Multi-enterprise integration intelligence
    WooCommerce setup

    Generate a WooCommerce Consumer Key & Consumer Secret

    A 5-minute walkthrough for generating REST API credentials WooCommerce will accept — with the permission and security details most plugin guides leave out.

    Before you start

    • You need a WordPress user with the Administrator or Shop Manager role.
    • WooCommerce 3.0 or later. Earlier versions used a different REST namespace and are not supported.
    • Your store must serve over HTTPS. WooCommerce returns the credentials over the wire when you generate them, and APIWORX will refuse to authenticate against an HTTP endpoint.
    • Pretty permalinks must be enabled (Settings → Permalinks → anything other than "Plain"). The REST API does not work with the default permalink structure.

    Step 1 — Open the REST API settings

    In your WordPress admin, navigate to:

    WooCommerce → Settings → Advanced → REST API

    If you don't see the Advanced tab, your WooCommerce version is older than 3.4. Update before continuing.

    Step 2 — Add a new key

    Click Add Key and fill out the three fields:

    • Description — use something specific like APIWORX Production. WooCommerce shows this in the key list and in API request logs.
    • User — pick a dedicated integration user with the Shop Manager role. Don't use your own admin account; if you ever offboard, the key dies with you.
    • Permissions — set this to Read/Write. APIWORX needs to read orders/products and write fulfillment, refunds and inventory adjustments back to WooCommerce.

    Step 3 — Generate and copy

    Click Generate API Key. WooCommerce displays:

    • Consumer key — starts with ck_
    • Consumer secret — starts with cs_
    • A QR code (used for the deprecated WC Admin mobile app — ignore it).
    This screen shows the secret exactly once. If you leave the page without copying it, WooCommerce cannot retrieve it — you will have to revoke the key and generate a new one.

    Paste both values straight into your password manager or secret store. Never email them, never paste them into chat.

    Step 4 — Provide the credentials to APIWORX

    In the APIWORX WooCommerce connector configuration, supply:

    • Store URL — the full origin, e.g. https://shop.example.com (no trailing slash)
    • Consumer key — the ck_… value
    • Consumer secret — the cs_… value

    APIWORX validates the credentials by making a signed request to /wp-json/wc/v3/system_status. If validation fails, you will see a clear error pointing at the cause (HTTPS, permalinks, permissions or revoked key).

    Security guardrails

    • Use a dedicated WordPress integration user — never personal admin accounts.
    • Set Permissions to the minimum required. APIWORX needs Read/Write; reporting-only integrations can use Read.
    • Rotate credentials when an integrator offboards or every 12 months, whichever is sooner.
    • If a key is ever exposed in logs, revoke it from WooCommerce → Settings → Advanced → REST API and regenerate.

    Common errors

    • 401 woocommerce_rest_authentication_error — wrong consumer key/secret, or the credentials were generated for a user without Shop Manager rights.
    • 404 rest_no_route — pretty permalinks are off, or you're hitting an old /wc-api/ endpoint instead of /wp-json/wc/v3/.
    • Connection refused over HTTP — APIWORX requires HTTPS. Install a TLS cert (Let's Encrypt is free).
    • 403 woocommerce_rest_cannot_view — the integration user has Read permission only; switch the key to Read/Write.

    Next steps

    Once your credentials are validated, head to the WooCommerce connector page to see the full list of supported flows — orders, fulfillment, refunds, inventory, products and customers — and to see common WooCommerce-to-ERP integration patterns.

    See the platform behind trustworthy operations

    Tell us about your systems and challenges — our team will build a tailored automation plan within 24 hours.