Connect WooCommerce
WooCommerce uses REST API with Consumer Key + Secret (Basic Auth). Generate in WordPress, paste in Wevion, sync starts.
Written By Salvatore Sinigaglia
Last updated About 5 hours ago
WooCommerce uses REST API with Consumer Key + Secret (Basic Auth). Generate in WordPress, paste in Wevion, sync starts.
Connect WooCommerce
Generate a REST API Consumer Key + Secret in WordPress Admin β WooCommerce β Settings β Advanced β REST API. Paste site URL + key + secret at /connect/woocommerce. Wevion validates the connection and starts syncing within 15 minutes.
Who is this for
E-commerce mediabuyers running WooCommerce stores on WordPress. Used for product catalog sync, order attribution, and revenue tracking.
How WooCommerce differs from Shopify
WooCommerce is self-hosted β you manage your own WordPress + WooCommerce installation. Wevion accesses it over the REST API.
Before you start
- A WooCommerce store running on WordPress (WP 5.0+, WooCommerce 4.0+)
- WordPress admin access to generate REST API credentials
- Site must be HTTPS (HTTP rejected by Wevion for security)
- REST API enabled (default in modern WordPress; if disabled by plugin / security config, re-enable)
- Pretty permalinks enabled (Settings β Permalinks β /%postname%/) β required for REST API routing
- Wevion role: manager, admin, owner, super_admin
How to connect
Step 1: Generate REST API credentials in WordPress
- WordPress Admin β WooCommerce β Settings β Advanced β REST API
- Click Add key
- Fill:
- Description:
Wevion(for your reference) - User: pick a WP user with admin or shop_manager role
- Permissions: Read/Write (Wevion reads everything, may also write back for webhook setup)
- Description:
- Click Generate API key
- WordPress shows Consumer key (starts with
ck_) + Consumer secret (starts withcs_) ONE TIME β copy both immediately
Step 2: Open Wevion connector
In sidebar click Connect β WooCommerce or visit /connect/woocommerce.
Step 3: Paste credentials
In the form:
- Site URL:
https://yourstore.com(no trailing slash, must be HTTPS) - Consumer Key: paste
ck_... - Consumer Secret: paste
cs_...
Click Connect.
Step 4: Wevion validates
Backend calls apps/backend/src/services/woocommerce/woocommerce-connection-health.service.ts which makes a test API call to verify:
- Site reachable
- Credentials accepted
- REST API responding
- WooCommerce plugin active
If all green: woocommerce_config row created. If any fail: error shown with the specific issue.
Step 5: First sync
Sync starts within 15 minutes. Pulls products and orders via apps/backend/src/services/woocommerce/woocommerce-sync.service.ts; refunds are fetched when an order indicates refund activity. The default order sync window is 7 days unless a dedicated backfill flow is used.
Authentication detail
Wevion uses HTTP Basic Authentication with consumer key as username and secret as password:
Authorization: Basic base64(ck_xxx:cs_yyy)Verified in apps/backend/src/services/woocommerce/woocommerce-rest-client.ts.
Credentials stored encrypted at rest in Wevion DB. Never visible to Wevion staff.
Webhooks (optional but recommended)
REST API polling alone (15-min cadence) works fine for most stores. For real-time order events, set up WooCommerce webhooks:
- WordPress Admin β WooCommerce β Settings β Advanced β Webhooks
- Add webhook with:
- Name:
Wevion - Order Created - Status: Active
- Topic: Order created
- Delivery URL: copy from Wevion
/connect/woocommerceβ webhook URL section - Secret: copy from Wevion
- Name:
- Repeat for: Order updated, Order restored, Order deleted, Product updated, Refund created
WooCommerce signs webhook payloads with the secret; Wevion verifies via HMAC.
Multi-store
Each WooCommerce site = separate connection. Repeat steps 1-5 per store. Each is its own woocommerce_config row. See com-106 multi-source.
What you'll see when it works
- Connector card: green Connected badge
- Site URL + total product count + total orders count visible
- Health check status: Healthy
- Dashboard populates within 30 min
- Toast: "Connected to [site] β syncing"
Connection Health monitoring
woocommerce-connection-health.service.ts checks connection health as part of the WooCommerce crons (order polling every 15 min, product refresh every 12 h, webhook health every 24 h β apps/backend/src/cron/woocommerce-crons.ts). It validates:
- Site reachable: HTTP 200 from REST API root
- Credentials valid: authenticated test call succeeds
- REST API enabled: standard endpoints return JSON
- WooCommerce plugin active: WC-specific endpoint returns expected schema
Health status is available on the connector card. Note: automatic merchant notification on a health failure is not yet implemented (a TODO in the current code), so check the connector card rather than relying on a proactive alert.
Security
- Credentials encrypted at rest (AES-GCM)
- HTTPS required for both API calls and webhook delivery
- Wevion's outbound IP optionally whitelistable in your firewall (request IP list from support)
- Audit log records every API call (admin view)
Common issues
- "Site URL invalid": must include
https://and no trailing slash. No/wp-admin/. - "REST API not responding": pretty permalinks not enabled. WP Admin β Settings β Permalinks β /%postname%/.
- "Authentication failed": consumer key/secret pair wrong. Regenerate in WP Admin β WooCommerce β Settings β Advanced β REST API.
- "Site not reachable": server down, firewall blocking Wevion's IPs, or wrong URL. Test from a browser.
- "WooCommerce plugin not active": WooCommerce plugin deactivated or missing. Check WP Admin β Plugins.
- HTTP site rejected: Wevion requires HTTPS for security. Add SSL to your WordPress (Let's Encrypt free).
- Slow initial sync: large catalog (10k+ products) or many orders. Wait; if > 1h, contact support.
FAQ
Does connecting WooCommerce to Wevion use OAuth like Shopify?
No. WooCommerce connects with HTTP Basic Authentication using a REST API Consumer Key and Secret, not an OAuth app install. You generate the key in WordPress Admin β WooCommerce β Settings β Advanced β REST API, then paste the site URL, ck_ key, and cs_ secret at /connect/woocommerce. Wevion validates the connection and creates a woocommerce_config row.
Does my WooCommerce site need HTTPS to connect to Wevion?
Yes. Wevion rejects HTTP sites for security, so your WordPress store must run on HTTPS for both API calls and webhook delivery. If your site is HTTP, add SSL β Let's Encrypt is free. Your site URL must include https:// with no trailing slash and no /wp-admin/ path when you enter it at /connect/woocommerce.
What permissions should the WooCommerce REST API key have?
Set the key to Read/Write when generating it in WordPress Admin β WooCommerce β Settings β Advanced β REST API. Wevion reads everything and may also write back for webhook setup. Pick a WordPress user with an admin or shop_manager role, and copy the Consumer key and Consumer secret immediately β WordPress shows them only once.
How soon does Wevion start syncing after I connect WooCommerce?
Sync starts within 15 minutes of a successful connection. Wevion pulls products and orders via the REST API, and fetches refunds when an order indicates refund activity. The default order sync window is 7 days unless a dedicated backfill flow is used. Your dashboard populates within about 30 minutes.
Are my WooCommerce credentials safe in Wevion?
Yes. Your Consumer Key and Secret are encrypted at rest with AES-GCM in Wevion's database and are never visible to Wevion staff. HTTPS is required for all API calls, an audit log records every API call for admins, and Wevion's outbound IPs can optionally be whitelisted in your firewall on request from support.
Steps
- 1. WordPress Admin β WooCommerce β Settings β Advanced β REST API 2. Click Add key 3. Fill: - Description: Wevion (for your reference) - User: pick a WP user with admin or shopmanager role - Permissions: Read/Write (Wevion reads everything, may also write back for webhook setup) 4. Click Generate API key 5. WordPress shows Consumer key (starts with ck) + Consumer secret (starts with cs_) ONE TIME β copy both immediately
- In sidebar click Connect β WooCommerce or visit /connect/woocommerce.
- In the form: Site URL: https://yourstore.com (no trailing slash, must be HTTPS) Consumer Key: paste ck... Consumer Secret: paste cs... Click Connect.
- Backend calls apps/backend/src/services/woocommerce/woocommerce-connection-health.service.ts which makes a test API call to verify: Site reachable Credentials accepted REST API responding WooCommerce plugin active If all green: woocommerce_config row created. If any fail: error shown with the specific issue.
- Sync starts within 15 minutes. Pulls products and orders via apps/backend/src/services/woocommerce/woocommerce-sync.service.ts; refunds are fetched when an order indicates refund activity. The default order sync window is 7 days unless a dedicated backfill flow is used.
Last updated: 2026-05-17