Woocommerce API security concerns

As you hint at, it sounds like intuitively very bad design to have one key for all users that’s hard coded in your app. You can’t retract that key without breaking the app for all users, and you can’t limit access easily if one user e.g. overloads your API. If you do this, you may as well have no key at all as it’s likely trivial to recover the key.

Better design in this case is to issue a key per user and include in your app a requirement for a user to enter their own key before the API will work. (Or if they don’t enter a key they are limited somehow to only a small number of accesses)

This means you need to:

  1. Find a way to issue keys per user
  2. Update your app to allow entering the API Key

This should sound familiar as lots of services like any of the Google API’s work like this – you have to register, get a key, put the key in your app/code.

Related Posts:

  1. WooCommerce: Can’t use wc_get_products for custom REST API endpoints
  2. Process checkout using WC REST API
  3. How to build a plugin that supports authenticated POST requests to the REST API from external servers?
  4. Extend Woocommerce rest api routes fails
  5. How to filter Post using Meta Data REST API
  6. How to stop a Gutenberg Block from firing multiple GET Requests?
  7. Output JSON object with woocommerce products
  8. Problem with cURL and rest API
  9. Woo API REST : product variation price is read-only?
  10. Woocommerce reviews xss issue [closed]
  11. Category Tree In WooCommerce Product API
  12. How to upload Woocommerce product images via API? [closed]
  13. How to handle Woocommerce API credentials
  14. What will make Woocommerce REST API to issue 401 [closed]
  15. Woocommerce custom endpoints
  16. Woocommerce REST API – updating an order changes custom tax calculations
  17. Woocommerce Rest Api Categories problem [closed]
  18. API returns blank response after installing & uninstalling WP-rest-api plugin
  19. woocommerce axios react
  20. Get specific values in Woocommerce Rest API
  21. wc_get_products() not return the images details
  22. WooCommerce – Add product with image via REST API
  23. Tax are not showing on order while placing order with REST API
  24. JWT on Woocommerce cannot work with “Customer” role user
  25. Woocommerce REST API – add filter to set maximum query per page for product brands [closed]
  26. WooCommerce – Create multiple product tags via rest api endpoint
  27. Using the WordPress and WooCommerce REST APIs in the same Node app
  28. Retrieve Data from Custom Endpoint
  29. How to solve `Error getting remote image` in woocommerce rest api script?
  30. Getting in an exception for get product detail by id in woocommerce REST api
  31. Impossible to create a new WooCommerce customer using Rest API
  32. How can I send information when a order is completed to my own POS?
  33. Woocommerce Rest API: woocommerce_product_invalid_image_id
  34. WC Booking query bookings with date ranges
  35. “error_message”: “Sorry, you cannot list resources.” using WooCommerce API
  36. Woocommerce REST API: creating variations
  37. Woocommerce REST API not considering discounts and coupons
  38. WooCommerce REST API endpoints don’t exist
  39. Fetch products with filter by similar categories at same time
  40. Send data to external websites when there is an update or create a post
  41. Auto generating API keys using the Application Authentication Endpoint [closed]
  42. GET woocommerce order request is not showing meta data [closed]
  43. Which php files, in a WordPress setup, do not need direct web access?
  44. How to add fee_lines using woocommerce rest API v3?
  45. WooCommerce Order Sync via Custom REST API Endpoint Failing
  46. Update a server-side render Block when woocommerce cart block changed
  47. not saving the WC_Session_Handler session and removing the product from the cart session in WooCommerce’s custom rest api
  48. WordPress 4.7.1 REST API still exposing users
  49. Woocommerce – Add a product to cart programmatically via JS or PHP [closed]
  50. ( Woocommerce) How to get the user belonging to an order? [closed]
  51. Get the product list of a given Category ID
  52. List of JS events in the WooCommerce frontend
  53. get woocommerce My account page link
  54. WooCommerce: How to edit the get_price_html
  55. Get woocommerce product price by id [closed]
  56. Product categories don’t appear as option to build menu
  57. WooCommerce Variable Product Price not showing on single product page
  58. How to override WooCommerce template files?
  59. Woocommerce add extra field to variation product
  60. Getting the gallery images from products in woocommerce?
  61. How to get current product category ID in product archive page
  62. Get url of product’s images (woocommerce)
  63. WooCommerce prices location in DB
  64. Order by rating not works in wp_query
  65. Woocommerce: How to remove page-title at the home/shop page but not category pages
  66. Woocommerce show cross sells on singe product page [closed]
  67. How to add a new endpoint in woocommerce
  68. Are there any hook or filter when refund is done through admin -woocommerce
  69. How to check if is in cart page? [closed]
  70. Display single product attribute value on Shop page (Woocommerce)
  71. WP/WooCommerce REST API cart/checkout/order [closed]
  72. how to use wc_create_order with subscription product
  73. WooCommerce: Webhook disabled on its own
  74. Verify nonce in REST API?
  75. Share users and WooCommerce memberships between two installations
  76. Slow Loading Attribute Select – WooCommerce Backend
  77. How to change or add Woocommerce thank you page URL key content?
  78. How can I define a custom template for woocommerce [products] shortcode? [closed]
  79. How to remove an action within a class with extends
  80. single-product.php template not working for single products [closed]
  81. Insert variations via woocommerce api [closed]
  82. WooCommerce get physical store address
  83. Is it possible to add custom fields to a WooCommerce attribute term? [closed]
  84. wc_get_template_part( ‘content’, ‘product’ ) | Where is this file located?
  85. how to get woocommerce product attribute slug
  86. Correct function to get the user’s latest Woocommerce Subscription?
  87. Move payment options at checkout in WooCommerce [closed]
  88. add_filter to modify woocommerce_cart_item_name hyperlink
  89. Where do the cart details are stored in database?
  90. How to display product price of the product in loop
  91. How to disable Woocommerce password recovery and use the default WordPress password reset page?
  92. Display order items names in WooCommerce admin orders list [closed]
  93. Disable external access to REST API Endpoint
  94. Is it safe to delete from db orphaned posts i.e. whose post_parent no longer exists?
  95. How to authenticate custom API endpoint in WooCommerce [closed]
  96. Basic auth WordPress REST API dilemma
  97. Add custom variable to cart content [closed]
  98. Get product details by url key in WordPress woocommerce
  99. Get product link
  100. WooCommerce – Hook after Loading Variation in Admin Edit page?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)