WooCommerce REST API with Google UrlFetchApp header authorization not working

1
votes

CURRENTLY

I am utilising WooCommerce REST API in my Google Scripts with the following working code:


    var ck = "ck_longstringlongstringlongstringlongstring";
    var cs = "cs_longstringlongstringlongstringlongstring";
    var website = "https://www.mywebsite.com.au";

    var url = website + "/wp-json/wc/v3/orders?consumer_key=" + ck + "&consumer_secret=" + cs; 

    var options =
        {
          "method": "GET",
          "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
          "muteHttpExceptions": true,
        };

    var result = UrlFetchApp.fetch(url, options);

PROBLEM

To improve security, I want to put consumer key and secret into the header, but I cannot get the following script to work

   var url = website + "/wp-json/wc/v3/orders; 

   let authHeader = 'Basic ' + Utilities.base64Encode(ck + ':' + cs);

    var options =
        {
          "method": "GET",
          "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
          "muteHttpExceptions": true,
          "headers": {"Authorization": authHeader},
        };

    var result = UrlFetchApp.fetch(url, options);

Current result = {"code":"woocommerce_rest_cannot_view","message":"Sorry, you cannot list resources.","data":{"status":401}}

Expected result = JSON of orders

Is it an issue with my code? Or with WooCommerce API or Google Scripts?

1
wordpressgoogle-apps-scriptwoocommercehttp-status-code-401woocommerce-rest-api
See minimal reproducible example. Describe the problem. "It doesn't work" isn't descriptive enough to help people understand your problem. Instead, tell other readers what the expected behavior should be. Tell other readers what the exact wording of the error message is, and which line of code is producing it. Use a brief but descriptive summary of your problem as the title of your question. - TheMaster
@TheMaster, I have added this. - Wronski
Try curl -u or postman and confirm that the url and key/secret works properly. - TheMaster
@TheMaster, I tried a curl command in postman with the result the same as in google script i.e. { "code": "woocommerce_rest_cannot_view", "message": "Sorry, you cannot list resources.", "data": { "status": 401 } } Doing some more digging, it seems similar to issue mentioned on wordpress.org/support/topic/woocommerce-rest-api-error-401 - Wronski

1 Answers

0
votes

There are a few issues with your code.

With UrlFetchApp.fetch() you need to use contentType instead of Content-Type.

However, in this case you don't even need to set it since application/x-www-form-urlencoded is the default. Same goes for the method property; it defaults to GET.

Moreover, if you want to err on the side of caution use Utilities.base64EncodeWebSafe(data, charset) to base64 encode your credentials instead of the non-web-safe version.

let url = website + "/wp-json/wc/v3/orders"; 
let encoded = Utilities.base64EncodeWebSafe(ck + ':' + cs, Utilities.Charset.UTF_8);

let options = {
    "muteHttpExceptions":true,
    "headers": {
        "Authorization": "Basic " + encoded
    }
};

let result = UrlFetchApp.fetch(url, options);
result = JSON.parse(result);