues an `OPTIONS` call before every `GET/POST/etc` call. If that gives back a `200`, it's authorized to do the *actual* call. — Jeff Huijsmans, Sep 06 '17 at 10:02

Woocommerce rest api invalid signature (error 401) on post request

1 Answers1