The WooCommerce REST API provides Basic authentication over HTTPS using either:

  • Header Authentication; or 
  • Query String Authentication

Header Authentication

Header Authentication is where the access credentials (consumer key and consumer secret) are sent with each HTTP request, usually within an Authorization  header.

Each request will basically contain a header like:

Authorization: <type> <credentials>

The <type> value will be Basic .

The <credentials>  value will be a base 64 encoded version of '<consumer_key>:<consumer_secret>'  .

Query String Authentication

Query String Authentication is where the access credentials (consumer key and consumer secret) are sent with each HTTP request as URL query parameters.

The URL will basically be appended with the following parameters (along with any other parameters that need to be sent).:

 consumer_key=<consumer_key>&consumer_secret=<consumer_secret> 

Query String Authentication is considered less secure than Header Authentication as there is a much greater likelihood that the credentials will be recorded by logging mechanisms (or anything that records the URL), and therefore there is a much greater likelihood that the credentials can be exposed.

More Information

Technical documentation for the WooCommerce REST API can be found here.

Did this answer your question?