Basic Auth Not Working

Having same problem… Basic Auth with V2 API was working fine until 4.7.1 upgrade (I think). Unfortunately I can’t revert since we’re on a managed WP site.

First problem is that the filter hook has changed name from json_authentication_errors to rest_authentication_errors for the built-in REST API in 4.7.+. That didn’t solve it but its the first step

I’ve hot wired authentication and still I’m getting 403 errors so either something in 4.7.1 broke the API or GoDaddy has blocked the API in their Managed WordPress offering.

Have deleted the old WP API V2 plugin, disabled and enabled the built-in API, etc. Setting up a case with GoDaddy as well.

Rather annoying to say the least since this has taken two of our apps down hard.

Just got off the phone with GoDaddy. They indicate they did not see anything on their end wrt server changes. We’re trying to hit a different non-godaddy hosted WP site to see if its in the WP API or actually something on the GoDaddy end.

WP 4.7.2 just came out – maybe it fixes this problem? Although I doubt it.

It’s either a GoDaddy problem or it is fixed by 4.7.2

Just tested the WP REST API on a WP 4.7.2 system on Lunarpages and no problems running simple endpoints. Sounds like GoDaddy is blocking access to the API.

I also have the same issue, I can get result go “GET” request using postman. When i try to make “POST” request, I get the following error.

{
  "code": "rest_cannot_delete",
  "message": "Sorry, you are not allowed to delete this post.",
  "data": {
    "status": 401
  }
}

After i did googling, I have got more suggestion specially to make changes on .htaccess file as follow.

RewriteEngine On
RewriteBase /speedy/
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /speedy/index.php [L]

“speedy” is my folder name for wordpress installation.
Anyone can help me?
I am using postman with Basic Auth with Authorization header.

I also have the same problem , please let me know if you have found the solutions.

same issue here

{
  "code": "rest_cannot_edit",
  "message": "Sorry, you are not allowed to delete this post.",
  "data": {
    "status": 401
  }
}

but i can do GET requests.

My problem was the same, and I did find a solution that may help others.

First, I was able to successfully and repeatedly GET a list of posts, and also GET a specific post in VIEW and EMBED context mode while debugging. I was NOT able to get the very same post in EDIT more, but as pointed out here I got a rest_cannot_edit error. This led me to believe there was a problem, since obviously the authentication code worked for the other calls.

As it turns out, once I refreshed my authentication code, it worked. I know the original authentication code was expired, but it still worked for the VIEW and EMBED, just not for the EDIT context. Maybe that is the real problem here as I would have expected it to not work at all. Or perhaps because I’m using Cloudflare, those calls were cached from earlier tests. I’m not sure. But IF you see this problem while testing, it’s worth trying to get a new authentication code and just try again.

(And of course make sure the user that got the authorization has the correct rights)

• This reply was modified 7 years, 6 months ago by andersheie.