REST API Order Update request getting 400 error (Bad Request)

Sorry updated question below due to bad copy/paste !!

Hi

We have the Rest API integration working for our client, numerous requests work without issue however when trying to update the status to “completed” (the orders are already in processing status) I always get a https status code of 400, the curl raw response is a HTML 400 bad requests page. The request end point and body look correct :-

URL :https://<domain&gt;.com/wp-json/wc/v2/orders/111827?consumer_key=<key>&consumer_secret=<secret>

Body : “body”:”{“status”:”completed”}

The Added Rest API has correct permissions Read/Write.

On my localhost test instance the same request (different Order ID of course) works without any issues.

Any help here from what the issue could be to how to help debug the API request on the server would be greatly appreciated as I am stumped !

Thanks

Hey there ??

Thanks for the detailed steps you’ve taken so far. I have a few followup questions:

• Is there a specific reason for using the REST API v2 instead of the latest v3?
• Can you confirm whether it’s a GET and PUT request?
• Can you doublt-check for a malformed JSON body? Specifically the content-type (I doubt there’d be issues but worth checking regardless). For example:

curl -X PUT https://<your-domain>.com/wp-json/wc/v2/orders/111827 \
  -u <consumer_key>:<consumer_secret> \
  -H "Content-Type: application/json" \
  -d '{"status":"completed"}'

• Are you seeing anything in the debug/error logs?

Thank you so much for your response to answer your questions

1. V2 is used only as this integration was written sometime ago, as mentioned we have many other request working just fine so have not updated, though it may be time review that !
2. The request is a PUT request, I have confirmed using visual studio runtime debug that the cURL request is setup correctly to send the data/parameters/headers —
   • The body sent is definitely correct :- {“status”:”completed”}
   • Headers specifically set and sent “Content-Type: application/json” “Content-Length: 22”
   • URL is as described previously
3. Can you suggest which log to look into there are many of them. I performed a “search” from the logs admin screen and no 400 error or other relevant strings was found in them . In some google searches people say to switch on API logging BUT I see no way of doing that in the admin / REST API screen ??

raw response is –

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

Any tips on debugging would be great I’m not a woocommerce admin specialist ! Are there specific cURL settings needed/not needed for example ?

Language used is php 7.4 tested on both windows and Linux machines with the same result.

Hi @joflo64

Based on the information you’ve shared, it seems like the issue might be related to the server rather than the API request itself, especially since it’s working fine on your localhost. The 400 Bad Request error typically indicates that the server was unable to understand or process the request due to invalid syntax.

Here are a few things you can try:

1. As mentioned by @riaanknoetze, it might be a good idea to update to the latest version of the REST API (v3). Although the older version is still operational, the newer versions usually come with improved functionality and bug fixes.
2. The raw response you’ve shared indicates that the request is being processed by Cloudflare. Sometimes, Cloudflare or server WAF settings can block certain requests if they appear suspicious. You might want to check your Cloudflare settings or contact their support to see if this could be causing the issue.
3. Check server error or access logs. You can usually find these in your hosting account’s control panel. It might provide more information about why the server is returning a 400 error.

I hope this helps! If you have any other questions, feel free to ask.

Thank you both for your responses.

I hope to get access to the client’s server and have access to an “Admin” account in Woo so I can go through these suggestions.

Of Note: I used a browser plugin to run the “raw” REST request against the target domain and suprise the request went through with the order being updated as expected ????

So that adds some confusion to the mix. The php code that generates the request uses the native cURL library. After stepping through the code and examining variables it looks like parameters are set as expected, so again more confusion ??

I intend to create a quick script (php) so I can examine what values headers , body etc is actually sent, I’ll post results.

In the mean time any other suggestions would appreciated.

Thanks.

Hi @joflo64

I don’t think so, but since the request went through when using a browser plugin, it might be worth checking the differences between the requests sent by the plugin and your PHP code.

Let us know how that goes. Looking forward to helping you.

An update… …it appears the problem is in Cloudflare !

I was given permissions to log in as an Admin on teh clients WooCommerce site. After installing the API Log plugin I could see that the offending PUT requests from our php server, was not reaching the woo/wordpress API and therefore cloudflare is indeed rejecting the request.

When sent from the webbrowser plugin in or via the o.s command line and cURL utility the PUT request will get past Cloudflare and reach Woo !

As I don’t have access to our client’s Cloufdflare account they will be investigating why the PUT from our server is rejected.

Hopefully they will get to the bottom of this and I’ll update this thread.

Thank you all again for your suggestions to date .

Cheers.

Hi @joflo64,

It’s great to hear that you’ve made progress in identifying the source of the issue.

Every web host has security measures in place that can sometimes interfere with legitimate requests. It is possible that your server’s IP address has been flagged for some reason, causing the requests to be blocked.

Please keep us updated on the progress.

Thank you for your patience and co-operation.