rest api capabilites

  • Resolved jnz31

    (@jnz31)


    9 months, 3 weeks ago

    hi!

    i have a question regarding the rest api and its functionality regarding customers. currently i′m developing a spa, few plugins, only latest versions. i created a customer account and generated api keys tied to that user. now when i try to change user credentials, see orders, create orders, i always get 403 (orders: woocommerce_rest_cannot_view customers/id: woocommerce_rest_cannot_view, …). i would have thought, that i could use the api to do so, but nothing works. brings the question, why i can create api access for customers in the first place.

    to be sure, i also created credentails for admin and when i try to do any of the above mentioned actions, they succeed. but of course i don′t want to expose admin api credentials.

    so my question is: is this correct behavior, or is this a bug of some sort?

Viewing 1 replies (of 1 total)
  • Plugin Support Shameem R. a11n

    (@shameemreza)

    Hi @jnz31,

    When you generate API keys for a customer user role, those keys come with certain permissions. In the case of a customer, they have limited capabilities and are typically only able to view and edit their own details. They don’t have the ability to view or edit orders, which is why you’re seeing the 403 error messages.

    This is intentional behavior and not a bug. It’s designed this way to protect your store’s data and keep it secure.

    If you need more capabilities, you might consider creating a custom user role with more specific permissions. However, as you mentioned, you should avoid using admin credentials due to the potential security risks. It’s always best to use the least permissions necessary to accomplish your tasks. More info can be found here: https://woocommerce.github.io/woocommerce-rest-api-docs/#introduction

    I hope this clarifies your concern. If you have any other questions, feel free to ask.

Viewing 1 replies (of 1 total)
  • The topic ‘rest api capabilites’ is closed to new replies.