Connect WooCommerce

Last updated: May 19, 2026

Connect WooCommerce

Generate a REST API Consumer Key + Secret in WordPress Admin → WooCommerce → Settings → Advanced → REST API. Paste site URL + key + secret at /connect/woocommerce. Wevion validates the connection and starts syncing within 15 minutes.

Who is this for

E-commerce mediabuyers running WooCommerce stores on WordPress. Used for product catalog sync, order attribution, and revenue tracking.

How WooCommerce differs from Shopify

Aspect

Shopify

WooCommerce

Auth

OAuth flow (app install)

Basic Auth with consumer key + secret

Connection

One-click via Shopify App Store

Manual key generation in WP

Hosting

Shopify-hosted

Self-hosted WordPress

API

Shopify Admin API

WP REST API + WooCommerce REST API extension

Webhooks

Auto-subscribed via app

Manual setup in WP admin

WooCommerce is self-hosted — you manage your own WordPress + WooCommerce installation. Wevion accesses it over the REST API.

Before you start

  • A WooCommerce store running on WordPress (WP 5.0+, WooCommerce 4.0+)

  • WordPress admin access to generate REST API credentials

  • Site must be HTTPS (HTTP rejected by Wevion for security)

  • REST API enabled (default in modern WordPress; if disabled by plugin / security config, re-enable)

  • Pretty permalinks enabled (Settings → Permalinks → /%postname%/) — required for REST API routing

  • Wevion role: manager, admin, owner, super_admin

How to connect

Step 1: Generate REST API credentials in WordPress

  1. WordPress Admin → WooCommerce → Settings → Advanced → REST API

  2. Click Add key

  3. Fill:

    • Description: Wevion (for your reference)

    • User: pick a WP user with admin or shop_manager role

    • Permissions: Read/Write (Wevion reads everything, may also write back for webhook setup)

  4. Click Generate API key

  5. WordPress shows Consumer key (starts with ck_) + Consumer secret (starts with cs_) ONE TIME — copy both immediately

Step 2: Open Wevion connector

In sidebar click Connect → WooCommerce or visit /connect/woocommerce.

Step 3: Paste credentials

In the form:

  • Site URL: https://yourstore.com (no trailing slash, must be HTTPS)

  • Consumer Key: paste ck_...

  • Consumer Secret: paste cs_...

Click Connect.

Step 4: Wevion validates

Backend calls apps/backend/src/services/woocommerce/woocommerce-connection-health.service.ts which makes a test API call to verify:

  • Site reachable

  • Credentials accepted

  • REST API responding

  • WooCommerce plugin active

If all green: woocommerce_config row created. If any fail: error shown with the specific issue.

Step 5: First sync

Sync starts within 15 minutes. Pulls: products, orders (last 90 days), customers, refunds. Sync via apps/backend/src/services/woocommerce/woocommerce-sync.service.ts.

Authentication detail

Wevion uses HTTP Basic Authentication with consumer key as username and secret as password:

Authorization: Basic base64(ck_xxx:cs_yyy)

Verified in apps/backend/src/services/woocommerce/woocommerce-rest-client.ts.

Credentials stored encrypted at rest in Wevion DB. Never visible to Wevion staff.

Webhooks (optional but recommended)

REST API polling alone (15-min cadence) works fine for most stores. For real-time order events, set up WooCommerce webhooks:

  1. WordPress Admin → WooCommerce → Settings → Advanced → Webhooks

  2. Add webhook with:

    • Name: Wevion - Order Created

    • Status: Active

    • Topic: Order created

    • Delivery URL: copy from Wevion /connect/woocommerce → webhook URL section

    • Secret: copy from Wevion

  3. Repeat for: Order updated, Order restored, Order deleted, Product updated, Refund created

WooCommerce signs webhook payloads with the secret; Wevion verifies via HMAC.

Multi-store

Each WooCommerce site = separate connection. Repeat steps 1-5 per store. Each is its own woocommerce_config row. See com-106 multi-source.

What you'll see when it works

  • Connector card: green Connected badge

  • Site URL + total product count + total orders count visible

  • Health check status: Healthy

  • Dashboard populates within 30 min

  • Toast: "Connected to [site] — syncing"

Connection Health monitoring

woocommerce-connection-health.service.ts runs hourly to detect issues:

  • Site reachable: HTTP 200 from REST API root

  • Credentials valid: authenticated test call succeeds

  • REST API enabled: standard endpoints return JSON

  • WooCommerce plugin active: WC-specific endpoint returns expected schema

Issues surface on the connector card. If site goes down or plugin is updated/broken, Wevion notifies you within 1 hour.

Security

  • Credentials encrypted at rest (AES-GCM)

  • HTTPS required for both API calls and webhook delivery

  • Wevion's outbound IP optionally whitelistable in your firewall (request IP list from support)

  • Audit log records every API call (admin view)

Common issues

  • "Site URL invalid": must include https:// and no trailing slash. No /wp-admin/.

  • "REST API not responding": pretty permalinks not enabled. WP Admin → Settings → Permalinks → /%postname%/.

  • "Authentication failed": consumer key/secret pair wrong. Regenerate in WP Admin → WooCommerce → Settings → Advanced → REST API.

  • "Site not reachable": server down, firewall blocking Wevion's IPs, or wrong URL. Test from a browser.

  • "WooCommerce plugin not active": WooCommerce plugin deactivated or missing. Check WP Admin → Plugins.

  • HTTP site rejected: Wevion requires HTTPS for security. Add SSL to your WordPress (Let's Encrypt free).

  • Slow initial sync: large catalog (10k+ products) or many orders. Wait; if > 1h, contact support.

Related