Title: Secure API Last modified: May 31, 2022 --- # Secure API * Resolved [bassimbg](https://wordpress.org/support/users/bassimbg/) * (@bassimbg) * [4 years ago](https://wordpress.org/support/topic/secure-api/) * Hello, * I have WordPress site with Woocommerce, but when any customer user (Not admin) access to [https://mysite.com/wp-json/wc/v3/orders](https://mysite.com/wp-json/wc/v3/orders) they can see all orders for others customers, this is not secure to see the orders for others. * How to secure my site and prevent anyone to fetch order or products using URL above or postman? * Please note that I am using mobile App and I am using Basic Authentications. * Thank you, Viewing 4 replies - 1 through 4 (of 4 total) * [Mirko P.](https://wordpress.org/support/users/rainfallnixfig/) * (@rainfallnixfig) * [4 years ago](https://wordpress.org/support/topic/secure-api/#post-15697110) * Hi [@bassimbg](https://wordpress.org/support/users/bassimbg/), * The endpoint `wp-json/wc/v3/orders` with a GET request retrieves a list of all orders on your site but we would not expect this to be accessible to all users since it requires authentication using the REST API Consumer Key as the username and the REST API Consumer Secret as the password. * I would suggest removing the actual keys and generating new API keys. This section explains how it can be done. * [https://woocommerce.com/document/woocommerce-rest-api/#section-2](https://woocommerce.com/document/woocommerce-rest-api/#section-2) * If you’re authenticating over HTTP use OAuth 1.0a “one-legged” authentication instead of Basic Auth to ensure REST API credentials cannot be intercepted by an attacker. There are more details on authentication methods here: * [https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication](https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication) * Thread Starter [bassimbg](https://wordpress.org/support/users/bassimbg/) * (@bassimbg) * [4 years ago](https://wordpress.org/support/topic/secure-api/#post-15702800) * Hello, I am using the API as mentioned in the above links, I created Customer key and customer secret with read or read/write, how where to tell Woocommerce not to share data unless it uses authentication? Now I am using third party plugin, but this is not logical, it should be in the Woocommerce plugin. * It is hard to delete the keys because I am using mobile App and I am afraid to lose communication. * Woocommerce must not provide data unless we use customer key and customer secret ONLY. * Thank you, * Plugin Support [Daniyal Ahmed (a11n)](https://wordpress.org/support/users/daniyalahmedk/) * (@daniyalahmedk) * [4 years ago](https://wordpress.org/support/topic/secure-api/#post-15703490) * Hi there, * Thanks for getting back to us. * I just tried to replicate this issue on my end, and I can see `wp-json/wc/v3/ orders` endpoint isn’t available without authentication. * ![](https://d.pr/i/Pt0a5U+) * It could be due to some third-party plugin or customization you have on the site. Can you please try to set up a staging website, de-activate all the plugins except WooCommerce, switch to a default theme like [Storefront](https://pcm.wordpress.org/themes/storefront/), and see if you are able to replicate this issue? * Let me know how it goes! * Best, * Plugin Support [mouli a11n](https://wordpress.org/support/users/mouli/) * (@mouli) * [4 years ago](https://wordpress.org/support/topic/secure-api/#post-15721344) * It’s been a while since we heard from you, so I’m marking this thread resolved. Hopefully, you’ve been able to resolve this, but if you haven’t, please open up a new topic and we’ll be happy to help out. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Secure API’ is closed to new replies. * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504) * [WooCommerce](https://wordpress.org/plugins/woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/) ## Tags * [api](https://wordpress.org/support/topic-tag/api/) * 4 replies * 4 participants * Last reply from: [mouli a11n](https://wordpress.org/support/users/mouli/) * Last activity: [4 years ago](https://wordpress.org/support/topic/secure-api/#post-15721344) * Status: resolved