'How to safely use a REST API?
I am not a native speaker and can't think of a better title for this question. Feel free to edit it or suggest a better one.
I am trying to use woocommerce's REST API to update an order status. Currently, when an order is paid via direct bank transfer, a google sheet will be updated with the order ID and amount. I am trying to capture the order ID and update the corresponding order using the API. The simplest way I can think of is to execute something like myurl.com/myPHP.php?order_id=xxx when a new row is added to the google sheet. But the problem is, anyone can execute this php file and update the order status accidentally or maliciously. How to avoid this? What is the proper way to use the REST API to update order status?
Solution 1:[1]
WooCommerce has its REST API endpoints. The endpoint responsible for updating an order's data is protected: you can not use it if you are not authenticated.
There are a few built-in auth methods in WooCommerce REST API; you can learn more about them in the API reference: https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication
In other words, if you won't provide the API credentials to users that may possibly abuse your API, you'll be fine.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Artemy Kaydash |