Doesn’t seem to work

  • Hi All,

    I am pretty new to WordPress but not new to REST API’s as a concept.

    I am currently using WP v4.9.5 (as stated on the ‘At a glance’ section of the dashboard in the admin panel) hosted on wpengine.com.

    Given the above version, I understand that the REST API’s starting from v4.7 onwards are available out of the box and no additional plugins are required. This being said, I proceeded to install the Application Passwords plugin as per the instructions on the same page to try out the basic authentication.

    I have a user ‘ApiUser’ in WordPress with ‘Admin’ role for which I generated a password that looked like:

    eref HgfY HKJH iuot REEt <-(fake password)

    I used an online tool to Base64Encode the username and newly generated password as follows:
    Base64Encoding of ‘ApiUser:erefHgfYHKJHiuotREEt’ results in ‘QXBpVXNlcjplcmVmSGdmWUhLSkhpdW90UkVFdA==’

    Using ‘Postman’ I set the Headers as follows:
    content-type:application/json
    authorization: basic QXBpVXNlcjplcmVmSGdmWUhLSkhpdW90UkVFdA==

    and made a simple GET request to:
    https://mywebsite.wpengine.com/wp-json/wp/v2/users
    https://mywebsite.wpengine.com/wp-json/wp/v2/pages

    The response I get is 401 Unauthorized

    I was wondering if I was on the right track or if there was something that I was missing out on. Basically I am trying to access site content via the API’s

    • This topic was modified 6 years, 10 months ago by webnoel.
Viewing 1 replies (of 1 total)

  • So, for anyone else who stumbles across this post experiencing similar results:

    I dug through the source code a little (both the plugin and core) to get a better understanding of how to use this with custom endpoints. There’s good news and bad news.

    The good news is that this plugin can definitely be used with your custom endpoints. The bad news is that it’s convoluted as all get out; at least it has been for me up until the time of writing this.

    Long story short:

    Make sure you’re registering your REST endpoints using an action hook on rest_api_init. I created a custom wrapper function to retrieve the current user (wp_get_current_user()), which checks the returned WP_User instance’s ID property. If it’s 0, then I directly invoke the Application_Passwords::fallback_populate_username_password() method and call the user retrieval function again. If the authorization header is populated with a legitimate user:pass base64 encoded pair, then you should get back the corresponding user for that WP_User instance. Even then, it only seems to work with an account with elevated privileges. I tried using this with an account with a specific custom role, to no avail.

    If anyone cares to chime in and offer a better way of achieving the desired result, please do. Because, I have either a plugin and/or configuration setting that is tripping up the precedence of this plugin’s registered actions/filters to facilitate all of the proper authentication.

    This could also be due to me registering these endpoints outside of a plugin, from my functions.php file. But, I haven’t gotten that far, yet. This works for what I need.

    • This reply was modified 6 years, 6 months ago by Erutan409. Reason: syntax highlihting
Viewing 1 replies (of 1 total)
  • The topic ‘Doesn’t seem to work’ is closed to new replies.