I developing mobile apps, that connect directly to woocommerce rest api. I use this plugin for authenticating, like registering, login, make an order, etc.

So the issue come, when I register new user (with default role is Customer), I try to make an order : http://123.456.789.910/lili_shop/wp-json/wc/v3/orders , it says :

{
    "code": "woocommerce_rest_cannot_view",
    "message": "Sorry, you cannot list resources.",
    "data": {
        "status": 403
    }
}

Then I change user role of registered user to "Administrator", it works.

But, what I want is, a new registered user (with default role is Customer) can consume woocommerce API with JWT too, how can I achieve this?

Anyhelp will appreciate.

Thanks.

I developing mobile apps, that connect directly to woocommerce rest api. I use this plugin for authenticating, like registering, login, make an order, etc.

So the issue come, when I register new user (with default role is Customer), I try to make an order : http://123.456.789.910/lili_shop/wp-json/wc/v3/orders , it says :

{
    "code": "woocommerce_rest_cannot_view",
    "message": "Sorry, you cannot list resources.",
    "data": {
        "status": 403
    }
}

Then I change user role of registered user to "Administrator", it works.

But, what I want is, a new registered user (with default role is Customer) can consume woocommerce API with JWT too, how can I achieve this?

Anyhelp will appreciate.

Thanks.

• woocommerce-offtopic
• rest-api
• authentication

Share Improve this question asked Feb 22, 2019 at 6:45 Nasihun Amin SuhardiyanNasihun Amin Suhardiyan 111 silver badge33 bronze badges 6

• Why would a customer be allowed to view all Orders on a site? – Jacob Peattie Commented Feb 22, 2019 at 6:47
• Create also cant. woocommerce_rest_cannot_create , how? @JacobPeattie – Nasihun Amin Suhardiyan Commented Feb 22, 2019 at 7:57
• Customers don’t create orders either. Otherwise they could creat arbitrary orders without paying. The system creates orders. Your application should probably be using an API key for those types of operations. – Jacob Peattie Commented Feb 22, 2019 at 8:31
• So with woocommerce REST API, what should I do if customer want to place an order ? @JacobPeattie – Nasihun Amin Suhardiyan Commented Feb 22, 2019 at 10:16
• I told you: Make the request from your application using an API key that has permission to do that. – Jacob Peattie Commented Feb 22, 2019 at 10:20

 |  Show 1 more comment

1 Answer 1

Sorted by: Reset to default 2

Not sure if you are still looking for a solution but I ran into a similar issue where I was not able to even retrieve the product listing from a customer account. There were a few things I realized when doing it:

1. Since administrator had access it had to be a security issue.
2. I installed a user role editor and added some of the extra privileges to see if it would work. (I was testing just the product listing and categories at the time). Note: You can only use read access for the roles in particular if security is an issue.
3. This worked and I was able to retrieve the listing for the products and the categories.

I am still looking for a solution to the orders but it definitely involves doing something with security (will edit this post if I do find one). My instinct tells me that JWT Token used in woocommerce checks if the user even have access to edit the information.

It is definitely not an issue with the JWT token but something on woocmmerce side. See this post for details: https://github/woocommerce/woocommerce/issues/17983 Hope this helps.