Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce. about woocommerce HOT 24 OPEN

#35
#26

I have noticed, this issue while using this sdk. and after several searches . going through almost all the forked versions of this sdk. it seems some have tried to fix the nonce issue , by either generating a nonce and sending it , or trying to get it from storeapi but to non existing routes. So after going through the original source codes of the storeApi by

https://github.com/woocommerce/woocommerce-gutenberg-products-block.

I found that in the

woocommerce-gutenberg-products-block/src/StoreApi/Routes/AbstractRoute.php
in the code when a get request is made to /wp-json/wc/store/cart/

it would send a response header with X-WC-Store-API-Nonce Created.

if ( 'GET' !== $request->get_method() && ! is_wp_error( $response ) ) { $response->header( 'X-WC-Store-API-Nonce', wp_create_nonce( 'wc_store_api' ) ); }
https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/a404e5b24814240f15e50aa4f983b787bb9b36f1/src/StoreApi/Routes/AbstractRoute.php#L80-L82

After sending requests to the api route /wp-json/wc/store/cart/ through an Api client . it returns as this

parts of the header
x-content-type-options: nosniff; nosniff access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 x-wc-store-api-nonce: 56f237XXXX x-wc-store-api-nonce-timestamp: 1625559263 x-wc-store-api-user: 1 allow: GET x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block

if I made a plain Get request to https://yoursite.com/wp-json/wc/store/cart/
it would reply with
x-wc-store-api-nonce: XXXXXXXX x-wc-store-api-nonce-timestamp: XXXXXXXX x-wc-store-api-user: 0
x-wc-store-api-user: 0 in reference to an unregistered user .

As the api accepts Authorization header
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
sending the JWT bearer token _urlHeader['Authorization'] = 'Bearer ' + _authToken!;
would return the logged in user's cart with its existing x-wc-store-api-nonce: XXXXXXX

to make calls to
POST /cart/add-item
POST /cart/remove-item
POST /cart/update-item....

you can initialize the cart 1st by capturing the Get response header from a call to
https://yoursite.com/wp-json/wc/store/cart/ Using your JWT bearer token and retrieving the x-wc-store-api-nonce and using it to make future calls to the StoreApi .

this is as far as I have come to understanding.
Please do correct me if I am wrong .

now to Code 😄 still new to flutter or programming.

from woocommerce.

step1 : fetch this : GET https://www.mysite.com/wp-json/wc/store/cart/items
step 2 : in response header you can access to the nonce and car-token. ( response.headers.get('nonce )
step 3 : POST https://www.mysite.com/wp-json/wc/store/cart/items and set nonce and car-token in this request headers.

I search many time and try many ways and finally find this way.

I hope you can use it.

from woocommerce.

What is the endpoint being called?

from woocommerce.

POST https://www.mysite.com/wp-json/wc/store/cart/items

{"code":"woocommerce_rest_missing_nonce","message":"Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.","data":{"status":401}}

from woocommerce.

I can see this is a woo commerce error, but the cart management is not handled by woocommerce, as it has no means of handling that, so you should not be getting any woocommerce related error on cart. Which of the plugin's function was called?

from woocommerce.

Hi, my issue is this : #2
Your wrote that is solved in 0.9.5 but for me not work

from woocommerce.

Hi, nothing to do. It’s not work. I have the nonce key with the library that you have send me, I add on headers but now I receive invalid nonce.

Did you have a sample code to fix this issue ?

from woocommerce.

Hi. Pls share code. Adding to cart does not use woocommerce api. So a woocommerce auth error is unlikely.

from woocommerce.

Hi I am sorry it's my bad, the solution is based on WooSignal extension on WooCommerce, which is a paid service, by using this service i got the nonce and send it to the method in WooCommerce api, but i am still looking to find something can help to fetch nonce from wordpress. btw all founded method used some javascript libraries for that, i cannot find the url to get the generated nonce.

from woocommerce.

Is this issue resolved with new update?

from woocommerce.

I m still getting
{"code":"woocommerce_rest_missing_nonce","message":"Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.","data":{"status":401}} error
In your code we are posting a request but header section only contains Auth data which is Bearer djksajlkdjlskajdlka
But server asks us to send : X-WC-Store-API-Nonce data which is created by server side. We need this nonce data. and send it to server.
I tried addto mychart method with 0.9.7 but still having this issue.
Note i m logging in with a pre-created user with wordpress.

from woocommerce.

Did anyone found the solution for this?

from woocommerce.

Not yet sorry. We need nonce data from server. To achieve this i guess we must write a function to functions.php manually.
wp_create_nonce() function is what we need. But i dont know how

from woocommerce.

I too stuck at this error :(

from woocommerce.

It looks like the endpoint /wp-json/wc/store/cart/items does not exist. Is it possible to integrate with co-cart plugin - https://wordpress.org/plugins/cart-rest-api-for-woocommerce/?

I tried with Postman and it is working. But I don't have an idea to link it with this woocommerce flutter plugin.

from woocommerce.

According to this documentation https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/a404e5b24814240f15e50aa4f983b787bb9b36f1/src/StoreApi/docs/cart.md#add-item, nonce token needs to be included with the header. It can be generated by wp_create_nonce( 'wc_store_api' ) but I don't have any idea to do this. I'm a new born WP user, just 1 week old :).

from woocommerce.

I am having the same issue. Please help !

from woocommerce.

#26 (comment)

from woocommerce.

I have the same issue, anyone there who can solve it.
Or
there is another way to do it.

from woocommerce.

"message": "Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.",
"data": {
"status": 401
}
I still facing this problem ,
After showing this issue I put
X-WP-Nonce - WPAPI.nonce in the header but still get the same problem .
If any one have the solution then please comment here.

from woocommerce.

The reason why you are seeing the error is due to API requiring not just any nonce, but a specific one.

Don’t just pass the value return from wp_create_nonce(‘my-string’), the value has to come from wp_create_nonce( ‘wc_store_api’ )

you can read more about it here:

https://digitalapps.com/woocommerce-rest-api-cart-endpoint-error/

from woocommerce.

getxwcStoreAPINonce = () => {

const { item, token, billing, shipping } = this.props.route.params;

axios({
  method: "POST",
  url: `${apiUrl}wp-json/wc/store/checkout?consumer_key=${consumerKey}&consumer_secret=${consumerSecret}`,
  headers: {
    "Authorization": "Bearer " + token,
  },

  data: {
    "billing_address": billing,
    "shipping_address": shipping,
    "payment_method": "bacs"
  },
  dataType: "json",
  contentType: "application/json; charset=utf-8",
  complete: function (response) {
  }
}).
  then((res) => {
    { console.log(item) `}`
  })
  .catch((err) => {
    this.setState({ XWCSTOREAPi: err.response.headers["x-wc-store-api-nonce"] })
    this.setState({ apikeyfound: false })
  })

}

checkout = (billing, shippping, token, navigation) => {

axios({
  method: "POST",
  url: `${apiUrl}wp-json/wc/store/checkout?consumer_key=${consumerKey}&consumer_secret=${consumerSecret}`,
  headers: {
    "Authorization": "Bearer " + token,
    "X-WC-Store-API-Nonce": this.state.XWCSTOREAPi,
  },
  data: {
    "billing_address": billing,
    "shipping_address": shippping,
    "payment_method": payment_method[this.state.payment],
    },
  dataType: "json",
  contentType: "application/json; charset=utf-8",
  complete: function (response) {
    console.log(response);
  }
}).
  then((res) => {
    console.warn(res);
    if (this.state.payment == 1) {
      navigation.navigate("KhaltiVerfication", { item: res.data, token: token })
    }
    else
      Alert.alert(
        "Successful",
        "Your Order has been placed",
        [
          {
            text: "OK",
            onPress: () => { navigation.navigate('Home'); },
            style: "cancel",
          },
        ]
      )
  })
  .catch((err) => {
    Alert.alert(
      "Error!!",
      "Your Order has not been placed",
      [
        {
          text: "OK",
          style: "cancel",
        },
      ],
      {
        cancelable: true,
      },
    )
    console.warn(err);
    console.warn(err.response.data)
    console.log("Response Status:", err.response.status);
    console.log("Response Headers:", err.response.headers);
  })

}

I used this way ko solve this missing problem. But now I am getting some other errors.

from woocommerce.

I'm facing the same issue here...

from woocommerce.

step1 : fetch this : GET https://www.mysite.com/wp-json/wc/store/cart/items step 2 : in response header you can access to the nonce and car-token. ( response.headers.get('nonce ) step 3 : POST https://www.mysite.com/wp-json/wc/store/cart/items and set nonce and car-token in this request headers.

I search many time and try many ways and finally find this way.

I hope you can use it.

Thank you, I searched a lot on the internet how we gain the nonce. But finally I know!

from woocommerce.