WooCommerce OAuth 1 one-legged Authentication in .NET

WooCommerce OAuth 1 one-legged Authentication in .NET

WooCommerce is newbie in the world of eCommerce. The platform has gained good popularity due to its ability to adapt customers need. There are huge options available in it for customizable extensions according to your business’s need. Also, you will find multiple free resources like themes, Plugins, fonts etc. Woocommerce also provides other APIs package for third party application, for better communication.

In order to make this tutorial work, you need to have WooCommerce 2.1 or current version installed within word press.

Before we start with the process of OAuth authentication in .NET let’s get pre-requirements of this:

Enable REST API under WooCommerce > Settings

[imageframe lightbox=”yes” style_type=”none” bordercolor=”” bordersize=”0px” stylecolor=”” align=”none” link=”” linktarget=”_self” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””][/imageframe]
  • Pretty permalinks must be enabled
  • Should already have consumer key and consumer secret for the admin user
[imageframe lightbox=”yes” style_type=”none” bordercolor=”” bordersize=”0px” stylecolor=”” align=”none” link=”” linktarget=”_self” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””][/imageframe]

The current API version is v2 which returns response as JSON. The v1 endpoint is also available in WooCommerce 2.1 / 2.2 / 2.3, but it will be eliminated in the future version. V1 return’s result is in xml format.

Further differentiations can be found at


APIs available can be checked using the following URL


EITHER HMAC-SHA1 or HMAC-SHA256 can be used for encryption. I have used HMAC-SHA1. Signature generation mechanism will remain the same whether you are using GET or POST. Assuming one is fetching all product data from WooCommerce.

Base URL becomes http://www.your-store.com/wc-api/v2/products

Above URL should be RFC3986 encoded which can be achieved by EscapeDataString function of URI class.

Request authentication follows three steps:

Creating the string that will be used to generate the signature:
  • If using extra parameters like filter, page etc., collect oauth parameters (oauth_consumer_key, oauth_signature_method, oauth_nonce, oauth_timestamp, oauth_signature) and extra parameters like (filter) in a single string array and sort them.

For example: If filter and page is used as extra filter then the sorted order should be like: filter, oauth_consumer_key, oauth_nonce, oauth_signature, oauth_signature_method, oauth_timestamp, and page.

NOTE: RFC Reserved characters like ‘[’,’]’ should be replaced with their special representation “%5B”,”%5D” respectively.

  • Next comes creating a string that will be used for signature generation

Note:Values of each parameter should also be RFC3986 encoded using EscapeDataString.

i) From the already sorted array, excepting oauth_signature, assign all the oauth parameters with their corresponding values using ’=’ and concatenate all parameters using ‘&’.

For example:


ii) Encode the above generated string again using EscapeDataString function.

iii) Concatenate request method name with
a) ‘&’
b) RFC3986 encoded base URL
c) ’&’
d) The above generated string. Your resultant string to sign will look like this


Signing the string with HMAC-SHA1 algorithm using consumer secret:

  • Use the below code to generate the signature with the above generated string
HMACSHA1 hmac = new HMACSHA1(Encoding.ASCII.GetBytes(consumerSecret));
string signature =Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(sigBaseString)));
return signature;
Generating header for request:
  • Assign the generated signature string to oauth_signature parameter using ‘=’ in the sorted list of (encrypted) parameters and then generate a new string with the parameters separated by ‘&’. Result will look like this:
  • Finally concatenate un-encoded base URL with “?” and the authorization header just generated.

All done you can make the request with the last string generated as the base URL and you will get your response!!

For more details please refer below link:


You May like these blogs

How to Install Microsoft Dynamics NAV 2015
The next leap, Is your business ready for an ERP?
InSync Integration Solution- How it evolved

Integrate NAV with eCommerce, Marketplace and CRM