I have had customers make purchases recently and it seems like it is triggering new user stuff. Is this a wordpress issue or something with this plugin?
]]>Since updating from v3.4.0 to 3.5.1 I’m getting this error when trying to delete a post, using a custom python script. I’ve used this script for the past 16 mths without any issues, until this latest update.
Error msg:
Failed to delete post with id 873 on https://xxxxx.com. Status code: 401, Response: {"code":"rest_cannot_delete","message":"Sorry, you are not allowed to delete this post.","data":{"status":401}}
Reverting to v4.0 the error disappears.
The puzzling thing is that I can make posts ok with another custom script and it uses the same authentication details I use in my remove_post script.
Authentication code:
# Setup the authentication credentials
username = "xxxxx"
password = "xxxxxxxxxx"
token = base64.b64encode(f'{username}:{password}'.encode("utf-8")).decode("utf-8")
headers = {
"Authorization": "Basic " + token,
"Referer": "https://yahoo.com",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3",
}Hello!
I set up JWT authentication years ago for an external application of mine to update a specific blog post each day with new text content. It’s worked flawlessly all this time (so thank you for that)
…. until yesterday something broke for the first time in years.
I’ve inserted debug lines at every stage of the update process in my application:
- I send credentials and successfully get a valid jwt_token back
- Confirmed token received
- Send authentication request and get authorization token response
- Something went wrong! 401 – Unauthorized {“code”:”rest_cannot_edit”,”message”:”sorry, you are not allowed to edit this post.”,”data”:{“status:”:401}}
I’m using the standard: /wp-json/wp/v2/posts/{id} endpoint and the post permissions haven’t changed and the WP user has sufficient persmissions.
I saw that the plugin released a new version recently so I rolled back all plugins to a few days ago prior to your latest release but I’m still running into the error.
I’m going to continue to look for any other conflicting plugins or sources but I wanted to drop a line here to see if you have any recommendations or tests that I should run to narrow things down? All of the debugging I’ve done is on my application side parsing responses, are there any other logs on plugin side?
Thanks!
Evan
]]>I use a few custom scripts to upload and edit WP posts through the API, accessing post data, as well as custom post data and the media through the relevant APIs.
Since updating to 3.5 i’m getting 401 codes back. The only difference is the plugin version. I’ve testing downgrading and upgrading on two environments and it’s the plugin, not recent ACF changes.
How do I remove the miniOrange API Authentication Analytics banner that’s now on a lot of admin pages.
There aren’t screen options for it, or options in the settings of the plugin, or any mention of it in docs or FAQs.
The header is massive and unhelpful, please let me remove it easily.
It wasn’t there before, but now it looks like the screenshot. I didn’t issue an open API, I only use JWT tokens. Is this a hack?
If there is a way to block openAPI, please let me know.
]]>There is a mistake on line 28 of wp-rest-api-authentication/admin/partials/class-mo-api-authentication-admin-menu.php. A backslash ‘\’ was mistakenly used instead of a forward slash ‘/’.
The line require ‘auditing\class-mo-api-authentication-auditing.php’ should be require ‘auditing/class-mo-api-authentication-auditing.php’;
]]>Hi, when I want to set the basic authentification, nothing happen and in the console :
Uncaught ReferenceError: api_ajax_redir is not defined
onclick /wp-admin/admin.php?page=mo_api_authentication_settings&tab=config:1
Thanks
]]>Getting this error on accessing API. The API is standard Woocommerce API like wp-json/wc/v3/products/1347
When I disable the plugin then the API works fine. This was working fine until today morning though
{
“status”: “error”,
“error”: “Restricted”,
“error_description”: “Sorry, you are not allowed to access REST API.”,
“error_reason”: “With the free plan, only WordPress default endpoints can be authenticated. You can upgrade to the suitable premium plan to securely access the custom built or 3rd-party plugin endpoint.”
}
]]>Hi!
I’m trying to get a valid Token from my user. I’m able to generate a token but once generated, it is not a valid token. How can I generate a valid token?
Trying it with plugin validator:
[1] Get User Token from the Token Endpoint:
img: https://gyazo.com/976a531fc1956ea7e6e0797220b03664
[2] Check if token is valid:
img: https://gyazo.com/5034cb952725c2b3c32824b950117405
Trying it with my own fetch:
Step 1 (get token): https://gyazo.com/1e38f08392a6fad48c05c115300b9fe5
Step 2 (post to CTP named dashboard): https://gyazo.com/b704a0bdfe969ca503d44070d9d2c21c
After this step 2 fetch, i’ve also got an error (403): https://gyazo.com/018646563ab0c693890ce48ea7ac8399
Any one with an idea? I’m totally lost… Thanks
]]>Issue Description: The current implementation checks for authorization headers even when the request method is OPTIONS, which causes issues. Adding a check to return a 200 status code when the request method is OPTIONS will fix this issue. This only occurs when doing GET requests from different origins. (example: https://www.example.com requesting from api.example.com)
Error Response for Missing Authorization Header: The error response for a missing authorization header includes the following details:
- Status: error
- Error: MISSING_AUTHORIZATION_HEADER
- Code: 401
- Error Description: Authorization header not received. Either the authorization header was not sent or it was removed by your server due to security reasons.
Proposed Solution: Add a check in the code to return a 200 status code when the request method is OPTIONS. This will prevent the unnecessary checking for authorization headers in such cases.
Additional Resource: A helpful image that explains the process can be found at this link.
Solution example code (to be added to the files in (wp-content/plugins/wp-rest-api-authentication/admin/partials/flow)):
if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
$response = array(
'status' => 'success',
'message' => 'Preflight request accepted.',
'code' => '200',
);
wp_send_json($response, 200);
}I can’t access the plugin configuration page, I get a fatal error (both our staging and production sites).
/wp-admin/admin.php?page=mo_api_authentication_settings
There has been a critical error on this website. Please check your site admin email inbox for instructions.
Learn more about troubleshooting WordPress.
PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 67108872 bytes) in /kunder/ecosme_13771/ecosme_22146/public/wp-includes/class-wpdb.php on line 2321
Hi dear plugin author,
I want to create user with rest api could you please help me out how can do it.
Hi,
I cannot modify or publish on my site, because the update and publish features failed, I desactivated almost the plugins, it changed nothing,
Do you think I install your plugin that will resolve the problem ?
Than you very much !
On around February 21, the connection between my course platform (Thrive Apprentice, maintained by Thrive Themes) and my checkout software (ThriveCart) stopped working. I noticed that people who made purchases no longer got access to their courses. After Thrive Apprentice support investigated the situation, we found that the WordPress REST API Authentication Plugin is blocking the ThriveCart API connection.
If I disable your plugin, my connections work again as expected. When I re-enable your plugin, ThriveCart is no longer able to see my list of Thrive Apprentice courses in the product setup. So I cannot use your plugin until this issue is fixed.
I need to be able to exclude the?ThriveCart?API?from the WordPress REST API Authentication plugin. How do I do that?
]]>Hello I’m trying to integrate Obsidian with wordpress to be able to post directly from Obsidian.
I have successfully integrated with the WordPress REST API Authentication with the basic Authentication (used this site for steps). I also installed the WordPress Plugin and signed in to my profile. Now getting the error
“Cannot Read Properties of null WordPress (reading ‘ToString’)” in Obsidian. Not sure how to move forward, the process seemed simple.
I double checked login information, not sure what else the issue is
Thank you for your help.
]]>Hello I am quite new to wordpress and I am encountering an issue when I try to authorise the rest API.
My site is hosted on godaddy managed wordress, I retrieved my login credentials from the wordpress database.
However every time i enter my login details to test configuration It returns the following response.
{ “status”: “error”, “error”: “INVALID_USERNAME”, “code”: “400”, “error_description”: “Username Does not exist.” }
Can anyone please help in what might be the issue here?
To be clear this is using WordPress REST API Authentication plugin and in the configuration settings.
]]>Hello I encounter 401 error when providing correct credentials (admin + application pasword) in my python code. it is really simple and tries to upload a post.
The site is hosted on XAMPP with apache abd sql. localhost
]]>I want to get a bit of clarification on something. I have read a number of other support requests in this forum in which the response has said something like:
“the free plan of the plugin only supports the capabilities for authenticating WordPress native REST endpoints and the features for authenticating custom build or 3rd-party plugin endpoints along with more security are available in the pro plans only.
With the free plan, you can either only block them from access or open them publicly using their own default authentication if any.”
To me this seems to imply that we should be able to still create and use public rest routes with this plugin, correct?
We have a number of simple public rest routes that work totally fine when the plugin is off (no authentication or special user permissions needed whatsoever), but when the plugin is turned on (it is being used for completely unrelated purpose) these public rest routes now return a “Restricted” error. Is this the intended behavior? And if so how do we “open them publicly” again as is stated in the quote above is possible on the free plan?
]]>Not sure what happening here. Everything worked as expected a few days ago. But now when trying to post to my blogs with my scripts, I’m getting the error “Error No connection adapters were found”.
So I then tried one of the blogs and went through the Basic Authentication setup again. With “Test Configuration“, nothing happens. No errors, nothing to indicate the button even registered the click. There’s nothing in site error log either.
I’m pretty sure this has to do with some server change I’ve made in last few days, but can’t pin it down. Server is running WHM.
Anyone with a possible clue as to what’s happening? thanks
]]>I’m working with the miniOrange API authentication plugin locally in a headless wordpress set up with a React frontend. Making authenticated request for fetching and utilizing the token, works fine when tested on Postman, but when I run the implementation in the React app I get a CORS pre-flight error when trying access the API using Basic auth or JWT tokens
Using JWT authentication, I can successfully fetch the tokens but when I pass the tokens in the Bearer, I get the error above.
Here is my .htaccess:
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
Header set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type,Credentials"
</IfModule>
# END WordPress
# BEGIN enable-cors
# The directives (lines) between "BEGIN enable-cors" and "END enable-cors" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|woff2)$">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
</FilesMatch>
</IfModule>
# END enable-corsInitially I was getting a cors preflight Access-Control-Allow-Origin error but when I passed this values in the .htaccess and installed ENABLE CORS plugin it changed to the error I displayed above: Screenshot-2023-05-31-082317.png (640×69) (ibb.co)
]]>I am trying to get the posts using the /wp-json/wp/v2/posts endpoint. I am using the JWT Token approach. I have created the Token and it has passed all the checks from the plugins “Check Token” and “Test Configuration”
However, when I tried using postman, all I get is an Unauthorized error
{
“status”: “error”,
“error”: “UNAUTHORIZED”,
“error_description”: “Sorry, you are not allowed to access REST API”
}
Even if I use the wrong token it still says the same error. So I believe it’s not even going to the token validation phase.
I’ve also tried
- Deactivating plugins
- Deactivating themes
Nothing seems to change the error
]]>I am using the JWT method to access the REST API of https://askyourpharm.com/wp-json/wp/v2/posts
During the setup of the Token, it passed all the checks using the plugin’s “Check Token” and “Test Configuration” buttons.
Then when I tried to use it on Postman, I only ever get this error
{
“status”: “error”,
“error”: “UNAUTHORIZED”,
“error_description”: “Sorry, you are not allowed to access REST API”
}
I also tried to pass a wrong token just to see if the API would give me a different error, but it still gave me the same error.
Looking at the documentations, I couldn’t find much detail about this error
]]>WHY I CAN NOT DEACTIVE THIS PLUGIN OMG!!!!!!!!!!!!!!!!!!!!
]]>Hi, when I activate the plugin, I’m not able to use the native Zapier/Wordpress integration anymore. Is there any way to remedy this? ??
]]>When I click Test Configuration, nothing happens.
In the console I see the following message:
admin.php?page=mo_api_authentication_settings:616 GET https://freyya.ru/wp-json/wp/v2/posts?mo_rest_api_test_config=basic_auth 404
mo_rest_api_JWTtest_config_basic_auth @ admin.php?page=mo_api_authentication_settings:616
onclick @ admin.php?page=mo_api_authentication_settings:507
17:10:45.313 admin.php?page=mo_api_authentication_settings:619 error SyntaxError: Unexpected token ‘<‘, “)
at mo_rest_api_display_basic_auth_data (admin.php?page=mo_api_authentication_settings:648:21)
at admin.php?page=mo_api_authentication_settings:618:21
Hello,
When this plugin is activated it’s causing the following 401 on several resources.
{“status”:”error”,”error”:”MISSING_AUTHORIZATION_HEADER”,”code”:”401″,”error_description”:”Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons.”}
Our headers have:
add_header Access-Control-Allow-Headers “Authorization”;
Hey there !
I’m looking for a REST API Plugin that would allow to fill Yoast fields such as Focus Keyword, Meta Description and Meta Title.
Would it be possible to do so with your plugin ?
Cheers,
Chris
]]>hello, I installed the plugin in wordpress and in the protected pages the options call returns a 401.
I make the calls in this way:
const response = await fetch(ruta_api, {
method:'GET',
headers:{
//'authorization': 'Bearer ' + token,
authorization: 'Basic cm9pc2Nyb2xsOmQzczRycjBsbDAu',
}
});And this is the htaccess
Header set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type,Credentials"And this is the response
Estado
401
Unauthorized
VersiónHTTP/2
Transferido460 B (tama?o 0 B)
Política de referenciastrict-origin-when-cross-origin
access-control-allow-credentials
true
access-control-allow-headers
X-Accept-Charset,X-Accept,Content-Type,Credentials
access-control-allow-methods
POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-origin
*
content-type
application/json; charset=UTF-8
date
Fri, 24 Feb 2023 10:21:43 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
X-Firefox-Spdy
h2
x-powered-by
PHP/8.1.16
Accept
*/*
Accept-Encoding
gzip, deflate, br
Accept-Language
es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Connection
keep-alive
Host
roiscroll.dev
Origin
http://rs.test:3000
Referer
https://rs.test:3000/
Sec-Fetch-Dest
empty
Sec-Fetch-Mode
cors
Sec-Fetch-Site
cross-site
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0Hi Team,
I’m unable to test the JWT Authentication method from the Configuration Overview page. The Get User Token from the Token Endpoint configuration fails with the error.{ "code": "not-logged-in", "message": "REST API Requests must be authenticated because All-In-One Intranet is active", "data": { "status": 401 } }
I suspect there is a conflict with the All-In-One Intranet plugin. When I turn off the plugin, the test is successful, but when the plugin is reactivated the test fails.
Please help!
Ade.
]]>