Settings and Permissions
Settings and Permissions

Knowledge Base

Use this API if you want to connect a third party app to WooRewards.

This feature requires programming on the user’s side. Therefore, only developers should use the API.

Disclaimer : Authentication

WooRewards REST API requires a logged in user. However, how you log in the user is your responsibility.

For security purposes, WooRewards API won’t respond without a logged in user.

If you don’t know how to log a user, please use WooCommerce’s documentation.

WooCommerce and WooRewards APIs require the use of permalinks on your website. Go to your website administration, inside Settings → Permalinks and select one of the options different than “Plain”. If you don’t, the API will not respond.

API Settings

In order to set up the API, go to the following page

WordPress Admin
Admin menu
WooRewards
Menu entry
System
Page
API
Tab

Firstly, you need to enable the API by checking the two first options.

Secondly, you need to choose how to users get access to the information. There are 2 possibilities: User selection or Capability check

In addition to the instructions, here’s a description of the available options.

REST API

This section contains the main features of the API.

  • Enable REST API : Check this box and save your settings to enable the REST API. If unchecked, the API won’t respond to any requests.
  • Allow authentication by WooCommerce REST API : If checked, you can use the WooCommerce authentication method (as described in the documentation linked above) to connect users. On the other hand, If you setup any other API authentication method, let that option unchecked.

At the top of the section, there’s also a notice that indicates the url of the API.

User Permissions

In this section, you have to define which users can access the different features and functions of the API. There are 2 different modes that we’ll describe here.

User Selection

There are different levels of authorizations required, depending on the task performed through the API :

  • Users allowed to read general information : This level of authentication is necessary to access basic information such as loyalty systems or rewards.
  • Users allowed to read user information : This level of authentication is used to access user information, which could be personal information. You must ensure that you follow the personal data regulations of the country you’re in.
  • Users allowed to change user information : This level of authentication is used to access and modify user information, which could be personal information. You must ensure that you follow the personal data regulations of the country you’re in.

For each section, select the user or users allowed to access the relative features. These are the users that you will use to connect to the REST API.

An Administrator should be set in each list so that he gets the rights to read general information, to read user information and to change user information.

Capability Check

The other solution is to use user capabilities to check what information users have access to. There’s a list of 5 different capabilities that define which kind of data users have access to. Use this option if you don’t know in advance who will have access to the loyalty data.

  • lws_wr_read_settings : Read the Loyalty system settings, its point earning methods and rewards.
  • lws_wr_read_points : Read the connected user points.
  • lws_wr_read_other_points : The connected user can read the points of any user
  • lws_wr_edit_points : The connected user can edit its own points and trigger rewards for him
  • lws_wr_edit_other_points : The connected user can edit the points and trigger rewards of any user
It is up to you to add the user capabilities to the different user roles. You can use different plugins to edit user roles and capabilities
Was this article helpful?
Dislike 0
Views: 670

Continue reading

Next: Points and Rewards Systems Info