With the recent WooCommerce Security Vulnerability, WooCommerce is today recommending that all WooCommerce users rotate any WooCommerce REST API Keys.

WooCommerce Zapier (plugin version 2 and newer) uses WooCommerce REST API keys. This means that it is recommended that all WooCommerce Zapier users revoke any WooCommerce Zapier REST API Keys.

Once you have revoked all of your Zapier API Keys, then they will automatically be re-generated by Zapier when required without any manual intervention.

Note: Keys are only generated when an Action (incoming connection happens). So triggers continuously will work even no new keys are generated.

To revoke all keys, you have two options:

Option 1: Manually Revoke All Zapier Keys

Please log into your WooCommerce store, and then go to WordPress DashboardSide MenuWooCommerceSettings screen → Advanced tab → REST API.

On that screen, look for any existing REST API Keys with a description containing Zapier,  and then click the Revoke option for each.

Ensure that there are no more Zapier Read/Write API keys listed on the screen.

Important: Do not edit or delete any Webhooks. Please see the Troubleshooting in our documentation if you accidentally deleted a Webhook.

Option 2: Update to WooCommerce Zapier 2.2.1

Today we have released version 2.2.1 of the WooCommerce Zapier plugin.

If you update to this new version, it will automatically revoke all existing WooCommerce Zapier API Keys.

After updating, please go to your WordPress DashboardSide MenuWooCommerceSettings screen → Advanced tab → REST API screen and verify that there are no Zapier Read/Write API keys listed on the screen.

We hope today’s WooCommerce Zapier release helps you respond to the WooCommerce Vulnerability. If you haven’t already, please review their announcement post and suggested actions.

The full changelog for version 2.2.1 is:

Update today!

You can install the latest plugin version via your WordPress dashboard or the WooCommerce.com my account page.