You installed Mautic. You installed a plugin that connects it to WooCommerce. You hit “Connect” and nothing happens. Sound familiar?
Here’s the thing most people don’t realize: Mautic ships with its API completely disabled. It’s a security decision, and it makes sense. But it means that before any external tool can talk to your Mautic instance, including WordPress plugins, Zapier, or custom scripts, you need to manually flip the switch.
This guide walks you through exactly how to enable the Mautic API for WooCommerce integrations. It takes about two minutes.
Why Is the Mautic API Disabled by Default?
Mautic keeps the API off as a security precaution. If you’re only using Mautic through its web interface, there’s no reason to expose an API endpoint to the outside world. Every open endpoint is a potential attack surface.
But the moment you want to connect Mautic to another system, like your WooCommerce store, the API is the bridge. Your integration plugin sends customer data, order details, and contact updates through that API. Without it enabled, there’s simply no way for WooCommerce to communicate with Mautic.
Step-by-Step: Enable the Mautic API
Follow these steps in order. You’ll need admin access to your Mautic instance.
1. Log Into Mautic as an Admin
Head to your Mautic URL and sign in with an account that has full administrator privileges. Standard user accounts won’t have access to the configuration settings you need.
2. Open the Configuration Panel
Click the gear icon in the top-right corner of the Mautic dashboard. From the dropdown, select Configuration. This opens the main settings area where all the system-level options live.
3. Navigate to API Settings
In the left sidebar of the Configuration page, click API Settings. This is a dedicated section just for controlling API access.
4. Toggle “API Enabled” to Yes
You’ll see a toggle labeled API enabled. Switch it to Yes. This is the main switch that opens the API for external connections.
5. Choose Your Authentication Method
Mautic supports two authentication methods for API access. You need to pick one (or enable both).
Basic Auth is the simpler option. It sends your Mautic username and password with every API request. It’s quick to set up and works well for trusted server-to-server connections where both systems are under your control. If you go this route, toggle Enable HTTP basic auth to Yes on the same settings page.
OAuth2 is the more secure option and the one recommended for production environments. Instead of sending credentials with every request, it uses tokens that expire and can be revoked. It takes a few extra steps to configure, but it’s worth the added security.
6. Setting Up OAuth2 Credentials (If Using OAuth2)
If you chose OAuth2, you need to create API credentials that your WooCommerce plugin will use to authenticate.
- Go to Settings (gear icon) > API Credentials
- Click New to create a new OAuth2 client
- Give it a recognizable name, something like “WooCommerce Integration”
- Set the Redirect URI to your WordPress site’s callback URL (your plugin will tell you what this is in its settings page)
- Click Save & Close
- Copy the Client ID and Client Secret that Mautic generates. You’ll paste these into your WordPress plugin settings
7. Save Your Configuration
Back on the API Settings page, click Save (or the save button at the top right). Don’t skip this. Mautic won’t apply changes until you explicitly save.
Testing Your API Connection
Once the API is enabled, you’ll want to confirm it’s actually working before you start configuring your full integration.
If you’re using the Mautic Integration for WooCommerce plugin, the easiest way is to enter your credentials on the plugin’s settings page and click the Test Connection button. It will attempt an API call and tell you immediately whether the connection succeeded.
For a quick manual test, you can also use curl from the command line. If you enabled Basic Auth, try this:
curl -u your_username:your_password https://your-mautic-url.com/api/contacts?limit=1If you get back a JSON response with contact data (or an empty list), the API is working. If you get a 403 or “API disabled” error, something in the configuration didn’t save correctly.
Common Issues and How to Fix Them
Even with the steps above, a few things can trip you up. Here are the most common problems people run into.
API Is Enabled, but Basic Auth Isn’t
This is the number one mistake. You enable the API toggle but forget to also enable the “HTTP basic auth” toggle below it. Both need to be set to Yes if you’re using Basic Auth. Go back to API Settings and double-check.
Mautic Cache Needs Clearing
Mautic caches its configuration aggressively. If you just changed the API settings and things still aren’t working, try clearing the cache. You can do this through Settings > Clear Cache in the Mautic UI, or by deleting the contents of the var/cache directory in your Mautic installation via SSH.
Reverse Proxy Stripping Auth Headers
If your Mautic instance sits behind a reverse proxy like Nginx or a CDN like Cloudflare, the proxy might be stripping the Authorization header before it reaches Mautic. This causes every API request to fail with a 401 error even though your credentials are correct. Check your proxy configuration and make sure it passes the Authorization header through to the backend.
A Quick Note on Security
Both methods work, but they have different security profiles.
Basic Auth sends your username and password with every single request. That’s fine as long as you’re using HTTPS (and you absolutely should be). Never use Basic Auth over plain HTTP. Anyone monitoring the traffic could read your credentials in clear text.
OAuth2 is more secure by design. It uses short-lived access tokens instead of your actual credentials. Tokens can be revoked without changing your password, and they expire automatically. The tradeoff is a slightly more involved setup process. For a production WooCommerce store, OAuth2 is the better choice.
What to Do Next
With the Mautic API enabled and tested, you’re ready to connect it to your WooCommerce store. The API is just the foundation. The real value comes from syncing your customers, tracking their orders, and automating your marketing based on real purchase behavior.
For the full walkthrough on connecting everything, follow our step-by-step guide on connecting Mautic to WooCommerce. It covers installing the plugin, entering your API credentials, configuring contact sync, and verifying that data flows correctly between the two systems.
If you haven’t already, grab the Mautic Integration for WooCommerce plugin to handle the connection automatically. It manages OAuth2 tokens, syncs customer data on purchases, and gives you a clean settings interface right inside WordPress. No custom code or API wrangling required.
