I am using the Automattic Client to connect to wooCommerce Rest API and most of the requests work fine. Usually I am using the Endpoint wc/v3 but I changed to wp/v2 since it seems that user/customer roles can only be edited with this one and we need to edit them through API now.
Calling the Url https://my_webshop/wp-json/wp/v2/users/{user_id} always results in rest_user_cannot_view - Sorry, you are not allowed to list users.
The following Code is used to connect to the client:
$options = array(
'return_as_array' => false,
'validate_url' => false,
'timeout' => 30,
'ssl_verify' => false,
'version' => "wp/v2" //added to access user endpoint
);
//$options['query_string_auth'] = "true"; //tried this one because other posts said query string authentication may help
$client= new Client(
$store_url,
$consumer_key,
$consumer_secret,
$options
);
$client->get("users/{user_id}");
I also tried using username/password instead of consumer_key and secret but still no success.
According to the authentication documentation Basic Authentication should work fine.
Using the X-WP-Nonce and Cookie from the result headers after a browser client login and adding them to the client headers lists the expected users but only as long as the current browser session is logged in.
I guess if there is a way to get these parameters through API that would work too but I haven't found a way to do that yet.
Workaround (from Mayrhofer): I found a solution using the WordPress REST API Authentication plugin by miniOrange. If the installed client authentication is selected, then the process works using the webshop's client credentials (not the key & secret). I still don't know why its not working with key/secret but at least I can update the groups now.