Home > WooCommerce > Docs > How to Get the API key in WooCommerce

How to Get the API key in WooCommerce

Last updated: July 01, 2024
This article has been written and researched by our expert Avada through a precise methodology. Learn more about our methodology





WooCommerce has been recognized as one of the most popular platforms for every eCommerce business at present. Online store owners can freely extend their website’s features as well as upgrade the management system via plugins. But that is not the only method. You can bring back the best shopping experience by utilizing the WooCommerce API keys, also.

That will also be the main topic of our article today. We will introduce you to the capabilities of API credentials and illustrate How to get the WooCommerce API keys in just a few simple steps. Keep reading to find out more!

An introduction to WooCommerce API keys

WooCommerce API key is a key used to identify and authenticate an application or user, which can be easily found on multiple eCommerce platforms or a white-labeled internal marketplace. For authentication reasons, they also serve as a unique ID and token. It assists in constructing software and describes the interactions between different programs.

API keys are often used to govern and monitor the usage of the API’s interface. This is often done as a safeguard against misuse or malevolent intent. Here are the reasons why more and more online merchants are using the WooCommerce API keys than ever:

  • Provide Project Authorization: To identify a certain project or application, API keys may be utilized. Although it might not be as secure as tokens, API keys are still being used to identify the project or application making the request. Also, it can verify whether an application is authorized to make a request to the API.
  • Authentication purposes: Not only checking for the project, but API keys are also able to authenticate the user’s identity while requesting them.

Up to the present, if you are using WooCommerce version 2.6 or higher, you will gain full access to an API key called WordPress REST API. For example, you may use the WordPress REST API Authentication methods and the normal HTTP verbs to create, edit, or remove WooCommerce data in JSON format.

How to get your WooCommerce API keys?

Now that you have had a grasp on the importance of using WooCommerce API keys, it’s time to collect and generate an actual API for your own store. In this way, whenever an application asks for it, you can always know where to find them. The tutorial has been divided into small basic steps so that everyone can easily catch up with the progress and compare their results:

Step 1: Navigate to the Settings page

First thing first, visit your WooCommerce Dashboard by logging into your account and navigating to the “Settings” option located on the left-hand side of the screen, just like what we did below:

WooCommerce Settings page

Step 2: Go to the Advanced tab

There may be an “API” or a “Advanced” tab depending on the version of WooCommerce you’re running. The “REST API” checkbox must be activated from the “Settings” sub-tab if you are opening the “API” tab. Then choose “Keys/Apps” from the drop-down menu that appears:

Tick on the checkbox

On the other hand, if your Dashboard displays the “Advanced” option, quickly go to the “REST API” sub-tab to get your WooCommerce API keys. Moving on to the next step to view the detailed guidelines.

Step 3: Create a new API key

After that, click on the “Add Key” button:

Adding new key

At this very moment, you will be asked to fill in the “Key Details” including Description, User and Permission:

API key details

As you can see in the form, what you need to do here is to describe your key in detail, set up the “User” field to decide the administration on your site. Also, make sure that the user has the ability to read and write.

Step 4: Generate and collect your keys

Last but not least, to get your WooCommerce API keys, hover your mouse over the “Generate API key” button. Once you’ve had the keys produced, you’ll get a QR Code and the option to revoke the API Key:

Collect WooCommerce API keys

Most applications requesting your WooCommerce API keys will need to collect both your Consumer Key and Consumer Secret, sometimes the URL code. Therefore, be prepared in case the keys are required.

How to test your WooCommerce API keys?

As we have mentioned earlier, the WooCommerce API keys allow online store owners to access a wide range of WooCommerce data, such as orders, product information, and discount codes. However, it is inevitable that you might run into several problems while authenticating using the API credentials. For this reason, besides showing you How to collect the WooCommerce API keys, we will also guide you to verify whether your API is operating properly.

No more beating around the bush, let’s get started!

Step 1: Make a request

We’ll use wp-json/wc/v2/orders as the URL for our test. Orders may be seen at https://local.wordpress.dev/wc/v2/orders on localhost. This may be changed to include your own website URL.

There are a number of fields in Postman that need to be filled out to make a successful request. Select “Basic auth” for the “Authorization” tab. Then type in your WooCommerce Consumer key and Secret key in the username and password boxes.

As soon as you’re done, click “Send” and you’ll receive a JSON response from the API. You can check out the screenshot below for more detailed information:

Creating an API request

Step 2: Comparing the information

In case the Postman response came out exactly like your Insomnia, just fill out the same forms and use basic auth again. And that’s how you know the WooCommerce API keys are working perfectly:

Insomnia information

Step 3: Troubleshooting

So what if your testing progress did not work out the same way as our example? Don’t worry, we have it all figured out! These are some of the most common issues any online merchants might encounter while testing their WooCommerce API keys:

The first scenario that may happen when connecting to the REST API on your localhost and getting issues like this:

Connection problems

That’s when the SSL verification must be disabled. To do so, just navigate to the Postman settings and turn off the toggle:

Turn on the SSL Verification

Another way to perform the task is looking for your Insomnia’s preferences area:

Finding them in Insomnia

Moreover, some of you may have to deal with the 401 Unauthorized error. This is mostly caused by wrong API keys or admin signatures. To fix it, make sure that you have filled out the correct WooCommerce API credentials, where the “Consumer Key” is the username and “Consumer Secret” works as your password. If you forget, just generate a new set of keys by repeating our tutorial.

In certain cases, a server may be unable to interpret the Authorization header appropriately, this means that the “Consumer key is missing” message will appear on your screen. You may use query string arguments instead of the consumer key/secret:



To sum up, we hope that our article on How to get your WooCommerce API keys has answered all of your questions related to the topic. For now, generating, testing, and even the stumbling blocks will no longer be a big deal. Leave a comment to let us know your results!

Sam Nguyen is the CEO and founder of Avada Commerce, an e-commerce solution provider headquartered in Singapore. He is an expert on the Shopify e-commerce platform for online stores and retail point-of-sale systems. Sam loves talking about e-commerce and he aims to help over a million online businesses grow and thrive.

Stay in the know

Get special offers on the latest news from AVADA.