From caa04a2e7dd8460b967e46352fe6ad45b174f0b2 Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Tue, 31 May 2016 14:37:12 +0100 Subject: [PATCH 1/3] Intro --- source/includes/wp-api-v1/_introduction.md | 72 ++++++++-------------- 1 file changed, 27 insertions(+), 45 deletions(-) diff --git a/source/includes/wp-api-v1/_introduction.md b/source/includes/wp-api-v1/_introduction.md index bfa2406b..c07f9958 100644 --- a/source/includes/wp-api-v1/_introduction.md +++ b/source/includes/wp-api-v1/_introduction.md @@ -1,68 +1,50 @@ # Introduction # -Introduced in WooCommerce 2.6, our integration with the WP REST API allows WooCommerce data to be created, read, updated, and deleted using JSON format. - -## Requirements ## - -You must be using WooCommerce 2.6 or newer and WordPress 4.4 or later. You must enable pretty permalinks in `Settings > Permalinks` (default permalinks will not work). - - - -## Version ## +As of WooCommerce 2.6, WooCommerce is fully integrated with the WordPress REST API. This allows WooCommerce data to be created, read, updated, and deleted using requests in JSON format, and using all supported WordPress REST API Authentication methods. The current WP REST API integration version is `v1` which takes a first-order position in endpoints. The following table shows API versions present in each major version of WooCommerce: -| Version | WooCommerce | WordPress | -|---------|-------------|--------------| -| `v1` | 2.6.x | 4.4 or later | - -## Differences between our old REST API and the WP REST API integration ## - -* Our integration is a new REST API, some endpoints can look like our new REST API, but we adopted the same data format and standards from the WP REST API. -* Enabled by default with the WP REST API. -* WP REST API integration includes batch endpoints for coupons, customers, orders, refunds, products, attributes, categories, tags, taxes and webhooks. -* New format and parameters for coupons, orders, products and some taxomonies to reflect changes in the WooCommerce core. -* Adopted the use of schemas for all endpoints (accessed when doing OPTIONS request). -* Our API Keys, authentication endpoint and webhooks still works with this new REST API. - - - -### API Docs for past versions ### - -* [WooCommerce REST API v1 docs](v1.html) -* [WooCommerce REST API v2 docs](v2.html) -* [WooCommerce REST API v3 docs](v3.html) +| Version | WooCommerce Version | WordPress Version | +|---------|---------------------|----------------------| +| `v1` | 2.6.x | 4.4 or later | -## Requeriments ## +## Requirements ## -* WooCommerce 2.6 or later. -* WordPress 4.4 or later. -* Pretty permalinks enabled. +To use the latest version of the REST API you must be using WooCommerce 2.6+, as well as WordPress 4.4+. You must also enable pretty permalinks in `Settings > Permalinks` so that the custom endpoints are supported. __Default permalinks will not work.__ You may access the API over either HTTP or HTTPS, but *HTTPS is recommended where possible*. -## Requests/Responses ## - -@TODO +## Request/Response Format ## The default response format is JSON. Requests with a message-body use plain JSON to set or update resource attributes. Successful requests will return a `200 OK` HTTP status. Some general information about responses: * Dates are returned in [RFC3339](http://www.ietf.org/rfc/rfc3339.txt) format in UTC timezone: `YYYY-MM-DDTHH:MM:SSZ` - * Resource IDs are returned as integers. - * Any decimal monetary amount, such as prices or totals, will be returned as strings with two decimal places. The decimal separator (typically either `.` or `,`) is controlled by the site and is included in the API index. This is by design in order to make localization of API data easier for the client. You may need to account for this in your implementation if you will be doing calculations with the returned data (e.g. converting string amounts with commas to decimal places before performing calculations). - * Other amounts, such as item counts, are returned as integers. - * Blank fields are generally included as `null` instead of being returned as blank strings or omitted. +## Legacy API ## + +Prior to 2.6, WooCommerce had it's own REST API independent from WordPress. The differences between the new API and legacy API are as follows: + +* In the new API, the WordPress REST API handles authentication instead of our API. +* The WP REST API integration includes batch endpoints for coupons, customers, orders, refunds, products, attributes, categories, tags, taxes and webhooks. +* New formats and parameters for coupons, orders, products and some taxomonies to reflect changes in the WooCommerce core. +* We've adopted the use of schemas for all endpoints (accessed when doing OPTIONS requests). + +Our API Keys, authentication endpoint and webhooks still work with the new API. + +Documentation for the legacy APIs can be found below: + +* [WooCommerce REST API v1 docs](v1.html) +* [WooCommerce REST API v2 docs](v2.html) +* [WooCommerce REST API v3 docs](v3.html) + +# Topics # + ## Authentication ## @TODO @@ -394,7 +376,7 @@ var WooCommerce = new WooCommerceAPI({ ``` ```php - Date: Tue, 31 May 2016 15:30:50 +0100 Subject: [PATCH 2/3] Intro shuffle --- source/includes/wp-api-v1/_introduction.md | 392 ++++++++++----------- source/javascripts/app/_toc.js | 1 - 2 files changed, 188 insertions(+), 205 deletions(-) diff --git a/source/includes/wp-api-v1/_introduction.md b/source/includes/wp-api-v1/_introduction.md index c07f9958..b47b7eaf 100644 --- a/source/includes/wp-api-v1/_introduction.md +++ b/source/includes/wp-api-v1/_introduction.md @@ -1,6 +1,6 @@ # Introduction # -As of WooCommerce 2.6, WooCommerce is fully integrated with the WordPress REST API. This allows WooCommerce data to be created, read, updated, and deleted using requests in JSON format, and using all supported WordPress REST API Authentication methods. +WooCommerce 2.6+ is fully integrated with the WordPress [REST](http://en.wikipedia.org/wiki/Representational_State_Transfer) API. This allows WooCommerce data to be created, read, updated, and deleted using requests in JSON format, and using WordPress REST API Authentication methods, and standard HTTP verbs, which are understood by most HTTP clients. The current WP REST API integration version is `v1` which takes a first-order position in endpoints. The following table shows API versions present in each major version of WooCommerce: @@ -10,21 +10,14 @@ The current WP REST API integration version is `v1` which takes a first-order po ## Requirements ## -To use the latest version of the REST API you must be using WooCommerce 2.6+, as well as WordPress 4.4+. You must also enable pretty permalinks in `Settings > Permalinks` so that the custom endpoints are supported. __Default permalinks will not work.__ +To use the latest version of the REST API you must be using: -You may access the API over either HTTP or HTTPS, but *HTTPS is recommended where possible*. +* WooCommerce 2.6+ +* WordPress 4.4+ +* Pretty permalinks in `Settings > Permalinks` so that the custom endpoints are supported. __Default permalinks will not work.__ +* You may access the API over either HTTP or HTTPS, but *HTTPS is recommended where possible*. -## Request/Response Format ## - -The default response format is JSON. Requests with a message-body use plain JSON to set or update resource attributes. Successful requests will return a `200 OK` HTTP status. - -Some general information about responses: - -* Dates are returned in [RFC3339](http://www.ietf.org/rfc/rfc3339.txt) format in UTC timezone: `YYYY-MM-DDTHH:MM:SSZ` -* Resource IDs are returned as integers. -* Any decimal monetary amount, such as prices or totals, will be returned as strings with two decimal places. The decimal separator (typically either `.` or `,`) is controlled by the site and is included in the API index. This is by design in order to make localization of API data easier for the client. You may need to account for this in your implementation if you will be doing calculations with the returned data (e.g. converting string amounts with commas to decimal places before performing calculations). -* Other amounts, such as item counts, are returned as integers. -* Blank fields are generally included as `null` instead of being returned as blank strings or omitted. +If you use ModSecurity and see `501 Method Not Implemented` errors, see [this issue](https://github.com/woothemes/woocommerce/issues/9838) for details. ## Legacy API ## @@ -43,89 +36,139 @@ Documentation for the legacy APIs can be found below: * [WooCommerce REST API v2 docs](v2.html) * [WooCommerce REST API v3 docs](v3.html) -# Topics # - -## Authentication ## - -@TODO +## Request/Response Format ## -There are two ways to authenticate with the API, depending on whether the site supports SSL. Remember that the Index endpoint will indicate if the site supports SSL. +The default response format is JSON. Requests with a message-body use plain JSON to set or update resource attributes. Successful requests will return a `200 OK` HTTP status. -### Over HTTPS ### +Some general information about responses: -You may use [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication) by providing the API Consumer Key as the username and the API Consumer Secret as the password. +* Dates are returned in [RFC3339](http://www.ietf.org/rfc/rfc3339.txt) format in UTC timezone: `YYYY-MM-DDTHH:MM:SSZ` +* Resource IDs are returned as integers. +* Any decimal monetary amount, such as prices or totals, will be returned as strings with two decimal places. The decimal separator (typically either `.` or `,`) is controlled by the site and is included in the API index. This is by design in order to make localization of API data easier for the client. You may need to account for this in your implementation if you will be doing calculations with the returned data (e.g. converting string amounts with commas to decimal places before performing calculations). +* Other amounts, such as item counts, are returned as integers. +* Blank fields are generally included as `null` instead of being returned as blank strings or omitted. -> HTTP Basic Auth example +### JSONP Support ### -```shell -curl https://www.example.com/wc-api/v3/orders \ - -u consumer_key:consumer_secret -``` +@TODO -Occasionally some servers may not parse the Authorization header correctly (if you see a "Consumer key is missing" error when authenticating over SSL, you have a server issue). In this case, you may provide the consumer key/secret as query string parameters. +The API supports JSONP by default. JSONP responses use the `application/javascript` content-type. You can specify the callback using the `?_jsonp` parameter for `GET` requests to have the response wrapped in a JSON function: -> Example for servers that not properly parse the Authorization header: +
+
+ GET +
/wc-api/v3/orders/count?_jsonp=ordersCount
+
+
```shell -curl https://www.example.com/wc-api/v3/orders?consumer_key=123&consumer_secret=abc +curl https://example.com/wc-api/v3/orders/count?_jsonp=ordersCount \ + -u consumer_key:consumer_secret ``` -### Over HTTP ### - -You must use [OAuth 1.0a "one-legged" authentication](http://tools.ietf.org/html/rfc5849) to ensure API credentials cannot be intercepted. Typically you will use any standard OAuth 1.0a library in the language of choice to handle the authentication, or generate the necessary parameters by following the following instructions. +> Response: -#### Generating an OAuth signature #### +``` +\**\ordersCount({"count":8}) +``` -1) Set the HTTP method for the request: +> If the site administrator has chosen to disable it, you will receive a `400 Bad Request` error: -`GET` +```json +{ + "errors": [ + { + "code": "woocommerce_api_jsonp_disabled", + "message": "JSONP support is disabled on this site" + } + ] +} +``` -2) Set your base request URI -- this is the full request URI without query string parameters -- and URL encode according to RFC 3986: +> If your callback contains invalid characters, you will receive a `400 Bad Request` error: -`http://www.example.com/wc-api/v1/orders` -when encoded: +```json +{ + "errors": [ + { + "code": "woocommerce_api_jsonp_callback_invalid", + "message": "The JSONP callback function is invalid" + } + ] +} +``` -`http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders` +## Errors ## -3) Collect and normalize your query string parameters. This includes all `oauth_*` parameters except for the signature. Parameters should be normalized by URL encoding according to RFC 3986 (`rawurlencode` in PHP) and percent(`%`) characters should be double-encoded (e.g. `%` becomes `%25`. +@TODO -4) Sort the parameters in byte-order (`uksort( $params, 'strcmp' )` in PHP) +Occasionally you might encounter errors when accessing the API. There are four possible types: -5) Join each parameter with an encoded equals sign (`%3D`): +* Invalid requests, such as using an unsupported HTTP method will result in `400 Bad Request`. +* Authentication or permission errors, such as incorrect API keys will result in `401 Unauthorized`. +* Requests to resources that don't exist or are missing required parameters will result in `404 Not Found`. +* Requests that cannot be processed due to a server error will result in `500 Internal Server Error`. -`oauth_signature_method%3DHMAC-SHA1` +> `400 Bad Request` example: -6) Join each parameter key/value with an encoded ampersand (`%26`): +```json +{ + "errors" : [ + { + "code" : "woocommerce_api_unsupported_method", + "message" : "Unsupported request method" + } + ] +} +``` -`oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1` +> `401 Unauthorized` example: -7) Form the string to sign by joining the HTTP method, encoded base request URI, and encoded parameter string with an unencoded ampersand symbol (&): +```json +{ + "errors" : [ + { + "code" : "woocommerce_api_authentication_error", + "message" : "Consumer Key is invalid" + } + ] +} +``` -`GET&http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders&oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1` +> `404 Not Found` example: -8) Generate the signature using the string to key and your consumer secret key +```json +{ + "errors" : [ + { + "code" : "woocommerce_api_invalid_order", + "message" : "Invalid order" + } + ] +} +``` -If you are having trouble generating a correct signature, you'll want to review the string you are signing for encoding errors. The [authentication source](https://github.com/woothemes/woocommerce/blob/master/includes/api/class-wc-api-authentication.php#L177) can also be helpful in understanding how to properly generate the signature. +> `500 Internal Server Error` example: -#### OAuth Tips #### +```json +{ + "errors" : [ + { + "code" : "woocommerce_api_invalid_handler", + "message" : "The handler for the route is invalid" + } + ] +} +``` -* The OAuth parameters must be added as query string parameters and *not* included in the Authorization header. This is because there is no reliable cross-platform way to get the raw request headers in WordPress. -* The require parameters are: `oauth_consumer_key`, `oauth_timestamp`, `oauth_nonce`, `oauth_signature`, and `oauth_signature_method`. `oauth_version` is not required and should be omitted. -* HMAC-SHA1 or HMAC-SHA256 are the only accepted hash algorithms. -* The OAuth nonce can be any randomly generated 32 character (recommended) string that is unique to the consumer key. Read more suggestions on [generating nonces on the Twitter API forums](https://dev.twitter.com/discussions/12445). -* The OAuth timestamp should be the unix timestamp at the time of the request. The API will deny any requests that include a timestamp outside of a 15 minute window to prevent replay attacks. -* You must use the store URL provided by the index when forming the base string used for the signature, as this is what the server will use. (e.g. if the store URL includes a `www` sub-domain, you should use it for requests) -* You may test your generated signature using LinkedIn's [OAuth test console](http://developer.linkedinlabs.com/oauth-test/) -- leave the member token/secret blank. -* Twitter has great instructions on [generating signatures](https://dev.twitter.com/docs/auth/creating-signature) with OAuth 1.0a, but remember tokens are not used with this implementation. -* Note that the request body is *not* signed as per the OAuth spec, see [Google's OAuth 1.0 extension](https://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html) for details on why. -* If including filter fields in your request, it saves a lot of trouble if you can order your filter fields alphabetically before submitting. Many Oauth libraries won't order subquery fields properly, resulting in invalid signatures. +Errors return both an appropriate HTTP status code and response object which contains a `code` and `message` attribute. If an endpoint has any custom errors, they are documented within that endpoint. ## Parameters ## @TODO -All endpoints accept optional parameters which can be passed as an HTTP query string parameter, e.g. `GET /orders?status=completed`. There are common parameters and endpoint-specific parameters which are documented along with that endpoint. +All endpoints accept optional parameters which can be passed as a HTTP query string parameter, e.g. `GET /orders?status=completed`. There are common parameters and endpoint-specific parameters which are documented along with that endpoint. ### Filter Parameter ### @@ -195,7 +238,7 @@ Page number is 1-based and omitting the `?page` parameter will return the first The total number of resources and pages are always included in the `X-WC-Total` and `X-WC-TotalPages` HTTP headers. -## Link Header ## +### Link Header ### @TODO @@ -217,147 +260,12 @@ The possible `rel` values are: | `first` | Shows the URL of the first page of results | | `prev` | Shows the URL of the immediate previous page of results | -## Errors ## +## Libraries and Tools ## -@TODO - -Occasionally you might encounter errors when accessing the API. There are four possible types: - -* Invalid requests, such as using an unsupported HTTP method will result in `400 Bad Request`. -* Authentication or permission errors, such as incorrect API keys will result in `401 Unauthorized`. -* Requests to resources that don't exist or are missing required parameters will result in `404 Not Found`. -* Requests that cannot be processed due to a server error will result in `500 Internal Server Error`. - -> `400 Bad Request` example: - -```json -{ - "errors" : [ - { - "code" : "woocommerce_api_unsupported_method", - "message" : "Unsupported request method" - } - ] -} -``` - -> `401 Unauthorized` example: - -```json -{ - "errors" : [ - { - "code" : "woocommerce_api_authentication_error", - "message" : "Consumer Key is invalid" - } - ] -} -``` - -> `404 Not Found` example: - -```json -{ - "errors" : [ - { - "code" : "woocommerce_api_invalid_order", - "message" : "Invalid order" - } - ] -} -``` - -> `500 Internal Server Error` example: - -```json -{ - "errors" : [ - { - "code" : "woocommerce_api_invalid_handler", - "message" : "The handler for the route is invalid" - } - ] -} -``` - -Errors return both an appropriate HTTP status code and response object which contains a `code` and `message` attribute. If an endpoint has any custom errors, they are documented within that endpoint. - -## HTTP Verbs ## - -@TODO - -The API uses the appropriate HTTP verb for each action: - -| Verb | Description | -|----------|-------------------------------------------------------------------------| -| `HEAD` | Can be used for any endpoint to return just the HTTP header information | -| `GET` | Used for retrieving resources | -| `PUT` | Used for updating resources | -| `POST` | Used for creating resources | -| `DELETE` | Used for deleting resources | - -## JSONP Support ## - -@TODO - -The API supports JSONP by default. JSONP responses use the `application/javascript` content-type. You can specify the callback using the `?_jsonp` parameter for `GET` requests to have the response wrapped in a JSON function: - -
-
- GET -
/wc-api/v3/orders/count?_jsonp=ordersCount
-
-
- -```shell -curl https://example.com/wc-api/v3/orders/count?_jsonp=ordersCount \ - -u consumer_key:consumer_secret -``` - -> Response: - -``` -\**\ordersCount({"count":8}) -``` - -> If the site administrator has chosen to disable it, you will receive a `400 Bad Request` error: - -```json -{ - "errors": [ - { - "code": "woocommerce_api_jsonp_disabled", - "message": "JSONP support is disabled on this site" - } - ] -} -``` - -> If your callback contains invalid characters, you will receive a `400 Bad Request` error: - - -```json -{ - "errors": [ - { - "code": "woocommerce_api_jsonp_callback_invalid", - "message": "The JSONP callback function is invalid" - } - ] -} -``` - -## Troubleshooting ## - -* Nginx - Older configurations of Nginx can cause issues with the API, see [this issue](https://github.com/woothemes/woocommerce/issues/5616#issuecomment-47338737) for details. -* ModSecurity - When activated may be blocking `POST`, `PUT` and `DELETE` requests, usually showing `501 Method Not Implemented` error, see [this issue](https://github.com/woothemes/woocommerce/issues/9838) for details. - -## Official Libraries ## - -- [Node.js](https://www.npmjs.com/package/woocommerce-api) -- [PHP](https://packagist.org/packages/automattic/woocommerce) -- [Python](https://pypi.python.org/pypi/WooCommerce) -- [Ruby](https://rubygems.org/gems/woocommerce_api) +- [Node.js](https://www.npmjs.com/package/woocommerce-api) Library +- [PHP](https://packagist.org/packages/automattic/woocommerce) Library +- [Python](https://pypi.python.org/pypi/WooCommerce) Library +- [Ruby](https://rubygems.org/gems/woocommerce_api) Library ```javascript // Install: @@ -435,9 +343,85 @@ woocommerce = WooCommerce::API.new( Use the tabs in the top-right corner of this page to see how to install and use each library. -## Tools ## +Some useful tools you can use to access the API include: * [CocoaRestClient](http://mmattozzi.github.io/cocoa-rest-client/) - A free, easy to use Mac OS X GUI client for interacting with the API, most useful when your test store has SSL enabled. * [Paw HTTP Client](https://itunes.apple.com/us/app/paw-http-client/id584653203?mt=12) - Another excellent HTTP client for Mac OS X. * [RESTClient, a debugger for RESTful web services](https://addons.mozilla.org/en-US/firefox/addon/restclient/) - Free Firefox add-on. * [Advanced REST client](https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo) - Free Google Chrome extension. + +# Authentication # + +@TODO + +There are two ways to authenticate with the API, depending on whether the site supports SSL. Remember that the Index endpoint will indicate if the site supports SSL. + +### Over HTTPS ### + +You may use [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication) by providing the API Consumer Key as the username and the API Consumer Secret as the password. + +> HTTP Basic Auth example + +```shell +curl https://www.example.com/wc-api/v3/orders \ + -u consumer_key:consumer_secret +``` + +Occasionally some servers may not parse the Authorization header correctly (if you see a "Consumer key is missing" error when authenticating over SSL, you have a server issue). In this case, you may provide the consumer key/secret as query string parameters. + +> Example for servers that not properly parse the Authorization header: + +```shell +curl https://www.example.com/wc-api/v3/orders?consumer_key=123&consumer_secret=abc +``` + +### Over HTTP ### + +You must use [OAuth 1.0a "one-legged" authentication](http://tools.ietf.org/html/rfc5849) to ensure API credentials cannot be intercepted. Typically you will use any standard OAuth 1.0a library in the language of choice to handle the authentication, or generate the necessary parameters by following the following instructions. + +#### Generating an OAuth signature #### + +1) Set the HTTP method for the request: + +`GET` + +2) Set your base request URI -- this is the full request URI without query string parameters -- and URL encode according to RFC 3986: + +`http://www.example.com/wc-api/v1/orders` + +when encoded: + +`http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders` + +3) Collect and normalize your query string parameters. This includes all `oauth_*` parameters except for the signature. Parameters should be normalized by URL encoding according to RFC 3986 (`rawurlencode` in PHP) and percent(`%`) characters should be double-encoded (e.g. `%` becomes `%25`. + +4) Sort the parameters in byte-order (`uksort( $params, 'strcmp' )` in PHP) + +5) Join each parameter with an encoded equals sign (`%3D`): + +`oauth_signature_method%3DHMAC-SHA1` + +6) Join each parameter key/value with an encoded ampersand (`%26`): + +`oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1` + +7) Form the string to sign by joining the HTTP method, encoded base request URI, and encoded parameter string with an unencoded ampersand symbol (&): + +`GET&http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders&oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1` + +8) Generate the signature using the string to key and your consumer secret key + +If you are having trouble generating a correct signature, you'll want to review the string you are signing for encoding errors. The [authentication source](https://github.com/woothemes/woocommerce/blob/master/includes/api/class-wc-api-authentication.php#L177) can also be helpful in understanding how to properly generate the signature. + +#### OAuth Tips #### + +* The OAuth parameters must be added as query string parameters and *not* included in the Authorization header. This is because there is no reliable cross-platform way to get the raw request headers in WordPress. +* The require parameters are: `oauth_consumer_key`, `oauth_timestamp`, `oauth_nonce`, `oauth_signature`, and `oauth_signature_method`. `oauth_version` is not required and should be omitted. +* HMAC-SHA1 or HMAC-SHA256 are the only accepted hash algorithms. +* The OAuth nonce can be any randomly generated 32 character (recommended) string that is unique to the consumer key. Read more suggestions on [generating nonces on the Twitter API forums](https://dev.twitter.com/discussions/12445). +* The OAuth timestamp should be the unix timestamp at the time of the request. The API will deny any requests that include a timestamp outside of a 15 minute window to prevent replay attacks. +* You must use the store URL provided by the index when forming the base string used for the signature, as this is what the server will use. (e.g. if the store URL includes a `www` sub-domain, you should use it for requests) +* You may test your generated signature using LinkedIn's [OAuth test console](http://developer.linkedinlabs.com/oauth-test/) -- leave the member token/secret blank. +* Twitter has great instructions on [generating signatures](https://dev.twitter.com/docs/auth/creating-signature) with OAuth 1.0a, but remember tokens are not used with this implementation. +* Note that the request body is *not* signed as per the OAuth spec, see [Google's OAuth 1.0 extension](https://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html) for details on why. +* If including filter fields in your request, it saves a lot of trouble if you can order your filter fields alphabetically before submitting. Many Oauth libraries won't order subquery fields properly, resulting in invalid signatures. diff --git a/source/javascripts/app/_toc.js b/source/javascripts/app/_toc.js index d84bf8e1..493a4fe2 100644 --- a/source/javascripts/app/_toc.js +++ b/source/javascripts/app/_toc.js @@ -47,4 +47,3 @@ $(animate); })(window); - From 74fc75a407850a39f178d28c116eaf96a3c2ecf3 Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Tue, 31 May 2016 15:35:49 +0100 Subject: [PATCH 3/3] index --- source/includes/wp-api-v1/_index.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/source/includes/wp-api-v1/_index.md b/source/includes/wp-api-v1/_index.md index 2bea4ca6..119d8f5a 100644 --- a/source/includes/wp-api-v1/_index.md +++ b/source/includes/wp-api-v1/_index.md @@ -1,10 +1,6 @@ # Index # -By default WP REST API provides informations about the endpoints available for the site. No authentication is required to access the API index. - -## View Index List ## - -Retrieve WooCommerce REST API endpoints information. +By default, the API provides information about all available endpoints on the site. Authentication is not required to access the API index. ### HTTP Request ### @@ -16,8 +12,7 @@ Retrieve WooCommerce REST API endpoints information. ```shell -curl https://example.com/wp-json/wc/v1 \ - -u consumer_key:consumer_secret +curl https://example.com/wp-json/wc/v1 ``` ```javascript