Determine the URL to download a PDF invoice directly?

  • Resolved turbodb

    (@turbodb)


    1 month, 2 weeks ago

    Loving the plugin, thanks!

    I manage most of my WC sales through Excel, and part of that process is to save/archive PDF invoices for all of my orders by clicking a link in Excel that navigates to the WC order page, and then I right-click on the “PDF Invoice” button, to “Save link as…”

    That causes the browser to navigate/save the URL in the format:
    https://adventuretaco.com/wp-admin/admin-ajax.php?action=generate_wpo_wcpdf&document_type=invoice&order_ids=[id]&access_key=[nonce]

    What I’d like to do is have the link I click in Excel navigate me directly to the PDF invoice download URL. I can generate that URL entirely in Excel except for the access_key=[nonce].

    If I try to access the URL without the access_key, I get the error:
    You do not have sufficient permissions to access this page. Reason: empty access key

    Is there a way to generate a URL that will still require me to be logged in to the site in the browser, but not require the access_key=[nonce] on the querystring?

    If not, could such a feature be added? Why is the existing auth session cookie (or whatever WP users natively to authenticate users for all other resources) not used in this situation?

    • This topic was modified 1 month, 2 weeks ago by turbodb.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Yordan Soares

    (@yordansoares)

    Hi @turbodb,

    You could try switching the link access type to “Full” in WooCommerce > PDF Invoices > Advanced > Settings?> Document link access type:

    This will use the order key in the document links, which is a static value stored in the order data, instead of a nonce, a temporary key with a limited lifespan, which is used by default.

    Thread Starter turbodb

    (@turbodb)

    Thanks @yordansoares, I noticed those options for access (and I thought I mentioned them in my question, but I see now that I didn’t).

    I would still like to require that access to the invoices require that the user be logged in, since that seems like a good practice from a data-access point of view.

    Why is a nonce used instead of the existing auth session cookie (or whatever WP users natively to authenticate users for all other resources) in this situation?

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.