WooCommerce REST API Error 401

Some server environments struggle with auth because they do not support headers, and whist this can be fixed via htaccess, I’ve seen some other reports of those htaccess being removed by something after updates.

Can you try posting to the API without headers, instead using querystring? /api/endpoint/?consumer_key=X&consumer_secret=X

The same problem with the suggested solution. if this is an “htaccess” problem, then why it was working fine before the update?

> I’ve seen some other reports of those htaccess being removed by something after updates.

^ because.

e.g. some users fixed this with:

# BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

Show me the request you’re making with the query string auth (X out your keys).

This is how I am trying to access, I am getting the same error from POSTMAN as well. I made changes in .htaccess file as per your suggestion, still getting the same error.

$woocommerce = new Client(
‘https://example.com/’,
‘ck_1XXXXXXXXXXXXXXXXXfda’,
‘cs_6XXXXXXXXXXXXXXXXX8a8’,
[
‘wp_api’ => true,
‘version’ => ‘wc/v3’,
‘query_string_auth’ => true,
]
);

print_r($woocommerce->get(‘orders/123456’));

Please try without the client code and instead put the full API url with query string keys into browser address bar and see if you get the same error. This is to rule out the client. I’m having no issues with API and auth locally using Insomnia client or direct via browser.

I am using NGINX web server, Is there any specific setting with NGINX?

.htaccess does for work on nginx afaik :p thats for apache.

Did you try what I said? The query string will avoid the headers that cause issues like this.

Tried with the postman, PHP code and browser address bar (query string). I am getting the same error for all the mentioned methods. Above methods are working fine on older Woocommerce version on the same server (I have 2 Woocommerce sites running on the same server). This is the first time I am getting this kind of error after the update.

Should I downgrade the Woocommerce? What about the new database, will it work with the older Woocommerce version?

Probably better to find a solution… can you contact the help desk so someone can get access and test this on your environment?

How to contact the help desk?

https://woocommerce.com/contact-us/ or you can ping me via https://github.com/mikejolley

I cannot see any code changes that would impact auth yet..

Thank you @mikejolley for your help.

Woocommerce version 3.6.0 and 3.6.1 has same content for “is_request_to_rest_api()” function. My system was working fine with 3.6.0 but it stops working with 3.6.1

This is how I solved my problem, I de-activated all the plugins. First I activated Woocommerce and test the WP REST API request and it worked. Then I started activating rest of the plugins to check if a plugin is creating the problem. Finally, I activated all of the plugins and none of them created the problem. I don’t know what happened, why it was not working earlier. I am happy it’s working now.

Thank you @mikejolley once again for your help.
??

Hi,

I have a similar problem, this is the first time i set up the API, through Postman i cannot login with API keys, but doing it directly in URL: ‘/api/endpoint/?consumer_key=X&consumer_secret=X’
This does work for me!
What does this mean, and what can i do about it?
Running on Apache btw. I tried adding in htaccess:

RewriteRule ^index\.php$ – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
&
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

but no luck so far

Thanks!

• This reply was modified 5 years, 10 months ago by smurf9852. Reason: more info

I run into the same issue after I had changed the server. I got a 401 response with the v3 API.

After changing the .htaccess like Mike proposed the problem was solved.

Only line changed:

RewriteRule ^index\.php$ – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

I had this issue around the same time as a few other people.

After a bit of a process of elimination and disabling all of my plugins as above I found that 2 discount plugins (1 being Dynamic Discounts and the other being Varteck pricing both break the REST API after the WooCommerce update around the middle of April.

I have left them both disabled for the moment and everything is working ok.