Getting OAuth Authentication Right for WooCommerce REST API

Recently I had to work with the WooCommerce REST API to do stuffs with products, mainly create / update it. However with its OAuth 1.0 authentication I couldn't get it just right. The REST API returned authentication error messages. 

It was becoming difficult to get one source of information that accurately showed how to make a successful authentication to the WooCommerce REST API. 

Finally, after a lot of digging I did manage to get it right and I am sharing it with whoever wants to use it in their systems. 


<?php 
function stramaxon_generate_oauth( $request ) { 
	$wc_rest_api = array(
		'key' => '[YOUR_CONSUMER_KEY]',
		'secret' => '[YOUR_CONSUMER_KEY]'
	);

	$consumerKey = $wc_rest_api['key'];
	$signatureMethod = 'HMAC-SHA1';
	$timestamp = time();
	$nonce = md5(mt_rand());
	$version = '1.0';

	$oauthSignature = tsw_generateSignature( $request, $timestamp, $nonce, $signatureMethod, $version ) ;

	// echo "Signature: " . $oauthSignature . "<br>"; 


	return "OAuth oauth_consumer_key=\"{$consumerKey}\",oauth_signature_method=\"{$signatureMethod}\",oauth_timestamp=\"{$timestamp}\",oauth_nonce=\"{$nonce}\",oauth_version=\"1.0\",oauth_signature=\"{$oauthSignature}\"";

	// return "OAuth oauth_consumer_key={$consumerKey},oauth_signature_method={$signatureMethod},oauth_timestamp={$timestamp},oauth_nonce={$nonce},oauth_version=1.0,oauth_signature={$oauthSignature}";

}


function stramaxon_generateSignature($request, $timestamp, $nonce, $signatureMethod, $version) {
	$wc_rest_api = array(
		'key' => '[YOUR_CONSUMER_KEY]',
		'secret' => '[YOUR_CONSUMER_KEY]'
	);

    $base = $request['method'] . "&" 
        . rawurlencode(  $request['url'] ) . "&"
        . rawurlencode( "oauth_consumer_key=" . $wc_rest_api['key'] )
        . rawurlencode( "&oauth_nonce=" . $nonce )
        . rawurlencode( "&oauth_signature_method=" . $signatureMethod )
        . rawurlencode( "&oauth_timestamp=" . $timestamp )
        . rawurlencode( "&oauth_version=" . $version );
        // . rawurlencode( '&' . http_build_query($request['data']) );

    $key = rawurlencode($wc_rest_api['secret']) . '&';
    $signature = base64_encode( hash_hmac('sha1', $base, $key, true) );

    return $signature;
}
This is it basically. All you got to do is use the  stramaxon_generate_oauth function to generate a OAuth 1.0 string to be used in your HTTP request. 

But you will notice we are passing a `$request` parameter in that function. It needs to contain an array with the following. 


$request = array(
    'method' => 'POST',
    'url' => 'http://example.com/your-rest-api/endpoint/wc'
)

// Then form the request,
// Don't get confused by the wp_remote_post, it can be used with a traditional curl request as well

$api_url = 'http://example.com/your-rest-api/endpoint/wc';

$api_response = wp_remote_post(  $api_url, array(
	'method'    => 'POST',
 	'headers' => array(
		'Authorization' => stramaxon_generate_oauth( array( $request  )),
		'Content-Type' => 'application/json'
	),

	'body' => json_encode( $post_data )
) );

You just have to pass the URL of the endpoint you wish to request + the method of request, i.e GET, POST, PUT, DELETE etc.