Last Updated:
Screenshot of Quick Start

Using PHP to Retrieve Information from the Walmart.IO API

Morgan MacArthur

Your first step is to go to and sign up for API access.

Once you've done that, you will need to create public and private RSA keys in order to get a Consumer ID from Walmart.

When creating the keys, I recommend just using the Walmart steps exactly, you can use access to just about any Linux terminal you can find. I don't actually know if you need to password protect your keys, but I did simply because that's how Walmart shows to do it.

These are the commands to issue:

Generate key pair 2048 bit
$ openssl genrsa -des3 -out WM_IO_my_rsa_key_pair 2048 

Export private key WM_IO_private_key.pem
$ openssl pkcs8 -topk8 -inform PEM -in WM_IO_my_rsa_key_pair -outform PEM -out WM_IO_private_key.pem -nocrypt

Export public key WM_IO_public_key.pem
$ openssl rsa -in WM_IO_private_key.pem -pubout > WM_IO_public_key.pem

Copy and paste public key to Key upload page
$ cat WM_IO_public_key.pem

Note: Do not copy these two lines: -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----

Note: Using -des3 ensures that pem file generated in above step will be passphrase protected.

After you've done all this, you will have to note your keys and upload them to Walmart.IO. They will issue you a Consumer ID, which you will use to sign your requests later.

The required pieces to complete a request are:

  1. Your private key you created above
  2. Your Consumer ID that Walmart gives you
  3. You key version, as shown on your API profile page

You can see the code at

But to keep things simple, here it is. You simply need to download the phpseclib library from and extract the folders such that the includes in the code point to the folders in the extracted folder.


// You need the phpseclib folder extracted into your folder so that these includes work

$rsa = new Crypt_RSA();

// This is the example URL given on Walmart IO
$url = '';


// The timestamp needs to be an integer and lasts a minute or so
$timestamp = round(microtime(true) * 1000); //microtime();

// This is what you need to encrypt for Walmart to match and confirm the query is from you
$message = $consumerid . "\n" . $timestamp . "\n" . $keyversion . "\n";
$decodedPrivateKey = base64_decode($privatekey);

// All the encryption stuff happens here with phpseclib
$rsa->loadKey($decodedPrivateKey, CRYPT_RSA_PRIVATE_FORMAT_PKCS8);
$signature = base64_encode($rsa->sign($message));

// These headers are required for the lookup to succeed
$headers = array(
"WM_SEC.KEY_VERSION: {$keyversion}",
"WM_CONSUMER.ID: {$consumerid}",
"WM_SEC.AUTH_SIGNATURE: {$signature}",
"Accept: application/json"

// We use PHP cURL for the https connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);

// Now you can do as you wish with your $response
echo $response;