Connect FlutterFlow to WooCommerce using REST API v3 with the base URL https://{site}/wp-json/wc/v3/. Route all API calls through a Cloud Function that adds Basic Auth headers with your consumer key and secret server-side. Query GET /products for the catalog, handle product variations via GET /products/{id}/variations, manage the cart in App State, and create orders with POST /orders including line_items, billing, and shipping objects.
Build a headless WooCommerce mobile storefront in FlutterFlow
WooCommerce powers over 30% of all online stores worldwide. If your client's store runs on WooCommerce, you can build a native mobile app storefront in FlutterFlow that connects to the existing product catalog, inventory, and order system via the WooCommerce REST API v3. Unlike Shopify's GraphQL Storefront API, WooCommerce uses a standard REST API authenticated with consumer keys. Because these keys cannot be safely embedded in mobile apps, this tutorial routes all WooCommerce calls through a Cloud Function that adds auth server-side. You will build a product catalog, variant selector, App State cart, and order submission flow.
Prerequisites
- A WooCommerce store (WordPress + WooCommerce plugin installed and active)
- WooCommerce REST API consumer key and consumer secret — generate in WooCommerce Admin → Settings → Advanced → REST API → Add Key
- A FlutterFlow project with Firebase/Firestore connected (for Cloud Functions and optional order storage)
- Basic understanding of Cloud Functions and FlutterFlow's API Manager
Step-by-step guide
Create a Cloud Function proxy for WooCommerce REST API authentication
Create a Cloud Function proxy for WooCommerce REST API authentication
WooCommerce REST API uses HTTP Basic Authentication with the consumer_key as the username and consumer_secret as the password. Embedding consumer_secret in a mobile app is a critical security risk — it gives anyone who extracts the secret full write access to your WooCommerce store (orders, products, customers, settings). Create a Cloud Function named woocommerceProxy that accepts the method, WooCommerce endpoint path, and optional request body. The function builds the Authorization header (Base64 of consumer_key:consumer_secret) and proxies the request to your store's wp-json/wc/v3/ endpoint. Store consumer_key and consumer_secret in Cloud Function environment variables. In FlutterFlow, add an API Group named WooCommerceAPI pointing to your Cloud Function URL, with a simple JSON body containing {method, endpoint, body}.
1// Cloud Function: woocommerceProxy (Node.js 20)2const functions = require('firebase-functions');3const axios = require('axios');45exports.woocommerceProxy = functions.https.onRequest(async (req, res) => {6 res.set('Access-Control-Allow-Origin', '*');7 if (req.method === 'OPTIONS') { res.status(204).send(''); return; }89 const { method = 'GET', endpoint, body } = req.body;10 const consumerKey = process.env.WC_CONSUMER_KEY;11 const consumerSecret = process.env.WC_CONSUMER_SECRET;12 const storeUrl = process.env.WC_STORE_URL; // e.g. https://yourstore.com1314 const credentials = Buffer.from(`${consumerKey}:${consumerSecret}`).toString('base64');1516 try {17 const response = await axios({18 method,19 url: `${storeUrl}/wp-json/wc/v3/${endpoint}`,20 headers: {21 Authorization: `Basic ${credentials}`,22 'Content-Type': 'application/json',23 },24 data: body,25 params: method === 'GET' ? body : undefined,26 });27 res.json(response.data);28 } catch (error) {29 const status = error.response?.status || 500;30 res.status(status).json({ error: error.response?.data || error.message });31 }32});Expected result: Cloud Function is deployed. All WooCommerce API calls from FlutterFlow go through this proxy with auth handled server-side.
Configure the API Group and product listing endpoints
Configure the API Group and product listing endpoints
In FlutterFlow → API Manager → Add API Group, name it WooCommerceAPI. Set the Base URL to your Cloud Function HTTPS URL. All requests are POST with a JSON body containing method (the HTTP method for WooCommerce), endpoint (the WC REST path), and optionally body (query params or request data). Add an endpoint named getProducts: POST to the Cloud Function URL, request body: {"method": "GET", "endpoint": "products", "body": {"status": "publish", "per_page": "20", "page": "1"}}. Test the endpoint — it should return an array of WooCommerce product objects with fields including id, name, slug, price, regular_price, sale_price, images (array with src), short_description, stock_status, and type (simple/variable). Add a second endpoint getProductById with request body {"method": "GET", "endpoint": "products/[productId]", "body": {}} where [productId] is a variable.
Expected result: API Group is configured and getProducts returns your WooCommerce product catalog with pricing and images.
Build the product catalog and detail pages with variation selector
Build the product catalog and detail pages with variation selector
Create a ProductCatalog page with a Backend Query using the getProducts endpoint. Add a GridView (2 columns) bound to the result array. Each ProductCard Component shows: Image from images[0].src, Text for name (bold), Row with regular_price (strikethrough if sale price exists) and sale_price (red, bold). On Tap: navigate to ProductDetail page passing the product id. On ProductDetail page, add a Backend Query using getProductById passing the productId parameter. For variable products (type == 'variable'), add another Backend Query using a getProductVariations endpoint (WC endpoint: products/{id}/variations). Add a DropDown bound to the variations result — display each variation's attributes as the label (e.g., 'Large / Blue') and store the selected variation's id in Page State selectedVariationId and its price in Page State selectedPrice. For simple products, skip the DropDown and use the product's price directly. Display stock_status with a Conditional Visibility green (In Stock) or red (Out of Stock) Container.
Expected result: Product catalog displays with images and pricing. Detail page shows variation selector for variable products.
Build the App State shopping cart
Build the App State shopping cart
WooCommerce's REST API does not have a server-side cart concept for headless use — you manage the cart client-side. In App State, create a cartItems variable of type List (JSON type: [{productId, variationId, quantity, name, price, imageUrl}]). Create three Custom Functions: addToCart(cartItems, newItem) that checks if the item with matching productId and variationId already exists and increments quantity, or appends it; removeFromCart(cartItems, productId, variationId) that filters out the matching item; and getCartTotal(cartItems) that sums price × quantity for all items and returns a formatted string. On ProductDetail, add a Quantity stepper (two Buttons with a Text between them showing Page State quantity) and an Add to Cart button. On tap, call a Custom Action that uses the addToCart Custom Function and updates App State cartItems. Add a Cart icon in the AppBar with a Badge showing App State cartItems length.
Expected result: Users can add items to a cart stored in App State. The cart badge shows the item count and the cart total is calculated by the Custom Function.
Submit the order with POST /orders and redirect to payment gateway
Submit the order with POST /orders and redirect to payment gateway
Create a Checkout page with TextFields for billing details: first_name, last_name, email, phone, address_1, city, state, postcode, country. Add a DropDown for payment_method populated with your enabled payment gateways (e.g., bacs for bank transfer, paypal, stripe). Add a Place Order button. In its Action Flow: first validate the form (all required fields filled). Then call the WooCommerceAPI with endpoint orders, method POST, and body: {status: 'pending', payment_method: selectedPaymentMethod, payment_method_title: 'gateway name', billing: {first_name, last_name, email, phone, address_1, city, state, postcode, country: 'US'}, line_items: [{product_id, variation_id, quantity}] mapped from App State cartItems using a Custom Function buildWCLineItems}. The response includes an order id and payment_url. If payment_url is not empty, Launch URL to it for hosted payment. Clear App State cartItems after successful order creation.
1// Custom Function: buildWCLineItems2// Converts App State cartItems to WooCommerce line_items format3List<dynamic> buildWCLineItems(List<dynamic> cartItems) {4 return cartItems.map((item) {5 final map = <String, dynamic>{6 'product_id': item['productId'],7 'quantity': item['quantity'] ?? 1,8 };9 if (item['variationId'] != null && item['variationId'] != 0) {10 map['variation_id'] = item['variationId'];11 }12 return map;13 }).toList();14}1516// Custom Function: getCartTotal17String getCartTotal(List<dynamic> cartItems) {18 double total = 0.0;19 for (final item in cartItems) {20 final price = double.tryParse(item['price']?.toString() ?? '0') ?? 0.0;21 final qty = (item['quantity'] as int? ?? 1);22 total += price * qty;23 }24 return '\$${total.toStringAsFixed(2)}';25}Expected result: Placing an order creates a WooCommerce order via POST /orders. Customers are redirected to the payment gateway URL for checkout.
Complete working example
1Cloud Function: woocommerceProxy2├── Env vars: WC_CONSUMER_KEY, WC_CONSUMER_SECRET, WC_STORE_URL3├── Builds: Authorization: Basic base64(key:secret)4└── Proxies to: {storeUrl}/wp-json/wc/v3/{endpoint}56API Group: WooCommerceAPI7├── Base URL: https://{cloudFunctionUrl}8├── All requests: POST with body {method, endpoint, body}9├── getProducts: {method:'GET', endpoint:'products',10│ body:{status:'publish', per_page:'20', page:'1'}}11├── getProductById: {method:'GET', endpoint:'products/[id]'}12├── getProductVariations: {method:'GET',13│ endpoint:'products/[id]/variations'}14└── createOrder: {method:'POST', endpoint:'orders', body: orderData}1516App State:17├── cartItems: List<JSON>18│ └── [{productId, variationId, quantity, name, price, imageUrl}]19└── cartTotal: String (computed by Custom Function)2021Custom Functions:22├── addToCart(cartItems, newItem) → List<JSON>23├── removeFromCart(cartItems, productId, variationId) → List<JSON>24├── getCartTotal(cartItems) → String25└── buildWCLineItems(cartItems) → List (for POST /orders)2627Page Architecture:28├── ProductCatalog29│ └── GridView (2 cols, Backend Query: getProducts)30│ └── ProductCard: image + name + price + salePrice31│32├── ProductDetail (param: productId)33│ ├── Backend Query: getProductById34│ ├── Backend Query: getProductVariations (if type==variable)35│ ├── DropDown: variations → Page State selectedVariationId36│ ├── Stepper: quantity → Page State quantity37│ ├── Container: stock_status (green/red)38│ └── Button: Add to Cart → update App State cartItems39│40├── Cart41│ ├── ListView (App State cartItems)42│ │ └── Row: image + name + qty stepper + price + remove btn43│ └── Column: subtotal + checkout button44│45└── Checkout46 ├── TextFields: billing details47 ├── DropDown: payment_method48 └── Button: Place Order49 └── Action: createOrder API → Launch URL payment_urlCommon mistakes
Why it's a problem: Exposing the WooCommerce consumer_secret in client-side API Group headers
How to avoid: Never add WooCommerce authentication headers directly in FlutterFlow's API Manager. Route all WooCommerce API calls through a Cloud Function that reads the consumer_key and consumer_secret from environment variables and constructs the Authorization header server-side before forwarding the request.
Why it's a problem: Trying to use WooCommerce's session-based cart (add-to-cart REST endpoint) for headless apps
How to avoid: Manage the cart entirely client-side in FlutterFlow's App State as a List of JSON objects. Only POST /orders when the customer is ready to place the order — WooCommerce creates the order directly without needing a server-side cart session.
Why it's a problem: Not passing variation_id when creating orders for variable products
How to avoid: Always include variation_id in the line_items array when the user selected a variant. In the buildWCLineItems Custom Function, check if variationId is not null or 0 before adding the variation_id field to the line item.
Best practices
- Always proxy WooCommerce API calls through a Cloud Function — never include the consumer_secret in the FlutterFlow app in any form
- Generate a separate WooCommerce API key with Read Only permission for product browsing and a separate Write permission key for order creation — store them as separate Cloud Function environment variables
- Cache your product catalog in Firestore with a scheduled Cloud Function sync (every 15 min) and serve catalog reads from Firestore rather than hitting the WooCommerce server on every page load
- Use App State for the cart rather than any server-side WooCommerce cart session — simpler, faster, and works offline
- Validate stock availability via the stock_status and stock_quantity fields before allowing checkout — WooCommerce can run out of stock between when the user views the product and when they place the order
- Set the order status to pending in POST /orders (not processing) until payment is confirmed — a webhook from your payment gateway should update the status to processing via the Cloud Function
- Test order creation in WooCommerce test mode with the Stripe for WooCommerce test cards before going live
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I am building a FlutterFlow app that connects to WooCommerce REST API v3. Write me a Firebase Cloud Function in Node.js that acts as a secure proxy — it accepts method, endpoint, and body from FlutterFlow, adds HTTP Basic Auth headers using consumer_key and consumer_secret from environment variables, and forwards the request to my WordPress store's /wp-json/wc/v3/ endpoint. Also write the Flutter Custom Functions I need for: adding an item to a cart List, removing an item, calculating the cart total, and converting the cart List to the WooCommerce line_items array format for POST /orders.
Create a product catalog page connected to my WooCommerceAPI API Group's getProducts endpoint. Display products in a 2-column grid with product image, name, regular price (with strikethrough), and sale price in red. Make each product tappable to navigate to a product detail page. Add an Add to Cart button that saves the selected product to App State cartItems.
Frequently asked questions
What WooCommerce REST API permissions do I need for my consumer key?
For product browsing only: Read permission. For a full storefront where customers place orders: Read/Write permission — this allows POST /orders to create new orders. Never use the consumer key in the client app regardless of permissions. Generate the key in WooCommerce Admin → Settings → Advanced → REST API → Add Key. Create two separate keys if you want to limit order creation to authenticated users only.
How do I handle WooCommerce product categories and filtering in FlutterFlow?
Use the GET /products/categories endpoint (via your Cloud Function proxy) to fetch all categories with id and name. Display them as a ChoiceChips widget bound to Page State selectedCategoryId. When a category is selected, call getProducts with the additional query parameter category: selectedCategoryId in the request body. For tag filtering, use the tag query parameter with a tag ID from GET /products/tags.
How do I show customers their order history from WooCommerce?
Use GET /orders with the parameter customer: wcCustomerId to fetch a specific customer's orders. However, this requires knowing the WooCommerce customer ID, which is created by WooCommerce when the customer places their first order. After a successful POST /orders response, save the customer_id from the response body to Firestore linked to the user's Firebase Auth UID. On subsequent orders and for order history, use this stored customer_id.
Can FlutterFlow handle WooCommerce product search?
Yes. Use GET /products with the search query parameter containing the user's search term. In FlutterFlow, add a TextField bound to Page State searchQuery. On text change (or when a search button is tapped), call the getProducts API endpoint with search: searchQuery in the request body passed to your Cloud Function. WooCommerce searches product titles and descriptions.
How do I apply WooCommerce coupon codes in FlutterFlow?
Add a coupon_lines field to your POST /orders request body: [{"code": "COUPONCODE"}]. WooCommerce validates the coupon and applies the discount automatically when the order is created. If the coupon is invalid or expired, the API returns an error in the response. Show a coupon TextField on the checkout page and include its value in the order creation call. Verify the coupon first with GET /coupons?code=COUPONCODE to show the discount amount before order submission.
Can RapidDev help build a full WooCommerce mobile app in FlutterFlow?
Yes. A production WooCommerce mobile app with customer accounts, order tracking, push notifications for order status, wishlist synced to WooCommerce wishlists, reviews, and payment gateway integrations requires significant Cloud Function work and Custom Actions. RapidDev specializes in WooCommerce and FlutterFlow integrations for existing e-commerce businesses.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation