Use Oauth 1 and the WooCommerce REST API to retrieve order details.
A few weeks ago I tried to use the WooCommerce REST API to create an order. I abandoned the REST API and completed the project as a standalone script.
I was determined to find a way to use the REST API. I posted a question on the WordPress Ireland Facebook group. Diego Zanella of Aelia (Currency Switcher for WooCommerce) directed me to use OAuth ‘one-legged’ authentication.
Postman to cURL
I created REST API keys within WooCommerce. You need to select a user that has the capability to access the endpoint that you will be using. In my testing I will be viewing orders so I chose the site admin and generated a consumer key and consumer secret.

I used Postman with OAuth 1.0 and added the consumer key and consumer secret to the Authorization section. The url is to retrieve a single order.

This worked! I used the ‘Code‘ feature to get the PHP cURL code to achieve the same result. I was not able to use the code again because some of the fields have to be regenerated for each request.
Postman automatically generates some of the required values (timestamp, nonce and signature). It was easy to generate a timestamp (simply using ‘time()‘) and a nonce (using ‘uniqid()‘). The hard part was that when these are changed the ‘oauth_signature‘ value needs to be updated to incorporate the new values.
It took a lot of work reading through the WooCommerce source to find out how to regenerate the ‘oauth_signature‘. I eventually copied bits of code from the WooCommerce WC_REST_Authentication class.
Code
Returned Data
Next Steps
I plan to work on creating an order with the REST API and then update the Thrivecart script to use the new code.
Some bug is on your code. Woocommerce require oauth_version to calculate signature.
$oauth_version = '1.0'; $params = array( 'oauth_consumer_key' => $consumer_key, 'oauth_nonce' => $nonce, 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_timestamp' => $timestamp,'oauth_version' => $oauth_version);
@Łukasz: Thanks for your comment. I tried my code on WooCommerce 3.9.2 and WordPress 5.3.2 and it works without change. The WooCommerce REST API docs say:
Maybe it’s a problem of Woocommerce 3.7 on which I tried. Copy of Authentication file from newer version solved problem. Thank You for help.
Hi,
Could you please tell me where in the file system should I put the show-single-order-rest-api.php file?
I tried at the root directory of my website and got — cURL Error #:Empty reply from server —
I also changed the url to $request_uri = ‘https://mydomain.co.uk/wp-json/wc/v3/orders/76265’;
Is this correct?
Thank you
@Frederic: I put the file in my root directory but it doesn’t even have to be on the same server as the WooCommerce site.
Did you create an API key to use? Did you update the code with those two new keys?
I ran it on a local site with WordPress 5.5 and WooCommerce 4.5.2 and it works for me. I didn’t get it to work on a Siteground site but I didn’t have time to debug that.
How cab this php code be modified for a POST request to the WooCommerce REST API ? Thanks
@leraille – Change $http_method to POST. On line 32:
$http_method = 'POST';
I have not tried to use an endpoint that requires POST e.g. creating an order.
Hi Damien
the code give me:
{“code”:”json_oauth1_missing_parameter”,”message”:”Missing OAuth parameter oauth_token”,”data”:{“status”:401}}
@Tommaso – I cannot see this error. I tried it from an incognito browser window to a site with WooCommerce 5.5.1 and WordPress 5.7.2. I got the response shown in the ‘Returned Data’ section.
Hi Damien, I solved the problem by entering the oauth version, I don’t know why it is mandatory for me, I’m using “WP 5.7.2” and “WOO 5.5”. Consider that I have adapted the function to use it with the API of the “Customer Specific Pricing for WooCommerce” plugin
Thanks so much.
Thank you for sharing this. Saved a lot of time
How can i pass the like below http://localhost/wordpress527/wp-json/wc/v3/products?per_page=10&search=test
@hardik – You should be able to pass parameters as you suggest – the WordPress REST API handbook has a section on Query Parameters and shows exactly this.
I wasn’t able to get this to work in my code. I tried adding it to $request_uri but it gave me an error:
{"code":"woocommerce_rest_authentication_error","message":"Invalid signature - provided signature does not match.","data":{"status":401}}
I tried adding it to the $params array and got the same error. I got the same error when I added it to the CURLOPT_URL option.
This is probably a good question for WordPress StackExchange.
Papi chulo, eres el mejor!!!, estaba buscando esta respuesta por mucho tiempo!!!.
You are the best!!!
can you share the same code using JS?
Your post was very helpful, thank you, Damien! :)