Question posted in
Some documentation to get you started can be found here.

Unable to connect VendHQ (POS) to WooCommerce (WP) – Apache

I have spent many days on trying to figure this out, and does it appears to be a common issue. I have read many other posts on the same issue. I have tried all the solutions that I could find, and yet I am still getting the same results – cannot successfully connect my client’s VendHQ (POS) to my their WooCommerce shop (WordPress 5.2.4, PHP 7.2). I have contacted VendHQ for help but their solution, as with others, did not work.

What Have I Tried:

  1. Followed the instructions from VendHQ and created my WooCommerce REST API keys and put them in the VendHQ connection setup. This gave the initial error “woocommerce_rest_cannot_view, Sorry, you cannot list resources, 401”

  2. I added the following code to my .htaccess file as was suggested a few times but sadly did not fix the issue:

    # BEGIN WordPress
    SetEnvIf Authorization "(.)" HTTP_AUTHORIZATION=$1
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
  1. I modify the apache httpd.conf file as was suggested a couple times to AllowOverride All instead of the default value of None, and again no success. I added the code below to my apache file:
    “/etc/apache2/conf.d/includes/pre_main_global.conf” 
    <Directory "/var/www/">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

I am not super knowledgable with Apache and manipulating directives because I know how dangerous it can be. However, this one came up a few times and seemed to be straight forward. Once I updated the .conf file and restarted the Apache server, I still could not make the connection.

  1. Finally, I added more code to my .htaccess file: 
    Header always set Access-Control-Max-Age 1728000
    Header always set Access-Control-Allow-Origin: "*"
    Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
    Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$"
    Header always set Access-Control-Allow-Credentials true
    Header always set Access-Control-Allow-Origin: "https://my_client_shop.com/"

With all of this in place I am still not able to connect the two systems BUT now I got a new error: 

"We are unable to connect your WooCommerce store. Your website does not allow connections with Authorization Headers in the Vend API."

I thought that last change would have fixed this. Anyone seen this issue with Authorization Headers error?

I tested the WC API keys in my Chrome browser:

https://my_client_shop.com/wp-json/wc/v2/system_status?consumer_key=ck_389f08cda9f8a802b366b1de8cb562cba95e462c&consumer_secret=cs_65fcd907905f9d8c64b38a7dd60de4f034526ff2

And it displayed the json file details. Without the keys I get the “cannot list 401” error again. So I assume from this the keys are in fact valid.

So it seems we are getting closer but I am out of ideas.

Finally, my client’s shop website is on a multisite, if that makes a difference.

So I am hoping someone else went through all this and was able to actually find a solution that works, and can share it 🙂 Or point out what I may have missed or have in error. Much appreciated for any and all suggestions.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    well a dev I was working with ended up manipulating the WooCommerce file with this code:

    private function perform_basic_authentication() {

    $this->auth_method = 'basic_auth';
    $consumer_key = 'ck_PUT_YOUR_WC_REST_API_KEY';
    $consumer_secret = 'cs_PUT_YOUR_WC_REST_API_KEY';

    // If the $_GET parameters are present, use those first.
    if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok.
        $consumer_key = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok.
        $consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok.
    }

    // If the above is not present, we will do full basic auth.
    if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
        $consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok.
        $consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok.
    }

    // Stop if don't have any key.
    if ( ! $consumer_key || ! $consumer_secret ) {
        return false;
    }

    // Get user data.
    $this->user = $this->get_user_data_by_consumer_key( $consumer_key );
    if ( empty( $this->user ) ) {
        return false;
    }

    // Validate user secret.
    if ( ! hash_equals( $this->user->consumer_secret, $consumer_secret ) ) { // @codingStandardsIgnoreLine
        $this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer secret is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) );

        return false;
    }

    return $this->user->user_id;
}

    This did work but boy it tool a lot of digging. Unfortunately, it is in a WC Core file so updating WC will blow it away. I am waiting on the dev to find a way to move it to the child theme.


  2. 0

    This worked for me.

    I added this to the .htaccess file. This file can be accessed via FTP to your WordPress server.

    CGIPassAuth on

    I got this from here : allowing-authorization-header-in-apache

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search