The WooCommerce REST API provides Basic authentication over HTTPS using either:
- Header Authentication; or
- Query String Authentication
Header Authentication is where the access credentials (consumer key and consumer secret) are sent with each HTTP request, usually within an
Each request will basically contain a header like:
Authorization: <type> <credentials>
<type> value will be
<credentials> value will be a base 64 encoded version of
Query String Authentication
Query String Authentication is where the access credentials (consumer key and consumer secret) are sent with each HTTP request as URL query parameters.
The URL will basically be appended with the following parameters (along with any other parameters that need to be sent).:
Query String Authentication is considered less secure than Header Authentication as there is a much greater likelihood that the credentials will be recorded by logging mechanisms (or anything that records the URL), and therefore there is a much greater likelihood that the credentials can be exposed.
Technical documentation for the WooCommerce REST API can be found here.