Woocommerce REST API Status: 401 - Invalid signature - provided signature does not match

Question

Hello I am using WooCommerce API - Node.js Client https://www.npmjs.com/package/woocommerce-api

And I am trying to create a customer which requires a POST request to the server. Here is the code to initialize woocomerece REST API:

var WooCommerceAPI = require('woocommerce-api');

var WooCommerce = new WooCommerceAPI({
  url: 'http://example.com',
  consumerKey: 'ck_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  consumerSecret: 'cs_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  wpAPI: true,
  version: 'wc/v1'
});

This is the code to Create customer:

  var data = {
  email: 'john.doe@example.com',
  first_name: 'John',
  last_name: 'Doe',
  username: 'john.doe',
  billing: {
    first_name: 'John',
    last_name: 'Doe',
    company: '',
    address_1: '969 Market',
    address_2: '',
    city: 'San Francisco',
    state: 'CA',
    postcode: '94103',
    country: 'US',
    email: 'john.doe@example.com',
    phone: '(555) 555-5555'
  },
  shipping: {
    first_name: 'John',
    last_name: 'Doe',
    company: '',
    address_1: '969 Market',
    address_2: '',
    city: 'San Francisco',
    state: 'CA',
    postcode: '94103',
    country: 'US'
  }
};

WooCommerce.post('customers', data, function(err, data, res) {
  console.log(res);
});

But I keep getting the following response from server.

{
"code":"woocommerce_rest_authentication_error",
"message":"Invalid signature - provided signature does not match.",
"data":{"status":401}
}

However any GET request to the works on the server eg: I can get the list of products.

did you ever figure this out? I'm having the same problem... — minnow, Mar 09 '18 at 01:32
@minnow Yes, I used 'https' instead of 'http'. I could not perform any POST requests using 'http' — Saad, Mar 09 '18 at 17:05
Thanks for responding. Not want I wanted to hear, though. I'm already using https, but same result: GETs work just fine, but not POST. For the GETs, I have to use oAuth1.0a. Basic Auth doesn't work. — minnow, Mar 09 '18 at 20:21
@minnow Interesting for me Basic Auth works for GET and POST when I used HTTPS, Did you try changing the version to `version: 'wc/v2` ? — Saad, Mar 10 '18 at 05:30
@minnow you got solution of this problem . i am getting the same problem — Mukul Sharma, May 17 '18 at 10:09
Worked for me after using query_string_auth = True with the python wrapper — Bandiera, Jul 20 '20 at 19:35
Did you guys find the problem when using http? In my case sometimes it works, sometimes it says "invalid signature"... completely random. — Stefan Razvan Florea, Feb 11 '22 at 08:32

score 4 · Answer 1 · answered Nov 26 '18 at 07:35

4

As the error is self explanatory. This is clearly an authentication issue. It's clearly mention in the documentation

Over HTTPS

You may use HTTP Basic Auth by providing the API Consumer Key as the username and the API Consumer Secret as the password.

Over HTTP

You must use OAuth 1.0a "one-legged" authentication to ensure API credentials cannot be intercepted.

For more detail you can refer the documentation at here

answered Nov 26 '18 at 07:35

Saif

2,873
2
12
30

in other words, your url needs to be 'https' not 'http' – grantr Jul 29 '23 at 14:16
Documentation says it should be https – Saif Aug 05 '23 at 21:13

score 1 · Answer 2 · answered Jan 04 '22 at 07:41

Error with Postman (but could apply to any)

I finally discovered that the issue was a final trailing slash to the Host I provided to PostMan.

To understand what url the website was based of after so much time waste I went to Settings -> General Settings: WordPress Address (URL) & Site Address (URL)

Hence I took the correct host from there.

In Post man then I used Aouth.1 making sure that is set to Request Boddy / Request URL.

score 0 · Answer 3 · answered Jan 04 '20 at 13:07

0

I was having the same issue. make sure url: 'http://example.com' matches exactly the one you have in wordpress general setting page. for example both start with www and have the exact protocol of https

answered Jan 04 '20 at 13:07

Ali Kazemi

606
4
12

score 0 · Answer 4 · edited Aug 22 '20 at 18:26

0

The header must contain key "Content-Type": "application/json"

I am using the OAuthRequest, where it is coded by:

request.addHeader("Content-Type", "application/json");

It works for me fine even with HTTP.

edited Aug 22 '20 at 18:26

Paul Roub

36,322
27
84
93

answered Aug 22 '20 at 18:11

6-ka

1

score 0 · Answer 5 · answered Sep 22 '21 at 02:18

0

For my case, I found the issue was due to the URL used on Postman is using www., but under WordPress > General Settings on both WordPress Address (URL) and Site Address (URL) was set without www. So, it makes sense that the signature is invalid.

answered Sep 22 '21 at 02:18

Rifki

1

2

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-ask). – Community Sep 22 '21 at 06:43

score -1 · Answer 6 · answered Oct 16 '18 at 06:39

-1

In the object you are passing through to the functions (var data) your key also need to be a string.

eg.

var data = { "first_name": "Joe" //and so on

}

answered Oct 16 '18 at 06:39

Suluuboi

69
9

Woocommerce REST API Status: 401 - Invalid signature - provided signature does not match

6 Answers6

Error with Postman (but could apply to any)