WooCommerce Rest API "woocommerce_rest_cannot_create"

Question

I am trying to post a Product into WooCommerce Rest API using Postman and following is the Code generated in Javascript using Postman

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "http://woocommerce.dev/wp-json/wc/v1/products",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "authorization": "OAuth oauth_consumer_key=\\\"ck_da643d25cb86d32dcf1c4a684ba0fdad4acd67ce\\\",oauth_signature_method=\\\"HMAC-SHA1\\\",oauth_timestamp=\\\"1469615598\\\",oauth_nonce=\\\"oOOqcB\\\",oauth_version=\\\"1.0\\\",oauth_signature=\\\"jf%2FepKymwW9IFlv7fwHFTA3aNs8%3D\\\"",
    "cache-control": "no-cache",
    "postman-token": "2202e03b-243e-96c5-8e77-fcc8919aedbc"
  },
  "processData": false,
  "data": "{\n  \"name\": \"Premium Quality\",\n  \"type\": \"simple\",\n  \"regular_price\": \"21.99\",\n  \"description\": \"Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.\",\n  \"short_description\": \"Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.\",\n  \"categories\": [\n    {\n      \"id\": 9\n    },\n    {\n      \"id\": 14\n    }\n  ],\n  \"images\": [\n    {\n      \"src\": \"http://demo.woothemes.com/woocommerce/wp-content/uploads/sites/56/2013/06/T_2_front.jpg\",\n      \"position\": 0\n    },\n    {\n      \"src\": \"http://demo.woothemes.com/woocommerce/wp-content/uploads/sites/56/2013/06/T_2_back.jpg\",\n      \"position\": 1\n    }\n  ]\n}"
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

In return, I'm getting following response with status 401 unauthorized

{
  "code": "woocommerce_rest_cannot_create",
  "message": "Sorry, you are not allowed to create resources.",
  "data": {
    "status": 401
  }
}

Whereas with same credentials I can successfully get data with GET method at the same endpoint to get all products

http://woocommerce.dev/wp-json/wc/v1/products

Furthermore, in WooCommerce I've already given read/write permission to the user of this credentials

Answer 1

This what helped me after all those advices up was to set in simple JWT module

Protect endpoints enabled No Yes* - SET FOR YES!!!!!!!!!

The endpoints will require a JWT in order to be accessed. If no JWT is provided, rest endpoints will provide an error instead of the actual content.

Answer 2

Answer by @droa6 did not solve the issue for me

Running the endpoint through Postman showed that I had to use OAuth1.0 with for the request to work.

You can extrapolate to using the appropriate query string parameters for OAuth for your request

import axios from "axios"
import OAuth from "oauth"


const oauth = new OAuth({
  consumer: {
    key: process.env.NEXT_APP_WC_CONSUMER_KEY || "", // Replace with your WooCommerce consumer key
    secret: process.env.NEXT_APP_WC_CONSUMER_SECRET || "", // Replace with your WooCommerce consumer secret
  },
  signature_method: "HMAC-SHA1",
  hash_function(base_string, key) {
    return crypto.createHmac("sha1", key).update(base_string).digest("base64");
  },
});

await axios.post(
      `${process.env.NEXT_PUBLIC_WORDPRESS_URL}wp-json/wc/v3/orders`,
      req.body,
      {
        params: oauth.authorize({
          url: `${process.env.NEXT_PUBLIC_WORDPRESS_URL}wp-json/wc/v3/orders`,
          method: "POST",
        }),
        headers: {
          "Content-Type": "application/json",
        },
      }
    );

Answer 3

After almost 2 nights researching on this, it was related with this issue: https://github.com/WP-API/Basic-Auth/issues/35

Modify your .htaccess to make the Basic auth work, like this comment indicates: https://github.com/WP-API/Basic-Auth/issues/35#issuecomment-244001216

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

The rule has to be the first rewrite rule in the block.