Troubleshoot for WooCommerce
If you find that the sync is still not working / updating, please check the following:
Are your Users and User Roles correctly configured?
Ensure that if you are creating a new user, that the Shop Manager role is selected.
You can change the role of the user in the user details edit page.
You can also update the API key to reflect the correct User and Permissions if these have changed.
User and User Roles Permissions Detailed
The API User needs the following capabilities:
- edit_shop_orders - Create and edit orders
- read_shop_orders - Read order data
- delete_shop_orders - Delete orders (if needed)
- edit_others_shop_orders - Edit orders created by other users
- read_private_shop_orders - Access private order data
If you are using a custom role that is dedicated for the API, it needs to have the same permissions as Shop Manager or higher. This includes:
- manage_woocommerce - Core WooCommerce management
- view_woocommerce_reports - Access to reports
- edit_product - Product management (if needed)
- read_product - Read product data
- edit_shop_orders - Order management
If you are creating a new user role, ensure that the read and write permissions are set as above if orders are to be sent back to WooCommerce.
You can also use the following:
// Add to functions.php or plugin
// Add to functions.php or plugin
add_role('api_integration', 'API Integration', array(
// Core WordPress
'read' => true,
// Order Management
'edit_shop_orders' => true,
'read_shop_orders' => true,
'edit_others_shop_orders' => true,
'read_private_shop_orders' => true,
'delete_shop_orders' => true,
'publish_shop_orders' => true,
// Product Access (Read)
'read_product' => true,
'read_private_products' => true,
'edit_product' => true,
'edit_products' => true,
'edit_others_products' => true,
'edit_private_products' => true,
'edit_published_products' => true,
// Product Categories & Tags
'manage_product_terms' => true,
'edit_product_terms' => true,
'delete_product_terms' => true,
'assign_product_terms' => true,
// Customer Access (if needed for order creation)
'edit_users' => true,
'list_users' => true,
'read_customer' => true,
'edit_customer' => true,
// Coupons (if your integration handles discounts)
'edit_shop_coupons' => true,
'read_shop_coupons' => true,
'edit_others_shop_coupons' => true,
'read_private_shop_coupons' => true,
// Tax Classes & Shipping (for order calculations)
'manage_woocommerce' => true,
// File uploads (for product images if needed)
'upload_files' => true,
)); Security Considerations
API Authentication
- Use OAuth 1.0a or Basic Auth over HTTPS
- Store credentials securely (environment variables)
- Implement rate limiting
Endpoint Permissions
Key endpoints you'll use:
POST /wp-json/wc/v3/orders - Create orders
GET /wp-json/wc/v3/orders - Read orders
PUT /wp-json/wc/v3/orders/{id} - Update orders WordPress Security Settings
- Ensure SSL/HTTPS is enabled
- Keep WordPress and WooCommerce updated
- Use strong passwords for API users
- Consider IP whitelisting for API access
Example API Request
const orderData = {
payment_method: "bacs",
payment_method_title: "Direct Bank Transfer",
set_paid: true,
billing: {
first_name: "John",
last_name: "Doe",
address_1: "969 Market",
city: "San Francisco",
state: "CA",
postcode: "94103",
country: "US",
email: "[email]",
phone: "[phone_number]"
},
line_items: [
{
product_id: 93,
quantity: 2
}
]
};
// Using your Consumer Key and Secret
const response = await fetch('https://yoursite.com/wp-json/wc/v3/orders', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic ' + btoa(consumerKey + ':' + consumerSecret)
},
body: JSON.stringify(orderData)
}); Testing Permissions
Test your setup with a simple GET request first:
curl -u consumer_key:consumer_secret \
https://yoursite.com/wp-json/wc/v3/orders If this works, you have the basic permissions set up correctly for order management.
Shop Manager Capabilities
The Shop Manager role includes these relevant capabilities:
- manage_woocommerce - Core WooCommerce management
- edit_shop_orders - Create and edit orders
- read_shop_orders - Read order data
- edit_others_shop_orders - Edit orders from other users
- read_private_shop_orders - Access private order data
REST API Access Requirements
However, for REST API access, you also need:
- API Keys Generated
- The Shop Manager user must have API keys generated in WooCommerce > Settings > Advanced > REST API.
- Keys must be set to Read/Write permissions
- WordPress Core Capability
Shop Managers have the edit_posts capability, which is typically sufficient for REST API authentication, but some setups may require additional verification.
Potential Issues
Plugin/Theme Restrictions
Some security plugins or custom themes might restrict API access even for Shop Managers.
Multisite Considerations
On WordPress Multisite, Shop Managers might need additional network-level permissions.
Custom User Role Modifications
If the Shop Manager role has been customized, it might be missing required capabilities.
Quick Test
You can verify Shop Manager API access with:
curl -u your_consumer_key:your_consumer_secret \
https://yoursite.com/wp-json/wc/v3/orders \
-H "Content-Type: application/json" If this returns order data, then creating orders should work with:
curl -X POST \
-u your_consumer_key:your_consumer_secret \
https://yoursite.com/wp-json/wc/v3/orders \
-H "Content-Type: application/json" \
-d '{"payment_method":"bacs","line_items":[{"product_id":1,"quantity":1}]}' Recommendation
Shop Manager role should work for order integrations, but if you encounter issues, create a dedicated API user with the relevant permissions.
Updated 21 days ago