WooCommerce website does not pass the Basic Authentication header information and allow connections with the Vend API

Problem

An invalid Consumer Key and/or the Authentication Header would cause you to receive the error below and cause you issues establishing the connection between Vend and WooCommerce. 

Occasionally some servers may not resolve the Authorization header correctly. If you see a "Consumer key is invalid/missing" error when authenticating over SSL, this means you have an issue with your server.

Screen_Shot_2019-10-04_at_1.52.35_PM.png

Setup

  • Vend for PC and Mac
  • WooCommerce Integration

Cause

The http Authorization header that your web server (e.g. Apache) receives in the request doesn’t end up populating the PHP $_SERVER['HTTP_AUTHORIZATION'] variable that PHP uses to populate the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables. These are what WooCommerce uses for basic authentication.

When the variables are missing, this results in a 401 error with “Consumer secret is invalid” or “Unauthorized” even though the credentials sent are correct.

You could look at using OAuth 1.0a but as above it really can be very painful to set up. The next most obvious way around this is to perform basic authentication by including the credentials in the URL using query/get parameters, but that just isn’t very secure even if it is via HTTPS and we wouldn’t recommend it.

Solution

The solution we’ve found that works the majority of times is to use a simple WordPress .htaccess modification.

Screen_Shot_2019-10-04_at_1.52.41_PM.png

Specifically include E=HTTP_AUTHORIZATION:%{HTTP:Authorization}, in the first [L]. For reference, the default WordPress .htaccess files can be found here

Additional Information

It is best to get in touch with a developer or the web hosting company to help you with this issue.

For more information: