REST API request blocked by itsec_rest_api_access_restricted

  • Resolved Akkon

    (@akkon)


    6 months, 3 weeks ago

    Hi,
    I am using Solid security plugin and I found out a problem when using REST API (via JWT token). I have to mention I set the Restricted Access in Advanced settings.

    But after that, I cannot access (even when logged in) the node /wp-json/wp/v2/categories or /wp-json/wp/v2/taxonomies/category – both return itsec_rest_api_access_restricted error. Only way how I can achieve the result is adding manage_categories capability, which does not suit my case – I want this user / role to allow reading categories only, not managing. Is there any change I can make so the categories can be accessible via API (after logging in)

    Thank you for your advice

    • This topic was modified 6 months, 3 weeks ago by Akkon.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @akkon, great to see you here.

    If I’m understanding correctly, you’re looking to do two things simultaneously: (1)allow specific endpoints as read-only and (2) restrict REST API access generally with Solid Security.

    That may be possible with some custom code. Solid Security’s REST API setting uses the rest_dispatch_request filter, so you can try testing if that can be used to modify the setting’s behavior. Essentially, you’d want to tag on after (with a later priority) an additional call to that filter, and designate the specific endpoints as read-only. Then the Solid Security setting will handle the bulk of the restriction, and your custom code snippet would handle changing the “manage_categories” to instead be read-only.

    I’ve discussed this with our team and we can definitely write this up as a feature request. For now the only options other than a custom-coded solution are to either allow default access to REST API or to allow manage_categories capabilities for those roles.

    Hope this helps!

    Thread Starter Akkon

    (@akkon)

    hello @shanedelierrr,
    thank you for your reply. I’ve just temporarily added an exception to rest_dispatch_request filter so now it works.

    Looking forward to have proper solution via Solid security plugin in the future.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘REST API request blocked by itsec_rest_api_access_restricted’ is closed to new replies.