Issues with the Woosage50Service Connecting to the Website

Issues with the Woosage50Service Connecting to the Website

Occasionally, Woosage50 encounters issue when the Woosage50Service tires to connect to the website. This is usually due to website or server security measures and common causes and solutions are:

  1. Server/site blocks API requests - solution is to is usually to whitelist  the IP address, Woosage endpoints or user agent (see below).
  2. Site is password protected - some methods of protecting a site from access (e.g. during development) will also block API access. If the the site has password protection via the .htaccess file this will block the Woosage API, so must be disabled.
  3. Server blocks Woosage API - this is less common and may require investigation by your website hosting provider (see note highlighted below).
Further guidance on how to resolve specific issues are shown below:
  1. Website caches APIs – solution is cache plugin dependant (more information in this article).
  2. Website blocks API requests - the solution is usually to whitelist the IP address, Woosage endpoints or Woosage user agent, as follows:
    1. Whitelist the IP address of the location where the Woosage50Service is installed (only applies if location has a static IP address, which business broadband usually does).
    2. Whitelist the Woosage API endpoints which will allow Woosage through, but still block others. Woosage endpoints are of the form https://[site-name]/wp-json/woosage/* (* is wildcard, which may be different, depending on security plugin)
    3. Whitelist Woosage User Agent - solution is security plugin dependant, but add Woosage/50 as an allowed user agent. If the problems persists try changing the UserAgent key in the appsettings.json file to one of the common browser user agents, such as Mozilla/5.0, AppleWebKit/537.36, Chrome/126.0.0.0 or Safari/537.36
  3. Website doesn’t allow basic authentication method – solution if to set service to authenticate using OAuth 1.0 instead of passing credentials as parameters. To do this open the file C:\Program Files \Woosage50Service\Woosage50Service\appsettings.json in Notepad, or a similar txt editor, as an Administrator, locate the the WcRestOptions section and change UseOAuth1 key value to true.
  4. Captcha mechanisms - these can be implemented on the server or website and are used block non-human traffic. API requests are often detected by captcha mechanisms and blocked.  Resolving this issue will depending the type of captcha and where is is implemented, but will usually involves whitelisting the IP address, Woosage endpoints or Woosage user agent as covered in Website block API requests above.
  5. Local DNS override - A local DNS setting for the website address will override the IP address set in the domain DNS records. To check/amend local settings:
    1. On Windows Server use Windows Administrative Tools > DNS
    2. On Windows 10/11 use Notepad (run as Administrator) to open C:\Windows\System32\drivers\etc\hosts (no extension)
Alert
Note: Following a change to hosting services using Goole Cloud Services in December 2025 the following issues were experienced
A new ModSecurity rule was  introduced that uses derived information about the source of a website request based on a “fingerprint” (JA4) and the rule determined that Woosage is presenting as “PowerShell-like”, which is being treated as malicious.  PowerShell is part of Microsoft .Net and is a scripting tool that can be used by hackers, so Woosage was being blocked following this change.

The Woosage50Service is built using the .Net framework so we cannot change how it is being presented (the fingerprint it is derived from multiple pieces of information about the applications environment), so the solution is to request that the web host or server provider does one of the following.
  1. Disable the rule for the IP address where the Woosage50Service is installed (Allowlist by IP) – PREFERRED OPTION (static IP address only)  
  2. Disable the rule for Woosage API endpoints [website-url]/wp-json/woosage/v1/[wildcard]   
  3. Adjust the rule to equate to “PowerShell-like JA4” ≠ “malicious”
  4. Disable the rule for the entire website

    • Related Articles

    • Installation and Setup of Woosage for Sage Accounting

      Woosage for Sage Accounting is intended to be a self-install application and everything you need to do this is contained is right here in just 4 easy steps. Install the Woosage plugin Add your subscription Identifier Authorise Woosage to access your ...

    • What is Woosage for Sage Accounting?

      Woosage is a plugin for your website that will integrate your WooCommerce shop with Sage Accounting (also known as Sage Business Cloud Accounting - formerly Sage One). Woosage Essentials Edition is available and has the following features: Imports ...

    • Woosage50 Website Cache Issues

      Woosage50 has a REST API that the Woosage50 Service uses to transfer data to and from the website via the Woosage50 plugin and it is important that the API is not cached by your website. Websites can cache pages and other data at the server level or ...

    • Resolving Woosag50 Remote Service Issues

      The Woosage50 plugin on the website interacts with a Windows service that runs remotely on your local network. The service, called Woosage50Service, runs in the background and acts as a bridge between Sage and your website. It runs continuously, ...

    • Create an optional Sage Accounting user for Woosage

      While this step is optional, we we recommend that you add a Woosage user to allow us to access Sage Accounting on your behalf when installing WoosageBCA or providing ongoing support. If you do not add an additional user for Woosage, then we will not ...