Install it or no ?

Hi @dragondefeu76,

I’m sorry if our guidance wasn’t very clear, but yes: if you still need the legacy REST API (and since you are seeing an alert about this, you likely do), then our recommendation is to install and activate the Legacy REST API plugin now, to avoid any disruption.

It won’t actually do much until WooCommerce 9.0 arrives, and then it will automatically and seamlessly take charge of facilitating legacy REST API requests.

The reason we suggest installing it early is simply to avoid disruption—otherwise, if you update WooCommerce to 9.0 first, any systems relying on the Legacy REST API will stop working until you subsequently install and activate this plugin.

Also, how come I’m using the old API and Woocommerce never asked me to switch to the new one?

The Legacy REST API was deprecated a long time ago, and the hope was that third party services would naturally migrate to our currently supported REST API over time (and, a lot of time—several years—have passed, so there was ample opportunity).

It turns out, various services never made that migration.

In the future, we’ll try to communicate—with merchants, as well as third party services, a little more actively and a lot earlier—but it’s also true that in most cases it isn’t really possible for the merchant to drive this change. Generally, a merchant generates a REST API key and supplies it to a third party service, which can use the key to interact with any version of the REST API (including legacy versions).

So, we really rely on third party services keeping their code up-to-date (and that of course is not something we can directly control).

Thank you for your reply.
To understand clearly: I have the old API and I need to install the plugin to prevent this old API from working when you upgrade to Woocommerce 9.0, is that right?

For my part, I installed Woocommerce on WordPress in 2019 and I never got a notification to switch to a new API. Do you know why ?

So, rather than keeping an old API + a plugin (which one day will stop I think, right?) is it possible to switch to the new API?

How to switch to this new API? And why have I never received a call to change to the new API?

Thank you

To understand clearly: I have the old API and I need to install the plugin to prevent this old API from working when you upgrade to Woocommerce 9.0, is that right?

So, the old API will stop working as of WooCommerce 9.0 but, if you still need it, you can install the Legacy REST API plugin (and we encourage you do that as early as possible).

I installed Woocommerce on WordPress in 2019 and I never got a notification to switch to a new API. Do you know why ?

No warnings would have been generated by WooCommerce itself until recently.

So, rather than keeping an old API + a plugin (which one day will stop I think, right?) is it possible to switch to the new API?

Yes, the Legacy REST API plugin is intended as a temporary measure. It too will stop working at some point.

It is certainly possible to switch to the new API, which is documented here and here. If you have control over an application that uses the API (that is, if you are the developer), you can update it accordingly by referring to those resources I linked to.

Of course, most merchants who are impacted by this change will not be able to update things directly, because the code will be managed by someone else (a third party service, with whom you shared an API key). If WooCommerce thinks you are impacted, you should see an admin notice looking like this:

The WooCommerce Legacy REST API has been accessed 5 time(s) since 11 January 2024. There are 1 known user agent(s) registered. There are more details in the WooCommerce log files (file names start with legacy_rest_api_usages)

Follow the advice, visit the logs, and you should be able to find information that will hint at the name of whichever service is still using the Legacy REST API (I use the word ‘hint’, because this is an imperfect science, but the system does its best).

By doing this, you might learn that you previously shared an API key with SuperMegaDropShipping.com, who are still using the Legacy REST API: you could then contact them and ask them to update.

Does that make more sense? I realize it’s a fairly tricky one to understand.

Thank you for these responses.
I’m afraid this is beyond my skills. I am a webmaster, but self-trained and I am not a developer.

I don’t have any notifications as you describe. As a message, I only have the one in screenshot. https://prnt.sc/SAUwNe8M1OdE

In terms of API key used by third parties I only have 3 (see screenshot) https://prnt.sc/kMZUlVrn0x5j

I thought the API key (old or new) was for Woocommerce itself and the site store, not for Woocommerce and a third-party service.

I am a webmaster, but self-trained and I am not a developer.

That’s fine, we definitely don’t expect developer-level skills … but, unfortunately, we seem to be struggling to find the right words to guide you and others.

As a message, I only have the one in screenshot. https://prnt.sc/SAUwNe8M1OdE

• OK, and if you click on ‘API REST’ do you see any keys listed?
• If you further click on ‘Crochets Web’ do you see anything listed there and, if you do, do you see any legacy (ancienne) hooks?

If the answer to both those questions is no, you can safely disable the Legacy REST API and do not need to install this plugin.

Thank you also for your patience.

When I click on REST API I see this https://prnt.sc/ZW261nLczNHO
Of the 3 keys, to my knowledge only one is really active (linked to Sendinblue, an email marketing booster, comparable to Mailchimp)

And on the web hook this (I have nothing)
https://prnt.sc/zLmEwTVzfoMD

OK, great, and do you see any admin notices similar to the one I shared earlier (something like the following example)?

The WooCommerce Legacy REST API has been accessed 5 time(s) since 11 January 2024. There are 1 known user agent(s) registered. There are more details in the WooCommerce log files (file names start with legacy_rest_api_usages)

If you do not (and I don’t see it in the screenshots you have shared so far) then that indicates you can safely disable the Legacy REST API.

If you want to be extra safe, though, you could always reach out to Sendinblue or other services you have integrated with, and ask them if they are still using the Legacy REST API (however, if you are not seeing the above notice that would seem unlikely).

Does that help at all?

Yes, it help! Actually I don’t have any message like the one you put in your message.

Ok, it looks like I can disable Legacy REST API. So I just need to uncheck the box, and that’s it?

And if there is ever an error, can I check again? (and then install the plugin). But I think you are right and I can disable.

Fantastic!

So I just need to uncheck the box, and that’s it?

Yes, exactly—and you do not need to install this plugin (WooCommerce Legacy REST API, that is).

And if there is ever an error, can I check again? (and then install the plugin).

Yes, except that if for any reason you needed to do this after the 9.0 release (scheduled for June 2024), you would start by installing and activating this plugin.

I think you are right and I can disable.

It sounds like that is a safe and reasonable choice in this situation: thanks for working through this, and our apologies for the initial lack of clarity.

Well, it’s done and everything seems working fine. So, a big thank you for your patience and your explanations. I think it might help others too, I hope.

Top quality support here @barryhughes-1 ??

You’re a credit to the Woo team.

Hello

I come back.
I have this alert message that appears when the customer wants to pay by paypal:
NOT_ENABLED_TO_VAULT_PAYMENT_SOURCE The API caller or the merchant on whose behalf the API call is initiated is not allowed to vault the given source. Please contact PayPal customer support for assistance.

Do you know why, do you think it’s related to disabling the REST API?

Thank you, Phil ??

I have this alert message that appears when the customer wants to pay by paypal:

NOT_ENABLED_TO_VAULT_PAYMENT_SOURCE The API caller or the merchant on whose behalf the API call is initiated is not allowed to vault the given source. Please contact PayPal customer support for assistance.

Do you know why, do you think it’s related to disabling the REST API?

@dragondefeu76 I don’t think that is related to this change or this extension.

Are you using WooCommerce PayPal Payments, and if so might the problem you are describing relate to this report? It seems like it may have been resolved as of the 2.5.2 release, but do check out this note for more information.

Ok, Great, thank you. You saved me a lot of time ! You were right, I run WooCommerce PayPal Payments and this is exactly this problem. I roll back to a previous version.

Thank you one more time !