Order Daemon

Sign in
Install free

DOCS

DOCS
⌘K
v1.3.28
 // Pro v1.2.20

 · Latest

Navigation

Docs/API Reference/REST API Overview

REST API Overview

Order Daemon provides a REST API for managing automation rules, accessing audit logs, and handling webhook integrations. The API follows WordPress REST conventions and integrates with the WP REST API infrastructure.

Base URL and authentication

Base URL: /wp-json/odcm/v1/

Most endpoints require manage_woocommerce capability (Admin or Shop Manager). The Audit Log API uses the lower view_woocommerce_reports capability for GET requests. Webhook receive endpoints are public but validate gateway signatures.

From a WordPress admin page (nonce)

The recommended approach for JavaScript running inside WP admin. Nonces expire after 24 hours and are tied to the logged-in session.

// wp.apiFetch handles the nonce automatically via wpApiSettings
wp.apiFetch({
  path: '/odcm/v1/rule-builder/components',
  method: 'GET',
}).then(data => console.log(data.triggers));

// For raw fetch, pass the nonce explicitly:
fetch('/wp-json/odcm/v1/rule-builder/components', {
  headers: { 'X-WP-Nonce': wpApiSettings.nonce }
});

From an external application (application passwords)

Generate an application password in WP Admin → Users → Edit User → Application Passwords. The password is shown once – copy it including spaces.

# Basic auth: base64("username:app_password")
curl "https://yoursite.com/wp-json/odcm/v1/rule-builder/components" 
  -u "your-username:xxxx xxxx xxxx xxxx xxxx xxxx"
const response = await fetch('https://yoursite.com/wp-json/odcm/v1/rule-builder/components', {
  headers: {
    'Authorization': 'Basic ' + btoa('your-username:xxxx xxxx xxxx xxxx xxxx xxxx'),
    'Content-Type': 'application/json',
  }
});

Warning: Application passwords require HTTPS. Never embed credentials in client-side code or version control.

API sections

Rule management API

Endpoint base: /wp-json/odcm/v1/rule-builder

Manage automation rules programmatically – create, read, update, and delete rules; discover available components.

Common uses: sync rule configurations between environments, build custom rule management dashboards, automate rule deployment in CI/CD.

Full documentation →

Audit Log API

Endpoint base: /wp-json/odcm/v1/audit-log

Access the complete audit trail of automation activities with filtering and search.

Common uses: external monitoring dashboards, compliance reporting, integrating logs with external systems.

Full documentation →

Webhooks API

Endpoint base: /wp-json/odcm/v1/webhooks/

Receive and process webhook events from external services (payment gateways, automation platforms).

Common uses: connect payment gateways for enhanced order processing, integrate with Zapier/Make.com, build custom external triggers.

Full documentation →

Pro API

Endpoint base: /wp-json/odcm-pro/v1/

Advanced features and debugging capabilities available in Order Daemon Pro.

Common uses: test rules against specific orders, debug complex automation scenarios, access advanced filtering.

Full documentation →

Response format

Response shapes vary by endpoint – there is no single envelope wrapper across all API sections. Refer to each endpoint’s documentation for its exact response structure. Examples:

  • GET /rule-builder/components returns {triggers, conditions, primaryActions, secondaryActions, meta} directly
  • GET /rule/{id} returns rule data directly
  • POST /rule/{id} returns {success, message, rule_id, audit_logged}
  • GET /audit-log returns {logs, pagination, filters, meta}

Error responses from WordPress REST follow its standard format:

{
  "code": "error_code",
  "message": "Human-readable description",
  "data": { "status": 403 }
}

HTTP status codes

CodeMeaning
200Success
201Created
400Bad request – invalid parameters
401Unauthorized – authentication required
403Forbidden – insufficient permissions or Pro feature without entitlement
404Not found
500Internal server error

Permission denied (403):

{
  "code": "rest_forbidden",
  "message": "Sorry, you are not allowed to do this.",
  "data": { "status": 403 }
}

Versioning

  • Current version: v1
  • Breaking changes increment the version number
  • Backward compatibility is maintained within major versions
  • Deprecated endpoints show warnings before removal

Security

  • All endpoints follow WordPress security best practices
  • User capabilities strictly enforced
  • Webhook endpoints include signature validation where supported
  • Admin operations require nonce verification
  • Sensitive data is never exposed in responses
← PreviousPro APINext →Rules Management API
Last updated 27 May 2026Edit this page on GitHub

Table of Contents

Base URL and authenticationFrom a WordPress admin page (nonce)From an external application (application passwords)API sectionsRule management APIAudit Log APIWebhooks APIPro APIResponse formatHTTP status codesVersioningSecurity