REST API Reference
The WP eCommerce Core Plugin exposes a comprehensive REST API under the ec/v1 namespace.
Base URL
https://your-site.com/wp-json/ec/v1/
Authentication
Most public endpoints (shop, products) don't require authentication. Admin and customer-specific endpoints require a WordPress nonce or application password.
Nonce Authentication (Frontend)
// WordPress automatically provides the nonce for logged-in users
fetch('/wp-json/ec/v1/cart', {
headers: {
'X-WP-Nonce': wpApiSettings.nonce,
},
});
Application Passwords (External)
curl -u "username:xxxx xxxx xxxx xxxx" \
https://your-site.com/wp-json/ec/v1/orders
Response Format
All endpoints return JSON with consistent envelope:
{
"success": true,
"data": { ... },
"message": "Optional message"
}
Error responses:
{
"success": false,
"message": "Error description",
"code": "error_code"
}
Available Endpoints
| Section | Base Path | Description |
|---|---|---|
| Products | /ec/v1/products | Product catalog |
| Orders | /ec/v1/orders | Order management |
| Cart | /ec/v1/cart | Shopping cart |
| Categories | /ec/v1/categories | Product categories |
| Coupons | /ec/v1/coupons | Coupon management |
| Reviews | /ec/v1/reviews | Product reviews |
| Customers | /ec/v1/customers | Customer data |
| Settings | /ec/v1/settings | Store settings |
Rate Limiting
The API does not impose rate limits by default. Use the API Protection theme module for rate limiting.
CORS
CORS headers are controlled by WordPress. For headless setups, configure allowed origins in your server configuration.