WooCommerce - woocommerce_rest_cannot_view - Status 401

Question

I have generated a consumer key and consumer secret. The website has SSL installed. I have also installed plugins required for JSON and REST services. This is how the url looks like:

https://<url>/wp-json/wc/v1/products

When I am trying to get(GET) the product details using Basic Auth by using POSTMAN, a Chrome plugin, I get a JSON response like:

{
  "code": "woocommerce_rest_cannot_view",
  "message": "Sorry, you cannot list resources.",
  "data": {
    "status": 401
  }
}

I have both the READ and WRITE permissions corresponding to the Consumer key.

Answer 1

This worked for me. Setting oAuth 1.0 and Consumer Key and Consumer Secret in postman....

Answer 2

It's sometimes an error with wordpress htaccess configuration (only if you are accessing website by https).

For some reason woocommerce want you to authorize with basic authentication when your are connecting through https which some hosting blocks so you need to unlock it.

you need to change

RewriteRule ^index\.php$ - [L]

To

RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Answer 3

Problem solved by adding this line below to the end of .htaccess file

All you need to add this line to .htaccess , this work with me

SetEnv HTTPS on

And make sure use OAuth 1.0 for Authorization

Answer 4

in node js code would be

const WooCommerceRestApi = require("@woocommerce/woocommerce-rest-api").default;
 
const api = new WooCommerceRestApi({
  url: "http://example.com",
  consumerKey: "ck_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  consumerSecret: "cs_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  queryStringAuth: true,
  version: "wc/v3"
});

Answer 5

Add this code to function.php to fix the problem:

add_filter( 'woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4 );

function my_woocommerce_rest_check_permissions( $permission, $context, $object_id, $post_type  ){
  return true;
}

Answer 6

I just ran into this, I was getting the exact same error message as OP. I was using https and OAuth 1. The problem ended up being the domain. I was trying to access example.com when the correct domain for the site was www.example.com.

This URL returns 401 woocommerce_rest_cannot_view error:

https://example.com/wp-json/wc/v3/products

This URL works and returns results:

https://www.example.com/wp-json/wc/v3/products

Answer 7

Try making the request using query parameter, like this:

https://www.exemple.com/wp-json/wc/v3/orders?consumer_key=ck_01234567890&consumer_secret=cs_01234567890

here: https://www.exemple.com you'll need to fill your url domain.

here: consumer_key and consumer_secret is your ck and cs that was previous genereted on WooCommerce > Settings > Advanced > REST API

Answer 8

You can try Oauth 1.0 with postman:

Answer 9

For local development (localhost) you can also use Basic Auth (e.g. for Postman) instead of Consumer Key & Consumer Secret. It works seamlessly.

Answer 10

Here is a modified answer to Quickredfox's anwer:

add_filter('woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4);

function my_woocommerce_rest_check_permissions($permission, $context, $object_id, $post_type) {
    if($_GET['consumer_key'] == 'asdfghj' && $_GET['consumer_secret'] == 'qwerty') {
        return true;
    }

    return $permission;
}

The downside to this is that the flexibility of adding and revoking access for users using a gui is lost. However, if nothing else works and you just can't figure out why, this will work and does not expose the API to the whole world.

Oh, and this requires passing the key and secret as parameters a la:

https://foo.bar.com/wp-json/wc/v3/products/123&consumer_key=asdfghj&consumer_secret=qwerty

This will work without https, but if you use it without https, remember that any credentials you send along with your request will be sent in plain text.

Answer 11

I just ran into this. Apparently something was funny with how curl was handling the url, so I had to encapsulate it in double quotes.

This doesn't work: curl https://www.my-site.com/wp-json/wc/v3/orders?consumer_key=ck_40097dbc2844ce7712e1820bcadf0149c2bedegh&consumer_secret=cs_ab57e19263af0b9ab4c596c310f1e7904bb20123

This does work: curl "https://www.my-site.com/wp-json/wc/v3/orders?consumer_key=ck_40097dbc2844ce7712e1820bcadf0149c2bedegh&consumer_secret=cs_ab57e19263af0b9ab4c596c310f1e7904bb20123"

Answer 12

The 401 error you are getting is because you are using basic auth even though your website is not secure (does not have https).

The solution in postman is to use OAuth 1.0. Just add the consumer key and consumer secret and send the request.

Answer 13

Try this, I had the same issue with the automattic/woocommerce library and I just got it working by appending the customer_key and customer_secret to the query.

$woocommerce->get("customers/$userId?consumer_key={$this->key}&consumer_secret={$this->secret}");

---

Quick Edit

---

The above method works but I found a better solution for the automattic/woocommerce library.

Set query_string_auth to true

Had to dig into the code to find this setting.

Found nothing on it in the docs

return new Client($this->url, $this->key, $this->secret, [
    "query_string_auth" => true
]);

Answer 14

Trying to help others: I was struggling with the 401 response while trying to CURL, and also with VBA trying to request as content-type "application/json" However, I was able to pull a valid response by just entering this in my browser address bar: https://mywebsite.com/wp-json/wc/v2/products?consumer_key=ck_blahblah&consumer_secret=cs_blahblah

Following this line of thought, I went back to my VBA app and changed the content type to "application/text" and was able to pull a valid response text with response code 200. Hope this helps someone.

Answer 15

This is how i stopped worrying and moved on.

In short, the woocommerce rest controllers pretty much all have a SOMEWPRESTCLASS::get_item_permissions_check() method which in turn calls wc_rest_check_post_permissions() to decide if it returns that error;

So you hook into that and validate whichever way you want:

add_filter( 'woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4 );

function my_woocommerce_rest_check_permissions( $permission, $context, $object_id, $post_type  ){
  return true;
}

Answer 16

I met same problem.

Here is how I solve it:

require "woocommerce_api"

woocommerce = WooCommerce::API.new(
  "https://example.com",
  "consumer_key",
  "consumer_secret",
  {
    wp_json: true,
    version: "wc/v1",
    query_string_auth: true
  }
)

The key is query_string_auth: true you need to force basic authentication as query string true under HTTPS