How to Get WooCommerce API Keys for Migration
Step-by-step guide to creating WooCommerce REST API keys (Consumer Key and Consumer Secret) needed to connect your store to migration tools, import products, and sync data.
Passos neste guia
- 1Log in to your WordPress admin
- 2Navigate to WooCommerce Settings
- 3Go to the Advanced tab
- 4Create a new API key
- 5Fill in the API key details
- 6Generate the API key
- 7Test your API keys
- 8Troubleshoot common issues
WooCommerce API keys (Consumer Key and Consumer Secret) are the credentials that allow external tools to read your store's product data via the WooCommerce REST API. You'll need these to connect k-sync or any other migration tool to your WooCommerce store.
The process takes about 5 minutes. Follow the steps above to generate your keys, then enter them in your migration tool's connection settings.
Security best practices
- Use Read-only permissions for migration imports — you don't need Write access to import products from WooCommerce to Shopify
- Create a dedicated key for each tool — don't reuse the same key for multiple applications
- Revoke keys after use — delete migration keys once your data import is complete
- Never share keys publicly — don't include API keys in screenshots, support tickets, or GitHub repositories
- Store keys in a password manager — you cannot retrieve the Consumer Secret after closing the generation page
What data can the API access?
With Read permissions, the WooCommerce API can access:
- Products (titles, descriptions, prices, images, SKUs, stock levels, variants)
- Product categories and tags
- Product attributes and attribute values
- Shipping classes
- Tax rates and classes
- Customer data (name, email, address — if given Read access)
- Orders (if given Read access)
The API does not expose:
- Customer passwords
- Payment gateway credentials or card data
- WordPress admin credentials
- Server configuration or file system access
WooCommerce API versions
WooCommerce REST API has multiple versions. Migration tools should use v3 (the current version) — it's available on all WooCommerce versions from 2.6 onwards. If your WooCommerce is very old (pre-2.6), the API is not available and you'll need to update WooCommerce first or use a CSV export instead.
API v1 and v2 are legacy and deprecated. Always use v3 for new connections.
Passo a passo
Log in to your WordPress admin
Open your browser and go to your WordPress admin dashboard. The URL is typically yourdomain.com/wp-admin. Log in with your WordPress administrator credentials. You must be logged in as an administrator to generate API keys — Editor or Shop Manager roles cannot create API keys.
Navigate to WooCommerce Settings
In the WordPress admin sidebar, hover over WooCommerce and click Settings. This opens the WooCommerce settings panel. If you don't see WooCommerce in the sidebar, the plugin may not be active — check Plugins → Installed Plugins and confirm WooCommerce is active.
Go to the Advanced tab
In the WooCommerce Settings page, click on the Advanced tab (top navigation row). You'll see several sections: Page setup, REST API, Webhooks, Legacy API, and more. Click on REST API in this section. Note: In older WooCommerce versions (before 3.4), the REST API settings were under the API tab, not Advanced.
Create a new API key
On the REST API page, you'll see a list of existing API keys (or an empty table if none exist). Click the Add key button in the top right corner. This opens the API key creation form.
Fill in the API key details
Complete the form with these details: Description — enter something identifiable like 'k-sync Migration Import' so you know what this key is for. User — select your WordPress administrator user (the user this key acts as; must have administrator privileges to access all product data). Permissions — select Read for read-only access (if you're only importing products from WooCommerce) or Read/Write if you need to update products or create webhooks. For migration imports, Read is sufficient and more secure.
Generate the API key
Click Generate API key. WooCommerce will immediately display your Consumer Key and Consumer Secret. These are shown only once — you cannot retrieve the Consumer Secret again after closing this page. Copy both values immediately and store them in a password manager or secure note. The Consumer Key looks like: ck_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. The Consumer Secret looks like: cs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Test your API keys
Verify the keys work before entering them in a migration tool. Open a new browser tab and go to: yourdomain.com/wp-json/wc/v3/products?consumer_key=ck_xxx&consumer_secret=cs_xxx (replace ck_xxx and cs_xxx with your actual keys). If you see a JSON response with product data, the keys are working. If you see a 401 Unauthorized error, the keys were not saved correctly — try regenerating. If you see a 404 error, the WooCommerce REST API may not be enabled or pretty permalinks may not be configured.
Troubleshoot common issues
If your API keys don't work, check these common causes: Permalinks not set — go to WordPress → Settings → Permalinks and save (even without changes) to flush rewrite rules. WooCommerce REST API requires pretty permalinks (anything other than Plain). Legacy API disabled — if using WooCommerce 3.x, check WooCommerce → Settings → Advanced → Legacy API is enabled. SSL certificate issues — if your WordPress site doesn't have HTTPS, some migration tools may refuse to connect. Install an SSL certificate or test with HTTP explicitly. Conflicting plugins — some security plugins (Wordfence, Sucuri) block REST API requests. Temporarily disable and test. HTTP Basic Auth conflict — some servers (especially Apache with FastCGI/FPM) strip Authorization headers. Contact your host or add this to .htaccess: SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
Faça você mesmo com k-sync — plano gratuito disponível
k-sync automatiza todo este guia. Conecte sua loja WooCommerce, valide produtos e publique no Shopify em minutos.
Começar gratuitamentePerguntas frequentes
Do I need Read or Read/Write permissions for migration?
Read is sufficient if you're only importing products from WooCommerce to Shopify using a tool like k-sync. Read/Write is needed if the migration tool creates webhooks in WooCommerce (for real-time sync) or if it needs to update product data in WooCommerce during the migration process. For a simple one-time import, Read is more secure.
What happens if I lose my Consumer Secret?
If you didn't copy the Consumer Secret when it was first generated, you cannot retrieve it. You'll need to revoke the existing key and generate a new one. Go to WooCommerce → Settings → Advanced → REST API, find your key in the list, and click the red Revoke button. Then create a new key following the steps above.
Is it safe to give migration tools my API keys?
Yes, as long as you're using a legitimate, reputable migration tool with a privacy policy. API keys with Read-only permissions can only read your product data — they cannot change your store, process orders, or access customer payment details. WooCommerce API keys do not expose customer passwords or Stripe/payment gateway credentials. As a precaution, revoke the API key after migration is complete.
How do I revoke an API key after migration?
After migration is complete, go to WooCommerce → Settings → Advanced → REST API. Find the key you created for migration in the list. Click the red Revoke button next to it. The key will be deleted immediately and can no longer be used. This is a good security practice — revoke any API keys you no longer need.
Can I use a WooCommerce Shop Manager account for API keys?
WooCommerce Shop Manager users can generate API keys, but their keys will have the same access level as their user role. Shop Managers can read most product data but may not have access to all settings or customer data. For migration purposes, using an Administrator account ensures complete data access. After migration, revoke the key regardless of which user generated it.
My WooCommerce site has a firewall — how do I allow API access?
If your WooCommerce site uses Cloudflare, Sucuri, or a server-level firewall, the migration tool's IP addresses may need to be whitelisted. Check your migration tool's documentation for their outbound IP addresses. Alternatively, temporarily set your firewall to 'audit mode' during migration (which logs but doesn't block requests) and re-enable full protection after. If using Cloudflare, check that the REST API endpoint (/wp-json/) is not behind a 'Challenge' or 'Block' rule.
What is the WooCommerce API base URL?
The WooCommerce REST API base URL is yourdomain.com/wp-json/wc/v3/. When entering connection details in a migration tool, use your store's root URL (https://yourdomain.com) — the tool will append /wp-json/wc/v3/ automatically. Do not include trailing slashes or the /wp-admin/ path. If your WordPress is installed in a subdirectory (e.g., yourdomain.com/shop/), the API URL would be yourdomain.com/shop/wp-json/wc/v3/ — enter yourdomain.com/shop/ as the base URL.
Artigos relacionados
Migrating a luggage and travel accessories store from WooCommerce to Shopify (2026)
How to migrate a luggage, travel bags, or travel accessories WooCommerce store to Shopify — luggage specifications, airline compliance, TSA lock, warranty and durability claims, and luggage retail Shopify setup.
Migrating a motorcycle accessories store from WooCommerce to Shopify (2026)
How to migrate a motorcycle accessories, biker gear, or motorbike parts WooCommerce store to Shopify — helmet safety standards, CE-rated protective clothing, type approval for parts, fitment compatibility, and motorcycle retail Shopify setup.