I am wondering how I can integrate with our dropshipper to be able to allow them to Push inventory levels, Push Tracking information and pull orders. They are requesting for a API Consumer Key and Consumer Secret as well as for the Mysql database name, Mysql ip address (the machine where the DB resides), Mysql username, Mysql password. I am having trouble finding the steps to take so I can give them access to what they need without causing any vulnerabilities, risks or giving them access to important data. All we want to do is let them do is just these 3 things: push inventory levels to our database, pull any orders that contain at least 1 of their SKUs from our woocommerce, push tracking # our woocommerce shop , once they fulfill the orders
Hi jaimesrubisel welcome to the forum
The first thing to check is to make sure you can GRANT
https://dev.mysql.com/doc/refman/8.0/en/grant.html
Databases are normally only accessible within an isolated network. Under most circumstances this would mean providing the vendor with ssh info and the database credentials. Providing a vendor with that information is a huge security vulnerability and likely a violation of your ITs department policies. What the vendor is asking for are credentials to an API that would allow the vendor to perform the specific tasks which they have requested. Not to mention you should make this process as simple as possible. Having your vendor weed through the meaning/architecture of your database set-up is an exercise in futility and frustration. Especially if those vendor(s) are not familiar with your CMS and plugins. There is much lower risk overall to build a simple API to abstracts away all the complexity of wordpress and woocommerce. I’ve dealt with these requests before where the sales people have told the vendor that they will be provided with direct database access. I explained to them why that is incorrect and worked with the vendor to provide a secure and more straight forward solution than just giving them access to the database. Just giving a company access to a database which they are not familiar is going to result in problems.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.