Skip to main content
RapidDev - Software Development Agency
replit-integrationsStandard API Integration

How to Integrate Replit with WooCommerce

To integrate Replit with WooCommerce, generate a REST API consumer key and secret from your WordPress admin (WooCommerce > Settings > Advanced > REST API), store them in Replit Secrets (lock icon πŸ”’), and use Python or Node.js to manage products, orders, and customers. Deploy on Autoscale for on-demand store management automation.

What you'll learn

  • How to generate WooCommerce REST API consumer keys from WordPress admin and store them in Replit Secrets
  • How to authenticate WooCommerce API requests using Basic auth (HTTPS) and the woocommerce-api library
  • How to retrieve, create, and update WooCommerce products and orders from Python and Node.js
  • How to set up WooCommerce webhooks pointing to your Replit backend for real-time order event processing
  • How to build an order management automation that processes new orders and triggers downstream workflows
Book a free consultation
4.9Clutch rating ⭐
600+Happy partners
17+Countries served
190+Team members
Intermediate13 min read40 minutesE-commerceMarch 2026RapidDev Engineering Team
TL;DR

To integrate Replit with WooCommerce, generate a REST API consumer key and secret from your WordPress admin (WooCommerce > Settings > Advanced > REST API), store them in Replit Secrets (lock icon πŸ”’), and use Python or Node.js to manage products, orders, and customers. Deploy on Autoscale for on-demand store management automation.

Why Connect Replit to the WooCommerce REST API?

WooCommerce powers over 30% of all online stores worldwide. The WooCommerce REST API (v3) provides programmatic access to products, orders, customers, coupons, and reports, enabling automation tools, inventory sync, fulfillment integrations, and multi-channel dashboards.

WooCommerce API authentication for HTTPS stores uses consumer key and secret as HTTP Basic auth credentials. For non-HTTPS stores, OAuth 1.0a is required, but all production stores should run HTTPS.

WooCommerce webhooks let your Replit server receive real-time notifications for order status changes, new customers, and product updates. Combined with the REST API, you can build fully automated store management workflows entirely from Replit.

Integration method

Standard API Integration

You connect Replit to WooCommerce by generating API consumer key and consumer secret credentials from your WordPress admin panel, storing them in Replit Secrets, and using Python or Node.js to authenticate requests via HTTP Basic auth or OAuth 1.0a. Your Replit backend can then create and manage products, retrieve and update orders, manage customers, and receive real-time webhook events from your WooCommerce store.

Prerequisites

  • A Replit account with a Python or Node.js project created
  • A WordPress site with WooCommerce installed and running on HTTPS
  • Administrator access to the WordPress admin dashboard to generate API keys
  • WooCommerce REST API enabled (it is enabled by default) under WooCommerce > Settings > Advanced > REST API
  • Basic understanding of REST API concepts and HTTP authentication

Step-by-step guide

1

Generate WooCommerce REST API Keys

Log into your WordPress admin dashboard and navigate to WooCommerce > Settings > Advanced > REST API. Click 'Add Key'. Fill in the key details: - Description: give the key a descriptive name (e.g., 'Replit Integration') - User: select the WordPress user the key will act as (use an administrator account for full access) - Permissions: choose Read/Write for full API access Click 'Generate API Key'. WordPress will display your Consumer Key and Consumer Secret exactly once β€” copy both values immediately. The consumer secret is hashed and stored in the database; you cannot retrieve it again after leaving the page. If you lose the consumer secret, you must revoke the key and create a new one. The Consumer Key format is ck_xxxx and the Consumer Secret format is cs_xxxx. Both are long alphanumeric strings. Important: WooCommerce REST API only allows Basic auth authentication over HTTPS. If your store does not have an SSL certificate (unlikely in production but possible in local development), you must use OAuth 1.0a or the WooCommerce API will reject Basic auth requests with a 401 error. Always test on a HTTPS-enabled store.

Pro tip: Copy both the Consumer Key and Consumer Secret before closing the WordPress API key creation page β€” the secret cannot be retrieved again once you navigate away.

Expected result: You have a WooCommerce Consumer Key (ck_xxxx) and Consumer Secret (cs_xxxx) from the WordPress REST API settings page.

2

Store Credentials in Replit Secrets

Click the lock icon πŸ”’ in the Replit sidebar to open the Secrets pane. Add three secrets: - Key: WC_CONSUMER_KEY β€” Value: your consumer key (ck_xxxx) - Key: WC_CONSUMER_SECRET β€” Value: your consumer secret (cs_xxxx) - Key: WC_STORE_URL β€” Value: your WordPress store URL (e.g., https://mystore.com) Storing the store URL as a secret (rather than hardcoding it) makes the integration portable and easy to update if your store URL changes. Access the values in Python with os.environ['WC_CONSUMER_KEY'] and in Node.js with process.env.WC_CONSUMER_KEY. WooCommerce consumer keys have the permissions you configured during creation (Read or Read/Write). A Read/Write key can create, update, and delete any store data β€” treat it as a privileged credential. Never include these values in client-facing code.

Pro tip: Use separate API keys for different integrations (one for Replit, one for other tools) β€” this lets you revoke specific integrations without affecting others.

Expected result: WC_CONSUMER_KEY, WC_CONSUMER_SECRET, and WC_STORE_URL appear in the Replit Secrets pane with values hidden.

3

Manage Products and Orders with Python

Install the WooCommerce Python client with 'pip install woocommerce flask'. The woocommerce library handles Basic auth and request signing automatically, so you don't need to manage authentication headers manually. The Flask server below provides endpoints for listing products, creating products, retrieving orders, and updating order status. The woocommerce library's API class wraps all HTTP operations with proper authentication. Use the get(), post(), put(), and delete() methods for CRUD operations. WooCommerce pagination uses 'per_page' (max 100) and 'page' parameters. For retrieving all products or orders beyond 100 items, you must paginate through multiple requests. The API returns the total number of pages in the X-WP-TotalPages response header.

app.py
1import os
2from flask import Flask, request, jsonify
3from woocommerce import API
4
5app = Flask(__name__)
6
7# Initialize WooCommerce API client
8wcapi = API(
9    url=os.environ["WC_STORE_URL"],
10    consumer_key=os.environ["WC_CONSUMER_KEY"],
11    consumer_secret=os.environ["WC_CONSUMER_SECRET"],
12    version="wc/v3",
13    timeout=30
14)
15
16
17@app.route("/products")
18def list_products():
19    """List products with optional filtering."""
20    page = request.args.get("page", 1)
21    per_page = min(int(request.args.get("per_page", 20)), 100)
22    status = request.args.get("status", "publish")
23
24    response = wcapi.get("products", params={
25        "page": page,
26        "per_page": per_page,
27        "status": status
28    })
29    if response.status_code != 200:
30        return jsonify({"error": response.json()}), response.status_code
31    return jsonify({
32        "total_pages": response.headers.get("X-WP-TotalPages"),
33        "total": response.headers.get("X-WP-Total"),
34        "products": response.json()
35    })
36
37
38@app.route("/products", methods=["POST"])
39def create_product():
40    """Create a new product."""
41    data = request.get_json()
42    response = wcapi.post("products", data)
43    return jsonify(response.json()), response.status_code
44
45
46@app.route("/products/batch", methods=["POST"])
47def batch_update_products():
48    """Batch update multiple products."""
49    data = request.get_json()
50    # data format: {"update": [{"id": 1, "regular_price": "19.99"}, ...]}
51    response = wcapi.post("products/batch", data)
52    return jsonify(response.json()), response.status_code
53
54
55@app.route("/orders")
56def list_orders():
57    """List orders with optional status filter."""
58    page = request.args.get("page", 1)
59    per_page = min(int(request.args.get("per_page", 20)), 100)
60    status = request.args.get("status", "any")
61
62    response = wcapi.get("orders", params={
63        "page": page,
64        "per_page": per_page,
65        "status": status
66    })
67    if response.status_code != 200:
68        return jsonify({"error": response.json()}), response.status_code
69    return jsonify({
70        "total_pages": response.headers.get("X-WP-TotalPages"),
71        "orders": response.json()
72    })
73
74
75@app.route("/orders/<int:order_id>")
76def get_order(order_id):
77    """Get a single order by ID."""
78    response = wcapi.get(f"orders/{order_id}")
79    return jsonify(response.json()), response.status_code
80
81
82@app.route("/orders/<int:order_id>/status", methods=["PUT"])
83def update_order_status(order_id):
84    """Update order status."""
85    data = request.get_json()
86    new_status = data.get("status")
87    if not new_status:
88        return jsonify({"error": "status is required"}), 400
89    # Valid statuses: pending, processing, on-hold, completed, cancelled, refunded, failed
90    response = wcapi.put(f"orders/{order_id}", {"status": new_status})
91    return jsonify(response.json()), response.status_code
92
93
94if __name__ == "__main__":
95    app.run(host="0.0.0.0", port=3000, debug=True)

Pro tip: The WooCommerce batch API allows up to 100 create/update/delete operations in a single request. Use it for bulk product imports or price changes instead of making individual API calls.

Expected result: GET /products returns a list of WooCommerce products from your store, and GET /orders returns recent orders with their line items and customer data.

4

Handle WooCommerce Webhooks in Node.js

Install dependencies with 'npm install express @woocommerce/woocommerce-rest-api'. The Node.js WooCommerce library provides the same API interface as the Python version. The server below implements both REST API calls and a webhook receiver. WooCommerce webhooks include a secret (configured in WordPress) that is used to generate an HMAC-SHA256 signature in the X-WC-Webhook-Signature header. Verifying this signature in your Replit server confirms the webhook came from your actual WooCommerce store and prevents spoofed requests. To configure webhooks in WooCommerce, go to WooCommerce > Settings > Advanced > Webhooks and add a new webhook with your Replit deployment URL and your chosen webhook secret.

server.js
1const express = require('express');
2const crypto = require('crypto');
3const WooCommerceRestApi = require('@woocommerce/woocommerce-rest-api').default;
4
5const app = express();
6
7const WC_STORE_URL = process.env.WC_STORE_URL;
8const WC_CONSUMER_KEY = process.env.WC_CONSUMER_KEY;
9const WC_CONSUMER_SECRET = process.env.WC_CONSUMER_SECRET;
10const WC_WEBHOOK_SECRET = process.env.WC_WEBHOOK_SECRET || '';
11
12const api = new WooCommerceRestApi({
13  url: WC_STORE_URL,
14  consumerKey: WC_CONSUMER_KEY,
15  consumerSecret: WC_CONSUMER_SECRET,
16  version: 'wc/v3'
17});
18
19// Webhook handler β€” use raw body for signature verification
20app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
21  // Verify webhook signature if secret is configured
22  if (WC_WEBHOOK_SECRET) {
23    const signature = req.headers['x-wc-webhook-signature'];
24    const expected = crypto
25      .createHmac('sha256', WC_WEBHOOK_SECRET)
26      .update(req.body)
27      .digest('base64');
28    if (signature !== expected) {
29      return res.status(401).json({ error: 'Invalid webhook signature' });
30    }
31  }
32
33  const event = JSON.parse(req.body);
34  const topic = req.headers['x-wc-webhook-topic'];
35
36  console.log(`WooCommerce webhook: ${topic}`);
37
38  switch (topic) {
39    case 'order.created':
40    case 'order.updated':
41      console.log(`Order ${event.id} status: ${event.status}, total: ${event.total}`);
42      // Add downstream logic: notify fulfillment, update CRM, etc.
43      break;
44    case 'product.created':
45    case 'product.updated':
46      console.log(`Product ${event.id}: ${event.name} β€” stock: ${event.stock_quantity}`);
47      break;
48    case 'customer.created':
49      console.log(`New customer: ${event.email}`);
50      break;
51    default:
52      console.log(`Unhandled topic: ${topic}`);
53  }
54
55  res.json({ received: true });
56});
57
58// Use JSON parser for non-webhook routes
59app.use(express.json());
60
61// List products
62app.get('/products', async (req, res) => {
63  try {
64    const response = await api.get('products', {
65      per_page: Number(req.query.per_page) || 20,
66      page: Number(req.query.page) || 1,
67      status: req.query.status || 'publish'
68    });
69    res.json({
70      total: response.headers['x-wp-total'],
71      total_pages: response.headers['x-wp-totalpages'],
72      products: response.data
73    });
74  } catch (err) {
75    res.status(err.response?.status || 500).json({ error: err.message });
76  }
77});
78
79// Get order by ID
80app.get('/orders/:id', async (req, res) => {
81  try {
82    const response = await api.get(`orders/${req.params.id}`);
83    res.json(response.data);
84  } catch (err) {
85    res.status(err.response?.status || 500).json({ error: err.message });
86  }
87});
88
89// Update order status
90app.put('/orders/:id/status', async (req, res) => {
91  const { status } = req.body;
92  if (!status) return res.status(400).json({ error: 'status is required' });
93  try {
94    const response = await api.put(`orders/${req.params.id}`, { status });
95    res.json(response.data);
96  } catch (err) {
97    res.status(err.response?.status || 500).json({ error: err.message });
98  }
99});
100
101app.listen(3000, '0.0.0.0', () => {
102  console.log('WooCommerce integration server running on port 3000');
103});

Pro tip: The /webhook route uses express.raw() to read the raw request body before JSON parsing β€” this is required to correctly compute the HMAC-SHA256 signature for webhook verification. If you use express.json() first, the raw body is consumed and signature verification will fail.

Expected result: POST /webhook correctly receives WooCommerce order events with signature verification, and GET /products returns product data from your store.

5

Deploy and Configure WooCommerce Webhooks

Deploy your Replit app by clicking the Deploy button. For a WooCommerce integration that receives order webhooks, choose a Reserved VM deployment to ensure the webhook endpoint is always available. Order processing automation should never miss events due to a cold start. After deployment, go to WooCommerce > Settings > Advanced > Webhooks in your WordPress admin. Click 'Add Webhook': - Name: Replit Integration - Status: Active - Topic: Order Created (or whichever events you need) - Delivery URL: your Replit deployment URL + /webhook (e.g., https://your-app.yourusername.repl.co/webhook) - Secret: create a random string and add it as WC_WEBHOOK_SECRET in Replit Secrets Save the webhook. WooCommerce will send a test ping to your endpoint β€” check your Replit deployment logs to confirm receipt. Repeat for each event topic you need (Order Updated, Customer Created, Product Updated, etc.).

.replit
1[[ports]]
2internalPort = 3000
3externalPort = 80
4
5[deployment]
6run = ["node", "server.js"]
7deploymentTarget = "cloudrun"

Pro tip: Always set a webhook secret in both WooCommerce and Replit Secrets β€” it protects your /webhook endpoint from receiving fake order events from unauthorized sources.

Expected result: Your deployed Replit server receives WooCommerce webhook events and your webhook appears as 'Active' in the WooCommerce Webhooks settings page.

Common use cases

Automated Order Fulfillment Notifications

A Replit webhook receiver listens for WooCommerce order.created events, extracts the order details and customer information, and triggers downstream actions: sending a custom order confirmation email with branding beyond WooCommerce's default templates, updating a Google Sheet with order data for the fulfillment team, and posting a Slack notification to the warehouse channel.

Replit Prompt

Build a Flask webhook server that receives WooCommerce new order events, extracts product line items, sends a formatted fulfillment notification to a Slack channel, and logs the order to a database.

Copy this prompt to try it in Replit

Bulk Product Price and Inventory Updater

A Replit script reads a CSV of product IDs, new prices, and stock quantities, then uses the WooCommerce Batch Update API to update hundreds of products in a single API call. This is far more efficient than editing products individually in the WordPress admin and enables regular pricing updates from a spreadsheet-based workflow.

Replit Prompt

Create a Python script that reads a CSV with WooCommerce product IDs and new prices, batches the updates into groups of 100, and sends batch update requests to the WooCommerce API.

Copy this prompt to try it in Replit

Customer Segment Export for Email Marketing

A Replit endpoint queries WooCommerce for customers who have placed more than two orders in the past 90 days, formats their email addresses and purchase history, and exports the data to a Mailchimp audience segment. This creates a high-value customer cohort for loyalty marketing campaigns without any manual data export from WordPress.

Replit Prompt

Write a Node.js script that fetches WooCommerce customers with repeat purchases, filters by order count and recency, and adds them to a specific Mailchimp audience segment.

Copy this prompt to try it in Replit

Troubleshooting

HTTP 401 Unauthorized when calling the WooCommerce REST API

Cause: The most common cause is calling the API over HTTP (not HTTPS). WooCommerce Basic auth only works over HTTPS. Another cause is incorrect consumer key or secret values in Replit Secrets.

Solution: Verify your WC_STORE_URL in Replit Secrets starts with https:// not http://. Confirm the consumer key (ck_xxxx) and consumer secret (cs_xxxx) in Secrets match exactly what is shown in WordPress WooCommerce > Settings > Advanced > REST API.

typescript
1# Verify the store URL uses HTTPS
2store_url = os.environ['WC_STORE_URL']
3if not store_url.startswith('https://'):
4    raise ValueError(f'WooCommerce store URL must use HTTPS: {store_url}')

WooCommerce webhook not arriving at Replit server

Cause: The webhook delivery URL points to the Replit editor preview URL instead of the deployed app URL, or the deployment is on Autoscale and the server is cold-starting when the webhook arrives.

Solution: Use the Replit deployment URL (from the Deploy tab) not the editor preview URL. For reliable webhook delivery, use Reserved VM deployment to avoid cold starts. Check the WooCommerce Webhook log (in WooCommerce > Status > Logs) for delivery errors.

Webhook signature verification fails with 401

Cause: The raw body is being parsed as JSON before the HMAC signature is computed, or the webhook secret in Replit Secrets does not match the secret configured in WooCommerce.

Solution: Ensure the /webhook route uses express.raw() or an equivalent raw body parser BEFORE any json middleware runs on that route. Verify WC_WEBHOOK_SECRET in Replit Secrets exactly matches the secret entered in the WooCommerce Webhook settings.

typescript
1// Correct: raw body for webhook route BEFORE express.json()
2app.post('/webhook', express.raw({ type: 'application/json' }), handler);
3// Wrong: express.json() consumes the body first
4// app.use(express.json()); // Don't put this before webhook route

403 Forbidden when trying to create or update resources

Cause: The WooCommerce API consumer key was generated with Read-only permissions instead of Read/Write.

Solution: Go to WooCommerce > Settings > Advanced > REST API, find your API key, and check its permissions. If it is set to Read, revoke it and create a new key with Read/Write permissions. Update WC_CONSUMER_KEY and WC_CONSUMER_SECRET in Replit Secrets with the new credentials.

Best practices

  • Store WC_CONSUMER_KEY, WC_CONSUMER_SECRET, and WC_STORE_URL in Replit Secrets (lock icon πŸ”’) β€” never hardcode them in server files.
  • Always use HTTPS for your WooCommerce store URL β€” WooCommerce REST API Basic auth is only secure over encrypted connections.
  • Set a WooCommerce webhook secret and verify the HMAC-SHA256 signature on every incoming webhook to prevent spoofed order events.
  • Use the batch API endpoint (products/batch, orders/batch) for bulk operations instead of individual API calls β€” this reduces request count significantly.
  • Use Reserved VM deployment for WooCommerce webhook receivers to avoid missing order events during Autoscale cold starts.
  • Always paginate through large product or order lists β€” the WooCommerce API returns a maximum of 100 items per request, and stores with thousands of products require multiple paginated calls.
  • Create separate API keys for different integrations (analytics vs fulfillment vs inventory) so you can revoke specific access without disrupting other tools.
  • Log WooCommerce webhook payloads to a database before processing so you can replay events if downstream processing fails.

Alternatives

Shift4Shop (3dcart)

Shift4Shop is a hosted SaaS e-commerce platform with a free enterprise plan when using Shift4 processing, making it a better choice for merchants who want managed hosting without running WordPress.

eBay API

eBay provides access to its marketplace of hundreds of millions of buyers, making it a better integration when you need to list products on a consumer marketplace rather than manage a self-hosted store.

WordPress REST API

The WordPress REST API provides access to posts, pages, and custom post types beyond WooCommerce products, making it the right choice when you need to manage content alongside e-commerce data.

Frequently asked questions

How do I generate WooCommerce REST API keys?

Log into WordPress admin and go to WooCommerce > Settings > Advanced > REST API. Click 'Add Key', set permissions to Read/Write, and click 'Generate API Key'. Copy the Consumer Key and Consumer Secret immediately β€” the secret cannot be retrieved after leaving the page.

Why does the WooCommerce API return 401 Unauthorized from Replit?

The most common cause is using HTTP instead of HTTPS for your store URL β€” WooCommerce Basic auth only works over HTTPS. Check that WC_STORE_URL in Replit Secrets starts with https://. Also verify the consumer key and secret values are correct and the key has the right permissions (Read/Write).

Can I receive real-time order notifications in Replit from WooCommerce?

Yes, using WooCommerce webhooks. Configure a webhook in WooCommerce > Settings > Advanced > Webhooks pointing to your Replit deployment URL. Set the topic to 'Order Created' or other events. Your Replit server receives a POST request with the full order data whenever a matching event occurs. Use a Reserved VM deployment to ensure the endpoint is always available.

Is there a WooCommerce client library for Python and Node.js?

Yes. For Python, install the 'woocommerce' package (pip install woocommerce). For Node.js, install '@woocommerce/woocommerce-rest-api' (npm install @woocommerce/woocommerce-rest-api). Both libraries handle Basic auth and OAuth 1.0a automatically based on your store URL being HTTPS or HTTP.

How many WooCommerce records can I retrieve per API request?

The WooCommerce REST API returns a maximum of 100 records per request (using per_page=100). For stores with thousands of products or orders, you need to paginate through results using the page parameter. The total number of pages is returned in the X-WP-TotalPages response header so you know when to stop.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Need help with your project?

Our experts have built 600+ apps and can accelerate your development. Book a free consultation β€” no strings attached.

Book a free consultation

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.