Woocommerce rest api auth with token

Question

I'm building a custom app to publish product from frontend. The problem is, I can log the user with the JWT Auth plugin who give me a token. But I can't use this one to create product.. The only thing who works is basic auth with username & password. But I don't want to pass the password for the request.

When I try with Postman the Bearer auth token, POST with /wp-json/wc/v2/products, I receive this error : woocommerce_rest_cannot_create

A way to do this ?

Answer 1

Just see the date and time of the device you are using

I lasted 6 hours solving the problem I wasted my time and when I ran out of patience, by chance, I tried changing the computer's time, as it was different, the problem was solved

Answer 2

this error might appear due to multiple reasons , first don't use postman oAuth1.0 instead used the basic authintication . try replacing username and password with your consumer key.

**Modify your .htaccess to make the Basic auth work,

paste this :

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

second reason , missing variables with posting/curl/fetch your url or not filling the requirements of the rest api. here is few tips which can help to resolve this issue .

OAuth tips The OAuth parameters may be added as query string parameters or included in the Authorization header.

Note there is no reliable cross-platform way to get the raw request headers in WordPress, so query string should be more reliable in some cases. The required parameters are: oauth_consumer_key, oauth_timestamp, oauth_nonce, oauth_signature, and oauth_signature_method. oauth_version is not required and should be omitted.

The OAuth nonce can be any randomly generated 32 character (recommended) string that is unique to the consumer key. Read more suggestions on generating nonces on the Twitter REST API forums.

The OAuth timestamp should be the unix timestamp at the time of the request. The REST API will deny any requests that include a timestamp outside of a 15 minute window to prevent replay attacks.

You must use the store URL provided by the index when forming the base string used for the signature, as this is what the server will use. (e.g. if the store URL includes a www sub-domain, you should use it for requests)

You may test your generated signature using LinkedIn’s OAuth test console – leave the member token/secret blank.

Twitter has great instructions on generating signatures with OAuth 1.0a, but remember tokens are not used with this implementation.

Note that the request body is not signed as per the OAuth spec, see Google’s OAuth 1.0 extension for details on why.

If including parameters in your request, it saves a lot of trouble if you can order your items alphabetically. Authorization header is supported starting WooCommerce 3.0.

Please note that for current versions of WordPress, using the json_url_prefix filter no longer works.

On WordPress 4.7 (and using the REST API from the core instead of a plugin), this is what you have to do to change the API prefix.

add_filter( 'rest_url_prefix', 'my_theme_api_slug'); 
function my_theme_api_slug( $slug ) { return 'api'; }

If this doesn't work straight away, you'll need to flush the rewrite rules. You can run this piece of code once to do so (don't leave it in your code so it runs everytime)

flush_rewrite_rules(true);