Dev news

Commit b36d3a2660 for woocommerce

commit b36d3a2660d033285b224a81152b04e36d9c3dcf
Author: Christopher Allford <6451942+ObliviousHarmony@users.noreply.github.com>
Date:   Mon Jan 26 12:54:56 2026 -0800

    Restrict per_page for Product & ProductReviews StoreAPI Endpoints (#61755)

    This commit removes the ability to make requests to "/wc/store/products" and "/wc/store/products/reviews"
    using a "per_page" parameter of 0. This would attempt to return ALL entries and was the documented
    behavior, however, it degrades performance and is inadvisable. Developers are now required to use
    pagination and the query is bounded between 1 and 100.

diff --git a/docs/apis/store-api/resources-endpoints/product-reviews.md b/docs/apis/store-api/resources-endpoints/product-reviews.md
index 204d9c442a..18068ae0be 100644
--- a/docs/apis/store-api/resources-endpoints/product-reviews.md
+++ b/docs/apis/store-api/resources-endpoints/product-reviews.md
@@ -14,7 +14,7 @@ GET /products/reviews?orderby=rating&order=desc
 | Attribute     | Type    | Required | Description                                                                                         |
 | :------------ | :------ | :------: | :-------------------------------------------------------------------------------------------------- |
 | `page`        | integer |    no    | Current page of the collection.                                                                     |
-| `per_page`    | integer |    no    | Maximum number of items to be returned in result set. Defaults to no limit if left blank.           |
+| `per_page`    | integer |    no    | Maximum number of items to be returned in result set.                                               |
 | `offset`      | integer |    no    | Offset the result set by a specific number of items.                                                |
 | `order`       | string  |    no    | Order sort attribute ascending or descending. Allowed values: `asc`, `desc`                         |
 | `orderby`     | string  |    no    | Sort collection by object attribute. Allowed values : `date`, `date_gmt`, `id`, `rating`, `product` |
diff --git a/plugins/woocommerce/changelog/61755-add-61481-minimum-query-per-page b/plugins/woocommerce/changelog/61755-add-61481-minimum-query-per-page
new file mode 100644
index 0000000000..a540fdc0d9
--- /dev/null
+++ b/plugins/woocommerce/changelog/61755-add-61481-minimum-query-per-page
@@ -0,0 +1,4 @@
+Significance: minor
+Type: tweak
+
+Limit `/products` and `/products/reviews` StoreAPI endpoints to 100 results per page.
diff --git a/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractTermsRoute.php b/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractTermsRoute.php
index 7b7f084fb9..db5e7a2b3b 100644
--- a/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractTermsRoute.php
+++ b/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractTermsRoute.php
@@ -38,7 +38,6 @@ abstract class AbstractTermsRoute extends AbstractRoute {
 			'description'       => __( 'Maximum number of items to be returned in result set. Defaults to no limit if left blank.', 'woocommerce' ),
 			'type'              => 'integer',
 			'minimum'           => 0,
-			'maximum'           => 100,
 			'sanitize_callback' => 'absint',
 			'validate_callback' => 'rest_validate_request_arg',
 		);
diff --git a/plugins/woocommerce/src/StoreApi/Routes/V1/ProductReviews.php b/plugins/woocommerce/src/StoreApi/Routes/V1/ProductReviews.php
index 59d77a1071..a54b1f7357 100644
--- a/plugins/woocommerce/src/StoreApi/Routes/V1/ProductReviews.php
+++ b/plugins/woocommerce/src/StoreApi/Routes/V1/ProductReviews.php
@@ -184,10 +184,10 @@ class ProductReviews extends AbstractRoute {
 		);

 		$params['per_page'] = array(
-			'description'       => __( 'Maximum number of items to be returned in result set. Defaults to no limit if left blank.', 'woocommerce' ),
+			'description'       => __( 'Maximum number of items to be returned in result set.', 'woocommerce' ),
 			'type'              => 'integer',
 			'default'           => 10,
-			'minimum'           => 0,
+			'minimum'           => 1,
 			'maximum'           => 100,
 			'sanitize_callback' => 'absint',
 			'validate_callback' => 'rest_validate_request_arg',
diff --git a/plugins/woocommerce/src/StoreApi/Routes/V1/Products.php b/plugins/woocommerce/src/StoreApi/Routes/V1/Products.php
index 5b95a87d81..78dc6c309e 100644
--- a/plugins/woocommerce/src/StoreApi/Routes/V1/Products.php
+++ b/plugins/woocommerce/src/StoreApi/Routes/V1/Products.php
@@ -142,10 +142,10 @@ class Products extends AbstractRoute {
 		);

 		$params['per_page'] = array(
-			'description'       => __( 'Maximum number of items to be returned in result set. Defaults to no limit if left blank.', 'woocommerce' ),
+			'description'       => __( 'Maximum number of items to be returned in result set.', 'woocommerce' ),
 			'type'              => 'integer',
 			'default'           => 10,
-			'minimum'           => 0,
+			'minimum'           => 1,
 			'maximum'           => 100,
 			'sanitize_callback' => 'absint',
 			'validate_callback' => 'rest_validate_request_arg',